Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21506

21506 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-25642 HedgeDoc security headers for uploaded files were not working — hedgedoc 4.3 Medium2026-02-06
CVE-2026-22254 Winter Affected by Stored Cross-Site Scripting (XSS) in Asset Manager — winter--2026-02-06
CVE-2026-25647 Lute has a Stored Cross-Site Scripting (XSS) via Markdown hyperlink — siyuan 4.6 Medium2026-02-06
CVE-2026-24050 Zulip affected by Stored XSS in user profile modal — zulip 5.4AIMediumAI2026-02-06
CVE-2026-24903 OrcaStatLLM Researcher Stored Cross-Site Scripting (XSS) via Log Message Injection in Session Page — OrcaStatLLM-Researcher 5.4AIMediumAI2026-02-06
CVE-2026-1769 Stored XSS on Xerox CentreWare Web 7.0.6 — CentreWare 5.3 Medium2026-02-06
CVE-2026-23738 The Asterisk embedded web server 's /httpstatus page echos user supplied values(cookie and query string) without sanitization — asterisk 3.5 Low2026-02-06
CVE-2019-25301 thrsrossi Millhouse-Project 1.414 - 'content' Persistent Cross-Site Scripting — Millhouse Project 6.4 Medium2026-02-06
CVE-2019-25294 html5_snmp 1.11 - 'Remark' Persistent Cross-Site Scripting — html5_snmp 6.1 Medium2026-02-06
CVE-2025-13523 Cross-Site Scripting (XSS) via Unescaped Display Names in Mattermost Confluence Plugin OAuth2 Flow — Mattermost Confluence Plugin 7.7 High2026-02-06
CVE-2026-1293 Yoast SEO <= 26.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'yoast-schema' Block Attribute — Yoast SEO – Advanced SEO with real-time guidance and built-in AI 6.4 Medium2026-02-06
CVE-2026-1252 Events Listing Widget <= 1.3.4 - Authenticated (Author+) Stored Cross-Site Scripting via Event URL Field — Events Listing Widget 6.4 Medium2026-02-06
CVE-2026-1279 Employee Directory <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'form_title' Shortcode Attribute — Employee Directory – Staff Directory and Listing 6.4 Medium2026-02-06
CVE-2026-1909 WaveSurfer-WP <= 2.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'src' Shortcode Attribute — WaveSurfer-WP 6.4 Medium2026-02-06
CVE-2026-1401 Tune Library <= 1.6.3 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via CSV Import — Tune Library 6.4 Medium2026-02-06
CVE-2026-1808 Orange Confort+ accessibility toolbar for WordPress <= 0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — Orange Comfort+ accessibility toolbar for WordPress 6.4 Medium2026-02-06
CVE-2026-1888 Docus <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — Docus – YouTube Video Playlist 6.4 Medium2026-02-06
CVE-2026-0521 Reflected Cross-Site Scripting in PDF Export Error Message — MAP+ 6.1AIMediumAI2026-02-06
CVE-2026-1971 Edimax BR-6288ACL wiz_WISP24gmanual.asp wiz_WISP24gmanual cross site scripting — BR-6288ACL 2.4 Low2026-02-06
CVE-2020-37148 P5 FNIP-8x16A/FNIP-4xSH 1.0.20, 1.0.11 - Stored Cross-Site Scripting (XSS) — FNIP-8x16A 3.5 Low2026-02-05
CVE-2020-37152 PHP-Fusion 9.03.50 panels.php - Cross-Site Scripting (XSS) — PHP-Fusion 5.4AIMediumAI2026-02-05
CVE-2026-1654 Peter's Date Countdown <= 2.0.0 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] — Peter’s Date Countdown 6.1 Medium2026-02-05
CVE-2026-1319 Robin Image Optimizer <= 2.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via Image Alternative Text Field — Robin Image Optimizer – Unlimited Image Optimization & WebP Converter 6.4 Medium2026-02-05
CVE-2026-1268 Dynamic Widget Content <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Content Field — Dynamic Widget Content 6.4 Medium2026-02-05
CVE-2026-0867 Essential Widgets <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes — Essential Widgets 6.4 Medium2026-02-05
CVE-2026-1953 Stored Cross Site Scripting(XSS) in Nukegraphic CMS V3.1.2 — Nukegraphic CMS 5.4AIMediumAI2026-02-05
CVE-2026-0947 AT Internet Piano Analytics - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-004 — AT Internet Piano Analytics 6.1AIMediumAI2026-02-04
CVE-2026-0946 AT Internet SmartTag - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-003 — AT Internet SmartTag 6.1AIMediumAI2026-02-04
CVE-2026-25051 n8n Improper CSP Enforcement in Webhook Responses May Allow Stored XSS — n8n 5.4AIMediumAI2026-02-04
CVE-2026-0873 Privilege Elevation in Ercom Cryptobox administration console — Cryptobox 7.2AIHighAI2026-02-04

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21506 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.