Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21506

21506 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-13648 STORED CROSS-SITE SCRIPTING (XSS) ON MICROCOM'S ZEUSWEB — ZeusWeb 5.4AIMediumAI2026-02-11
CVE-2026-0815 Category Image <= 2.0 - Authenticated (Editor+) Stored Cross-Site Scripting via 'tag-image' Parameter — Category Image 4.4 Medium2026-02-11
CVE-2026-1827 IDE Micro code-editor <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Shortcode Attribute — IDE Micro code-editor 6.4 Medium2026-02-11
CVE-2026-1826 OpenPOS Lite <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — OpenPOS Lite – Point of Sale for WooCommerce 6.4 Medium2026-02-11
CVE-2026-1809 HTML Shortcodes <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — HTML Shortcodes 6.4 Medium2026-02-11
CVE-2026-0724 WPlyr Media Block <= 1.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via '_wplyr_accent_color' Parameter — WPlyr Media Block 4.4 Medium2026-02-11
CVE-2026-1804 WDES Responsive Popup <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'attr' Shortcode Attribute — WDES Responsive Popup 6.4 Medium2026-02-11
CVE-2026-1821 Microtango <= 0.9.29 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — Microtango 6.4 Medium2026-02-11
CVE-2026-1853 BuddyHolis ListSearch <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'placeholder' Shortcode Attribute — BuddyHolis ListSearch 6.4 Medium2026-02-11
CVE-2026-1885 Slideshow Wp <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sswp-slide' Shortcode 'sswpid' Attribute — Slideshow Wp 6.4 Medium2026-02-11
CVE-2025-15440 iONE360 configurator <= 2.0.57 - Unauthenticated Stored Cross-Site Scripting via Contact Form Parameters — iONE360 configurator 7.2 High2026-02-11
CVE-2025-10913 XSS in saastech.io's TemizlikYolda — TemizlikYolda 8.3 High2026-02-11
CVE-2026-1893 Orbisius Random Name Generator <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'btn_label' Shortcode Attribute — Orbisius Random Name Generator 6.4 Medium2026-02-11
CVE-2026-1231 Beaver Builder Page Builder – Drag and Drop Website Builder <= 2.10.0.5 - Authenticated (Custom+) Missing Authorization to Stored Cross-Site Scripting via Global Settings — Beaver Builder Page Builder – Drag and Drop Website Builder 6.4 Medium2026-02-11
CVE-2026-1571 Reflected XSS Vulnerability on TP-Link Archer C60 — Archer C60 v3 6.1AIMediumAI2026-02-11
CVE-2026-21529 Azure HDInsight Spoofing Vulnerability — Azure HDInsight 5.7 Medium2026-02-10
CVE-2026-24045 Docmost Affected by Stored XSS in Public Share Page — docmost 7.3 High2026-02-10
CVE-2025-52436 Fortinet FortiSandbox 跨站脚本漏洞 — FortiSandbox 7.9 High2026-02-10
CVE-2025-11004 Reflected XSS vulnerability in Simplicity Device Manager tool — Simplicity Device Manager 6.3AIMediumAI2026-02-10
CVE-2025-40587 Siemens Polarion 跨站脚本漏洞 — Polarion V2404 7.6 High2026-02-10
CVE-2026-1922 The Events Calendar Shortcode & Block <= 3.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — The Events Calendar Shortcode & Block 6.4 Medium2026-02-10
CVE-2026-1866 Name Directory <= 1.32.0 - Unauthenticated Stored Cross-Site Scripting via Double HTML-Entity Encoding in Submission Form — Name Directory 7.2 High2026-02-10
CVE-2026-2099 Flowring|AgentFlow - Stored Cross-Site Scripting — AgentFlow 5.4 Medium2026-02-10
CVE-2026-2098 Flowring|AgentFlow - Reflected Cross-site Scripting — AgentFlow 6.1 Medium2026-02-10
CVE-2026-0996 Fluent Forms <= 6.1.14 - Authenticated (Subscriber+) Stored Cross-Site Scripting via AI Form Builder Module — Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder 6.4 Medium2026-02-10
CVE-2026-24325 Cross Site Scripting (XSS) vulnerability in SAP BusinessObjects Enterprise (Central Management Console) — SAP BusinessObjects Enterprise (Central Management Console) 4.8 Medium2026-02-10
CVE-2026-0505 Multiple vulnerabilities in BSP Applications of SAP Document Management System — SAP Document Management System 6.1 Medium2026-02-10
CVE-2026-25496 Craft has a stored XSS in Number Prefix & Suffix Fields — cms 5.4AIMediumAI2026-02-09
CVE-2026-25491 Craft has a Stored XSS in Entry Types Name — cms 5.4AIMediumAI2026-02-09
CVE-2026-25230 FileRise affected by HTML Injection using color property in file tags — FileRise 4.6 Medium2026-02-09

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21506 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.