Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21519

21519 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-0499 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal — SAP NetWeaver Enterprise Portal 6.1 Medium2026-01-13
CVE-2026-22813 Malicious website can execute commands on the local system through XSS in the OpenCode web UI — opencode 6.1AIMediumAI2026-01-12
CVE-2026-22033 Label Studio vulnerable to full account takeover by chaining Stored XSS + IDOR in User Profile via custom_hotkeys field — label-studio 5.4AIMediumAI2026-01-12
CVE-2025-41003 Multiple vulnerabilities in Imaster products Open configuration options — Patient Record Management System 5.4AIMediumAI2026-01-12
CVE-2025-40978 Multiple vulnerabilities in WorkDo products — eCommerceGo SaaS 5.4AIMediumAI2026-01-12
CVE-2025-40977 Multiple vulnerabilities in WorkDo products — eCommerceGo SaaS 5.4AIMediumAI2026-01-12
CVE-2025-40976 Multiple vulnerabilities in WorkDo products — TicketGo 5.4AIMediumAI2026-01-12
CVE-2025-40975 Multiple vulnerabilities in WorkDo products — HRMGo 5.4AIMediumAI2026-01-12
CVE-2025-69268 Spectrum reflected XSS — DX NetOps Spectrum 6.1AIMediumAI2026-01-12
CVE-2025-15505 Luxul XWR-600 Web Administration cross site scripting — XWR-600 2.4 Low2026-01-11
CVE-2026-0824 questdb ui Web Console cross site scripting — ui 3.5 Low2026-01-10
CVE-2025-12379 Shortcodes and extra features for Phlox theme <= 2.17.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Modern Heading Widget — Shortcodes and extra features for Phlox theme 6.4 Medium2026-01-10
CVE-2025-14555 Countdown Timer - Widget Countdown <= 2.7.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Countdown Timer – Widget Countdown 6.4 Medium2026-01-10
CVE-2025-14506 ConvertForce Popup Builder <= 0.0.7 - Stored Cross-Site Scripting via entrance_animation — ConvertForce Popup Builder 6.4 Medium2026-01-10
CVE-2026-22704 HAXcms Has Stored XSS Vulnerability that May Lead to Account Takeover — issues 8.1 High2026-01-10
CVE-2026-22610 Angular has XSS Vulnerability via Unsanitized SVG Script Attributes — angular 6.1 -2026-01-10
CVE-2025-61674 October CMS Vulnerable to Stored XSS via Editor and Branding Styles — october 6.1 Medium2026-01-10
CVE-2025-61676 October CMS Vulnerable to Stored XSS via Branding Styles — october 6.1 Medium2026-01-10
CVE-2026-22029 React Router vulnerable to XSS via Open Redirects — react-router 8.0 High2026-01-10
CVE-2026-21884 React Router SSR XSS in ScrollRestoration — react-router 8.2 High2026-01-10
CVE-2025-59057 React Router has XSS Vulnerability — react-router 7.6 High2026-01-10
CVE-2026-22198 GestSup < 3.2.60 Stored XSS in API Error Logs — GestSup 6.1 -2026-01-09
CVE-2025-11453 Header and Footer Scripts <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Header and Footer Scripts 6.4 Medium2026-01-09
CVE-2025-13908 The Tooltip <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — The Tooltip 6.4 Medium2026-01-09
CVE-2025-13862 Menu Card <= 0.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — Menu Card 6.4 Medium2026-01-09
CVE-2025-13892 MG AdvancedOptions <= 1.2 - Reflected Cross-Site Scripting — MG AdvancedOptions 6.1 Medium2026-01-09
CVE-2025-13704 Autogen Headers Menu <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'head_class' Shortcode Parameter — Autogen Headers Menu 6.4 Medium2026-01-09
CVE-2025-13854 Curved Text <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — Curved Text 6.4 Medium2026-01-09
CVE-2025-13897 Client Testimonial Slider <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'aft_testimonial_meta_name' Metabox Field — Client Testimonial Slider 6.4 Medium2026-01-09
CVE-2025-13967 Woodpecker for WordPress <= 3.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'form_name' Shortcode Attribute — Woodpecker for WordPress 6.4 Medium2026-01-09

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21519 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.