Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21517

21517 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-8072 Target Video Easy Publish <= 3.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via placeholder_img Parameter — Target Video Easy Publish 6.4 Medium2026-01-28
CVE-2026-1513 billboard.js 安全漏洞 — billboard.js 6.1AIMediumAI2026-01-28
CVE-2026-24838 DotNetNuke.Core Vulnerable to Stored XSS via Module Title — Dnn.Platform 9.1 Critical2026-01-27
CVE-2026-24837 DotNetNuke.Core Vulnerable to Stored XSS in Module Deletion Confirmation Modal — Dnn.Platform 7.7 High2026-01-27
CVE-2026-24836 DotNetNuke.Core Vulnerable to Stored XSS in Scheduler LogNotes — Dnn.Platform 7.7 High2026-01-27
CVE-2026-24833 DotNetNuke.Core Vulnerable to Stored XSS in Module Description — Dnn.Platform 7.7 High2026-01-27
CVE-2026-24784 DotNetNuke.Core has a potential XSS vulnerability in modules' header and footer — Dnn.Platform 6.8 Medium2026-01-27
CVE-2026-24778 Ghost vulnerable to XSS via malicious Portal preview links — Ghost 8.8 High2026-01-27
CVE-2026-24771 Hono has a Cross-site Scripting vulnerability — hono 4.7 Medium2026-01-27
CVE-2020-36978 Froxlor Froxlor Server Management Panel 0.10.16 - Persistent Cross-Site Scripting — Froxlor Froxlor Server Management Panel 6.4 Medium2026-01-27
CVE-2026-24824 A XSS in yacy/yacy_search_server — yacy_search_server 6.1AIMediumAI2026-01-27
CVE-2026-24490 MobSF has Stored XSS via Manifest Analysis - Dialer Code Host Field — Mobile-Security-Framework-MobSF 8.1 High2026-01-27
CVE-2026-24476 Shaarli vulnerable to stored XSS via Suggested Tags — Shaarli 6.1AIMediumAI2026-01-26
CVE-2026-1444 iJason-Liu Books_Manager add_book_check.php cross site scripting — Books_Manager 2.4 Low2026-01-26
CVE-2025-11687 Gi-docgen: reflected dom xss in gi-docgen 6.1 Medium2026-01-26
CVE-2020-36960 Forma LMS 2.3 - 'First & Last Name' Stored Cross-Site Scripting — Forma LMS 6.4 Medium2026-01-26
CVE-2020-36956 Openfire 4.6.0 - 'path' Stored XSS — Openfire 6.4 Medium2026-01-26
CVE-2020-36955 Grav CMS 1.6.30 Admin Plugin 1.9.18 - 'Page Title' Persistent Cross-Site Scripting — Grav CMS Admin Plugin 6.4 Medium2026-01-26
CVE-2020-36954 Xeroneit Library Management System 3.1 - "Add Book Category " Stored XSS — Xeroneit Library Management System 6.4 Medium2026-01-26
CVE-2026-24433 Tenda W30E V2 Stored XSS via Username Field — W30E V2 6.1AIMediumAI2026-01-26
CVE-2026-1446 XSS issue is Esri ArcGIS Pro versions 3.6.0 and earlier — ArcGIS Pro 5.0 Medium2026-01-26
CVE-2026-1429 WellChoose|Single Sign-On Portal System - Reflected Cross-site Scripting — Single Sign-On Portal System 5.4 Medium2026-01-26
CVE-2026-1421 code-projects Online Examination System Add Pages cross site scripting — Online Examination System 3.5 Low2026-01-26
CVE-2020-36932 Seacms 11.1 - 'checkuser' Stored XSS — Seacms 6.1 Medium2026-01-25
CVE-2020-36931 Click2Magic 1.1.5 - Stored Cross-Site Scripting — Click2Magic 6.4 Medium2026-01-25
CVE-2026-0862 Save as PDF Plugin by PDFCrowd <= 4.5.5 - Reflected Cross-Site Scripting via options — Save as PDF Plugin by PDFCrowd 6.1 Medium2026-01-24
CVE-2026-1127 Timeline Event History <= 3.2 - Reflected Cross-Site Scripting — Timeline Event History 6.1 Medium2026-01-24
CVE-2026-1191 JavaScript Notifier <= 1.2.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings — JavaScript Notifier 4.4 Medium2026-01-24
CVE-2026-1189 LeadBI Plugin for WordPress <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'form_id' Shortcode Attribute — LeadBI Plugin for WordPress 6.4 Medium2026-01-24
CVE-2026-1300 Responsive Header Plugin <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Parameters — Responsive Header Plugin 4.4 Medium2026-01-24

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21517 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.