Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21519

21519 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-58089 MedDream PACS Premium 跨站脚本漏洞 — MedDream PACS Premium 6.1 Medium2026-01-20
CVE-2025-58090 MedDream PACS Premium 跨站脚本漏洞 — MedDream PACS Premium 6.1 Medium2026-01-20
CVE-2025-58088 MedDream PACS Premium 跨站脚本漏洞 — MedDream PACS Premium 6.1 Medium2026-01-20
CVE-2025-58087 MedDream PACS Premium 跨站脚本漏洞 — MedDream PACS Premium 6.1 Medium2026-01-20
CVE-2025-36556 MedDream PACS Premium 安全漏洞 — MedDream PACS Premium 6.1 Medium2026-01-20
CVE-2025-15380 NotificationX <= 3.2.0 - Unauthenticated DOM-Based Cross-Site Scripting via 'nx-preview' — NotificationX – FOMO, Live Sales Notification, WooCommerce Sales Popup, GDPR, Social Proof, Announcement Banner & Floating Notification Bar 7.2 High2026-01-20
CVE-2026-0608 Head Meta Data <= 20251118 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta — Head Meta Data 6.4 Medium2026-01-20
CVE-2026-0690 FlatPM – Ad Manager, AdSense and Custom Code <= 3.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Post Meta — FlatPM – Ad Manager, AdSense and Custom Code 6.4 Medium2026-01-20
CVE-2026-1183 HTML injection in multiple Botble products — TransP 6.1AIMediumAI2026-01-20
CVE-2025-41025 Stored Cross-Site Scripting in Poultry Farm Management System — Poultry Farm Management System 5.4AIMediumAI2026-01-20
CVE-2025-40679 HTML injection in Isshue from Bdtask — Isshue 7.2AIHighAI2026-01-20
CVE-2025-41024 Stored Cross-Site Scripting in Poultry Farm Management System — Poultry Farm Management System 5.4AIMediumAI2026-01-20
CVE-2025-40644 Reflected Cross-Site Scripting (XSS) in QRGen's Riftzilla — QRGen 6.1AIMediumAI2026-01-20
CVE-2025-41084 Stored Cross-Site Scripting (XSS) in Sesame web application — Sesame 5.4AIMediumAI2026-01-20
CVE-2025-41768 Beckhoff: XSS Vulnerability in TwinCAT 3 HMI Server — TwinCAT.HMI.Server 5.5 Medium2026-01-20
CVE-2025-66523 Reflected Cross-Site Scripting (XSS) Vulnerability in na1.foxitesign.foxit.com via Unsanitized URL Parameters — na1.foxitesign.foxit.com 6.1 Medium2026-01-20
CVE-2026-1042 WP Hello Bar <= 1.02 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'digit_one' and 'digit_two' Parameters — WP Hello Bar 4.4 Medium2026-01-20
CVE-2026-1045 Viet contact <= 1.3.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'll1', 'll2', 'll3', and 'll4' Parameters — Viet contact 4.4 Medium2026-01-20
CVE-2026-23847 SiYuan Vulnerable to Reflected Cross-Site Scripting (XSS) via /api/icon/getDynamicIcon — siyuan 6.1AIMediumAI2026-01-19
CVE-2026-23625 OpenProject has stored XSS regression using attachments and script-src self — openproject 8.7 High2026-01-19
CVE-2026-1161 pbrong hrms recruitment.go UpdateRecruitmentById cross site scripting — hrms 3.5 Low2026-01-19
CVE-2026-21618 Cross-site scripting (XSS) in OAuth Device Authorization screen — hexpm 6.1AIMediumAI2026-01-19
CVE-2026-1151 technical-laohu mpay User Center cross site scripting — mpay 2.4 Low2026-01-19
CVE-2026-1147 SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System api_patient_schedule.php cross site scripting — Patients Waiting Area Queue Management System 3.5 Low2026-01-19
CVE-2026-1146 SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System api_register_patient.php cross site scripting — Patients Waiting Area Queue Management System 3.5 Low2026-01-19
CVE-2026-1136 lcg0124 BootDo ContentController save cross site scripting — BootDo 3.5 Low2026-01-19
CVE-2026-1135 itsourcecode Society Management System activity.php cross site scripting — Society Management System 4.3 Medium2026-01-19
CVE-2026-1134 itsourcecode Society Management System expenses.php cross site scripting — Society Management System 4.3 Medium2026-01-19
CVE-2026-23525 1panel App Store vulnerable to Cross-site Scripting — 1Panel 6.4 Medium2026-01-18
CVE-2026-1049 LigeroSmart index.pl cross site scripting — LigeroSmart 3.5 Low2026-01-17

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21519 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.