CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21517

21517 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2020-37018	GOautodial 4.0 - Persistent Cross-Site Scripting — GOautodial	6.4	Medium	2026-01-29
CVE-2026-1469	Stored Cross-Site Scripting (XSS) in RLE NOVA's PlanManager — PlanManager	5.4^AI	Medium^AI	2026-01-29
CVE-2026-24769	NocoDB Vulnerable to Stored Cross-Site Scripting via SVG upload — nocodb	5.4^AI	Medium^AI	2026-01-28
CVE-2025-13983	Tagify - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-121 — Tagify	6.1^AI	Medium^AI	2026-01-28
CVE-2025-13981	AI (Artificial Intelligence) - Moderately critical - Cross-Site Scripting - SA-CONTRIB-2025-119 — AI (Artificial Intelligence)	6.1^AI	Medium^AI	2026-01-28
CVE-2026-0749	Cross-Site Scripting Vulnerability in Drupal Form Builder Module — Drupal	6.1^AI	Medium^AI	2026-01-28
CVE-2025-67723	Discourse vulnerable to stored Cross-site Scripting via Katex in discourse-math plugin — discourse	4.6	Medium	2026-01-28
CVE-2026-1520	rethinkdb Secondary Index cross site scripting — rethinkdb	2.4	Low	2026-01-28
CVE-2020-36993	LimeSurvey <= 4.3.10 - 'Survey Menu' Persistent Cross-Site Scripting — LimeSurvey	5.4	Medium	2026-01-28
CVE-2020-36988	PDW File Browser <= v1.3 - Cross-Site Scripting (XSS) — PDW File Browser	5.4	Medium	2026-01-28
CVE-2025-14865	Passster – Password Protect Pages and Content <= 4.2.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Passster – Password Protect Pages and Content	6.4	Medium	2026-01-28
CVE-2025-59900	Authenticated Cross-Site Scripting (XSS) vulnerability in Sync Breeze Enterprise Server — Sync Breeze Enterprise Server	5.4^AI	Medium^AI	2026-01-28
CVE-2025-59899	Authenticated Cross-Site Scripting (XSS) vulnerability in Sync Breeze Enterprise Server — Sync Breeze Enterprise Server	5.4^AI	Medium^AI	2026-01-28
CVE-2025-59898	Authenticated Cross-Site Scripting (XSS) vulnerability in Sync Breeze Enterprise Server — Sync Breeze Enterprise Server	5.4^AI	Medium^AI	2026-01-28
CVE-2025-59897	Authenticated Cross-Site Scripting (XSS) vulnerability in Sync Breeze Enterprise Server — Sync Breeze Enterprise Server	5.4^AI	Medium^AI	2026-01-28
CVE-2025-59896	Authenticated Cross-Site Scripting (XSS) vulnerability in Sync Breeze Enterprise Server — Sync Breeze Enterprise Server	5.4^AI	Medium^AI	2026-01-28
CVE-2026-0483	Stored Cross-Site Scripting (XSS) vulnerability in LiveHelperChat — LiveHelperChat	5.4^AI	Medium^AI	2026-01-28
CVE-2026-1399	WP Google Ad Manager Plugin <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Admin Settings — WP Google Ad Manager Plugin	4.4	Medium	2026-01-28
CVE-2025-14283	BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library <= 2.2.14 - Authenticated (Contributor+) Stored Cross-Site Scripting — BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library	6.4	Medium	2026-01-28
CVE-2025-14063	SEO Links Interlinking <= 1.7.9.9.1 - Reflected Cross-Site Scripting via 'google_error' Parameter — SEO Links Interlinking	6.1	Medium	2026-01-28
CVE-2026-1391	Vzaar Media Management <= 1.2 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] — Vzaar Media Management	5.3	Medium	2026-01-28
CVE-2026-1053	Ivory Search <= 5.5.13 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'menu_gcse' and 'nothing_found_text' Parameters — Ivory Search – WordPress Search Plugin	4.4	Medium	2026-01-28
CVE-2026-1381	Order Minimum/Maximum Amount Limits for WooCommerce <= 4.6.8 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via Hide Add to Cart Content Fields — Order Minimum/Maximum Amount Limits for WooCommerce	4.4	Medium	2026-01-28
CVE-2025-14039	Simple Folio <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Client name' and 'Link' Meta Fields — Simple Folio	6.4	Medium	2026-01-28
CVE-2025-9082	WPBITS Addons For Elementor <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting — WPBITS Addons For Elementor Page Builder	6.4	Medium	2026-01-28
CVE-2025-12709	Interactions – Create Interactive Experiences in the Block Editor <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Interactions – Create Interactive Experiences in the Block Editor	6.4	Medium	2026-01-28
CVE-2026-1295	Buy Now Plus <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — Buy Now Plus — Payments with Stripe	6.4	Medium	2026-01-28
CVE-2026-1244	Forms Bridge <= 4.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute — Forms Bridge – Infinite integrations	6.4	Medium	2026-01-28
CVE-2026-1466	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Jirafeau — Jirafeau	6.1	Medium	2026-01-28
CVE-2026-1083	Appointment Hour Booking – Booking Calendar <= 1.5.60 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Min/Max Length' Field Configuration — Appointment Hour Booking – Booking Calendar	4.4	Medium	2026-01-28

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21517 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21517