CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21517

21517 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-1098	CM CSS Columns <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tag' Shortcode Attribute — CM CSS Columns	6.4	Medium	2026-01-24
CVE-2026-1302	Meta-box GalleryMeta <= 3.0.1 - Authenticated (Editor+) Stored Cross-Site Scripting via Image Caption — Meta-box GalleryMeta	4.4	Medium	2026-01-24
CVE-2026-1266	Postalicious <= 3.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings — Postalicious	4.4	Medium	2026-01-24
CVE-2026-0800	User Submitted Posts – Enable Users to Submit Posts from the Front End <= 20251210 - Unauthenticated Stored Cross-Site Scripting via Custom Field — User Submitted Posts – Enable Users to Submit Posts from the Front End	7.2	High	2026-01-24
CVE-2026-1099	Administrative Shortcodes <= 0.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'login' and 'logout' Shortcode Attributes — Administrative Shortcodes	6.4	Medium	2026-01-24
CVE-2025-13676	JustClick registration plugin <= 0.1 - Reflected Cross-Site Scripting via PHP_SELF — JustClick registration plugin	6.1	Medium	2026-01-24
CVE-2026-1084	Cookie consent for developers <= 1.7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Multiple Settings Fields — Cookie consent for developers	4.4	Medium	2026-01-24
CVE-2026-1097	ThemeRuby Multi Authors <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'before' and 'after' Shortcode Attributes — ThemeRuby Multi Authors – Assign Multiple Writers to Posts	6.4	Medium	2026-01-24
CVE-2025-14941	GZSEO <= 2.0.11 - Authenticated (Contributor+) Authorization Bypass to Stored Cross-Site Scripting — GZSEO	6.4	Medium	2026-01-24
CVE-2026-1095	Canto Testimonials <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'fx' Shortcode Attribute — Canto Testimonials	6.4	Medium	2026-01-24
CVE-2025-14797	Same Category Posts <= 1.1.19 - Authenticated (Author+) Stored Cross-Site Scripting via Widget Title Placeholder — Same Category Posts	5.4	Medium	2026-01-24
CVE-2025-14985	Alpha Blocks <= 1.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'alpha_block_css' Post Meta — Alpha Blocks	6.4	Medium	2026-01-24
CVE-2025-12836	VK Google Job Posting Manager <= 1.2.23 - Authenticated (Author+) Stored Cross-Site Scripting via Job Description Field — VK Google Job Posting Manager	6.4	Medium	2026-01-24
CVE-2026-24399	ChatterMate has Stored Cross-Site Scripting (XSS) via Chatbot Input Execution — chattermate.chat	9.3	Critical	2026-01-24
CVE-2026-24128	XWiki Affected by Reflected Cross-Site Scripting (XSS) in Error Messages — xwiki-platform	9.6	-	2026-01-23
CVE-2026-24127	Typemill has Reflected XSS via login error view template — typemill	5.4	Medium	2026-01-23
CVE-2021-47906	BloofoxCMS 0.5.2.1 - 'text' Stored Cross Site Scripting — BloofoxCMS	6.4	Medium	2026-01-23
CVE-2021-47905	MyBB Delete Account Plugin 1.4 - Cross-Site Scripting — MyBB Delete Account Plugin	6.1	Medium	2026-01-23
CVE-2021-47897	PEEL Shopping 9.3.0 - 'address' Stored Cross-Site Scripting — PEEL Shopping	7.2	High	2026-01-23
CVE-2021-47892	PEEL Shopping 9.3.0 - 'Comments/Special Instructions' Stored Cross-Site Scripting — PEEL Shopping	7.2	High	2026-01-23
CVE-2018-25132	MyBB Trending Widget Plugin 1.2 - Cross-Site Scripting — MyBB Trending Widget Plugin	6.1	Medium	2026-01-23
CVE-2018-25116	MyBB Thread Redirect Plugin 0.2.1 - Cross-Site Scripting — MyBB Thread Redirect Plugin	6.1	Medium	2026-01-23
CVE-2025-71177	LavaLite CMS <= 10.1.0 Stored XSS via Package Creation and Search — LavaLite CMS	5.4	-	2026-01-23
CVE-2026-24632	WordPress Delay Redirects plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability — Delay Redirects	5.9	Medium	2026-01-23
CVE-2026-24630	WordPress Stylish Cost Calculator plugin <= 8.2.9 - Cross Site Scripting (XSS) vulnerability — Stylish Cost Calculator	6.5	Medium	2026-01-23
CVE-2026-24629	WordPress Web Accessibility with Max Access plugin <= 2.1.0 - Cross Site Scripting (XSS) vulnerability — Web Accessibility with Max Access	5.9	Medium	2026-01-23
CVE-2026-24626	WordPress Logo Slider plugin <= 5.1.1 - Cross Site Scripting (XSS) vulnerability — Logo Slider	5.9	Medium	2026-01-23
CVE-2026-24623	WordPress Neoforum plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability — Neoforum	7.1	High	2026-01-23
CVE-2026-24621	WordPress Terms descriptions plugin <= 3.4.9 - Cross Site Scripting (XSS) vulnerability — Terms descriptions	5.9	Medium	2026-01-23
CVE-2026-24620	WordPress Landing Page Builder plugin <= 1.5.3.4 - Cross Site Scripting (XSS) vulnerability — Landing Page Builder	5.9	Medium	2026-01-23

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21517 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21517