Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21491

21491 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-1572 Livemesh Addons by Elementor <= 9.0 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via Plugin Settings — Livemesh Addons by Elementor 6.4 Medium2026-04-16
CVE-2026-3551 Custom New User Notification <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'User Mail Subject' Setting — Custom New User Notification 4.4 Medium2026-04-16
CVE-2026-5070 Vantage <= 1.20.32 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Block Text Content — Vantage 6.4 Medium2026-04-16
CVE-2026-3878 WP Docs <= 2.2.9 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'wpdocs_options[icon_size]' — WP Docs 6.4 Medium2026-04-16
CVE-2026-4032 CodeColorer <= 0.10.1 - Unauthenticated Stored Cross-Site Scripting via 'class' attribute in 'cc' Comment Shortcode — CodeColorer 6.1 Medium2026-04-16
CVE-2026-3885 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_box Shortcode — WP Shortcodes Plugin — Shortcodes Ultimate 6.4 Medium2026-04-16
CVE-2026-3299 WP YouTube Lyte <= 1.7.29 - Authenticated (Contributor+) Stored Cross-Site Scripting via lyte Shortcode — WP YouTube Lyte 6.4 Medium2026-04-16
CVE-2026-40179 Prometheus: Stored XSS via metric names and label values in web UI tooltips and metrics explorer — prometheus 6.1 -2026-04-15
CVE-2026-1711 Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-Site Scripting vulnerability in a user interface component. Requires a high privileged user with a developer role. — Pega Infinity 4.8 -2026-04-15
CVE-2026-40186 ApostropheCMS: sanitize-html allowedTags Bypass via Entity-Decoded Text in nonTextTags Elements — apostrophe 6.1 Medium2026-04-15
CVE-2026-35569 ApostropheCMS: Stored XSS in SEO Fields Leads to Authenticated API Data Exposure in ApostropheCMS — apostrophe 8.7 High2026-04-15
CVE-2026-33889 ApostropheCMS: Stored XSS via CSS Custom Property Injection in `@apostrophecms/color-field` Escaping Style Tag Context — apostrophe 5.4 Medium2026-04-15
CVE-2026-20059 Cisco Unity Connection Reflected Cross-Site Scripting Vulnerability — Cisco Unity Connection 6.1 Medium2026-04-15
CVE-2026-20132 Cisco Identity Services Engine Multiple Cross-Site Scripting Vulnerabilities — Cisco Identity Services Engine Software 4.8 Medium2026-04-15
CVE-2026-6370 WordPress Mini Ajax Cart for WooCommerce plugin <= 1.3.4 - Cross Site Scripting (XSS) vulnerability — Mini Ajax Cart for WooCommerce 5.9 Medium2026-04-15
CVE-2025-15636 WordPress YouTube Showcase plugin <= 3.5.1 - Cross Site Scripting (XSS) vulnerability — YouTube Showcase 6.5 Medium2026-04-15
CVE-2026-40734 WordPress Categories Images plugin <= 3.3.1 - Cross Site Scripting (XSS) vulnerability — Categories Images 6.1 -2026-04-15
CVE-2026-3643 Accessibly <= 3.0.3 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting via Widget Source Injection via REST API — Accessibly – WordPress Website Accessibility 7.2 High2026-04-15
CVE-2026-3998 WM JqMath <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'style' Shortcode Attribute — WM JqMath 6.4 Medium2026-04-15
CVE-2026-4011 Power Charts <= 0.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute — Power Charts – Responsive Beautiful Charts & Graphs 6.4 Medium2026-04-15
CVE-2026-4005 Coachific Shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'userhash' Shortcode Attribute — Coachific Shortcode 6.4 Medium2026-04-15
CVE-2026-3659 WP Circliful <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute — WP Circliful 6.4 Medium2026-04-15
CVE-2025-40899 Stored Cross-Site Scripting (XSS) in Assets and Nodes in Guardian/CMC before 26.0.0 — Guardian 8.9 High2026-04-15
CVE-2026-5694 Quick Interest Slider <= 3.1.5 - Unauthenticated Stored Cross-Site Scripting — Quick Interest Slider 7.2 High2026-04-15
CVE-2026-5717 VI: Include Post By <= 0.4.200706 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class_container' Shortcode Attribute — VI: Include Post By 6.4 Medium2026-04-15
CVE-2026-5160 goldmark 安全漏洞 — github.com/yuin/goldmark/renderer/html 6.1 Medium2026-04-15
CVE-2026-26291 GROWI 安全漏洞 — GROWI 5.4 -2026-04-15
CVE-2026-2834 Age Verification & Identity Verification by Token of Trust <= 3.32.3 - Unauthenticated Stored Cross-Site Scripting via 'description' Parameter — Age Verification & Identity Verification by Token of Trust 7.2 High2026-04-15
CVE-2026-40096 immich: Open Redirect via Shared Album name — immich 5.4 -2026-04-14
CVE-2026-2396 List View Google Calendar <= 7.4.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via Event Description — List View Google Calendar 4.4 Medium2026-04-14

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21491 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.