Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21519

21519 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-0858 PlantUML 安全漏洞 — net.sourceforge.plantuml:plantuml 6.1 Medium2026-01-16
CVE-2025-31510 LemonLDAP::NG 安全漏洞 — LemonLDAP::NG 7.2 High2026-01-16
CVE-2021-47808 Cotonti Siena 0.9.19 - 'maintitle' Stored Cross-Site Scripting — Cotonti Siena 5.4 Medium2026-01-15
CVE-2021-47779 Dolibarr ERP-CRM 14.0.2 - Stored Cross-Site Scripting (XSS) / Privilege Escalation — CRM 5.4 Medium2026-01-15
CVE-2026-1011 Stored Cross-Site Scripting in Altium Live Support Center Comment Endpoint — Altium Live 6.1 Medium2026-01-15
CVE-2026-1010 Stored Cross-Site Scripting in Altium Enterprise Server Workflow Engine Allows Privilege Escalation — Altium Enterprise Server 8.0 High2026-01-15
CVE-2026-1009 Stored Cross-Site Scripting in Altium Live Forum Leading to Cross-Customer Data Exposure — Altium Live 9.0 Critical2026-01-15
CVE-2026-1008 Stored Cross-Site Scripting in Altium Live User Profile Fields — Altium Live 7.6 High2026-01-15
CVE-2025-15265 Svelte 5.46.0 - Hydratable Key Script-Breakout XSS (SSR) — Svelte 6.1AIMediumAI2026-01-15
CVE-2026-20075 Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Stored Cross-Site Scripting Vulnerability — Cisco Evolved Programmable Network Manager (EPNM) 4.8 Medium2026-01-15
CVE-2026-20076 Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability — Cisco Identity Services Engine Software 4.8 Medium2026-01-15
CVE-2026-22867 LaSuite Doc affected by Stored XSS via Interlinking Block — docs 8.7 High2026-01-15
CVE-2021-47843 Tagstoo 2.0.1 - Stored XSS to RCE — Tagstoo 5.4 Medium2026-01-15
CVE-2021-47769 Isshue Shopping Cart 3.5 - 'Title' Cross Site Scripting (XSS) — Isshue Shopping Cart 4.8 Medium2026-01-15
CVE-2021-47768 ImportExportTools NG 10.0.4 - HTML Injection — ImportExportTools NG 6.1 Medium2026-01-15
CVE-2026-22919 SICK TDC-X401GL 安全漏洞 — TDC-X401GL 3.8 Low2026-01-15
CVE-2026-22913 SICK TDC-X401GL 安全漏洞 — TDC-X401GL 4.3 Medium2026-01-15
CVE-2025-14448 WP-Members Membership Plugin <= 3.5.4.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Multiple Checkbox and Multiple Select User Profile Fields — WP-Members Membership Plugin 5.4 Medium2026-01-15
CVE-2026-0601 Nexus Repository 3 - Cross-Site Scripting — Nexus Repository 6.1AIMediumAI2026-01-14
CVE-2025-11224 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLab 7.7 High2026-01-14
CVE-2025-14557 XSS in Drupal 7 Facebook Pixel Module — Facebook Pixel 6.1AIMediumAI2026-01-14
CVE-2025-14556 XSS in Drupal 7 Flag Module — Flag 6.1AIMediumAI2026-01-14
CVE-2025-71166 Typesetter CMS Reflected XSS via Move Message Handling — Typesetter 5.4AIMediumAI2026-01-14
CVE-2025-71165 Typesetter CMS Reflected XSS via Status.php — Typesetter 5.4AIMediumAI2026-01-14
CVE-2025-71164 Typesetter CMS Reflected XSS via Editing.php — Typesetter 5.4AIMediumAI2026-01-14
CVE-2026-23497 Frappe LMS has a Stored XSS via Unsanitized Image Filename in Course and Jobs Pages — lms 5.4AIMediumAI2026-01-14
CVE-2026-22787 html2pdf.js has a cross-site scripting vulnerability — html2pdf.js 6.1AIMediumAI2026-01-14
CVE-2026-0741 Electric Studio Download Counter <= 2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Parameters — Electric Studio Download Counter 4.4 Medium2026-01-14
CVE-2026-0734 WP Allowed Hosts <= 1.0.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'allowed-hosts' Parameter — WP Allowed Hosts 4.4 Medium2026-01-14
CVE-2026-0813 Short Link <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Administration Settings Page — Short Link 4.4 Medium2026-01-14

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21519 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.