CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21492

21492 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-4388	Form Maker by 10Web <= 1.15.40 - Unauthenticated Stored Cross-Site Scripting via Matrix Field Text Box — Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder	7.2	High	2026-04-14
CVE-2026-39426	MaxKB: Stored XSS via Unsanitized iframe_render Parsing — MaxKB	5.4	-	2026-04-14
CVE-2026-39423	Stored XSS via Eval Injection in EchartsRander Component — MaxKB	5.4	-	2026-04-14
CVE-2026-39422	MaxKB has Stored XSS via ChatHeadersMiddleware — MaxKB	5.4	-	2026-04-14
CVE-2026-27683	Reflected cross site scripting vulnerability in SAP BusinessObjects Business Intelligence Platform — SAP BusinessObjects Business Intelligence Platform	4.1	Medium	2026-04-14
CVE-2026-0512	Cross-Site Scripting (XSS) vulnerability in SAP Supplier Relationship Management (SICF Handler in SRM Catalog) — SAP Supplier Relationship Management (SICF Handler in SRM Catalog)	6.1	Medium	2026-04-14
CVE-2026-6218	aandrew-me ytDownloader Error Details Panel createTextNode cross site scripting — ytDownloader	4.3	Medium	2026-04-13
CVE-2026-6216	DbGate SVG Icon String FontIcon.svelte cross site scripting — DbGate	3.5	Low	2026-04-13
CVE-2026-40038	Pachno 1.0.6 Stored Cross-Site Scripting via Multiple Parameters — Pachno	7.2	High	2026-04-13
CVE-2026-23891	Decidim has a Cross-site scripting (XSS) vulnerability via user name field — decidim	8.0	-	2026-04-13
CVE-2026-30812	Stored Cross-Site Scripting in Event Comments via Filter Bypass — Pandora FMS	6.1	-	2026-04-13
CVE-2026-6184	code-projects Simple Content Management System welcome.php cross site scripting — Simple Content Management System	2.4	Low	2026-04-13
CVE-2026-2728	LibreNMS 安全漏洞 — librenms	4.8	-	2026-04-13
CVE-2025-15632	1Panel-dev MaxKB MdPreview chat.ts cross site scripting — MaxKB	3.5	Low	2026-04-13
CVE-2026-35565	Apache Storm UI: Stored Cross-Site Scripting (XSS) via Unsanitized Topology Metadata in Storm UI — Apache Storm UI	5.4	-	2026-04-13
CVE-2026-6162	PHPGurukul Company Visitor Management System bwdates-reports-details.php cross site scripting — Company Visitor Management System	3.5	Low	2026-04-13
CVE-2026-6159	code-projects Simple ChatBox Endpoint insert.php cross site scripting — Simple ChatBox	4.3	Medium	2026-04-13
CVE-2026-6179	Stored Cross Site Scripting in NightWolf Penetration Testing Platform — NightWolf Penetration Testing Platform	5.4	-	2026-04-13
CVE-2026-6150	code-projects Simple Laundry System checkupdatestatus.php cross site scripting — Simple Laundry System	4.3	Medium	2026-04-13
CVE-2017-20239	MDwiki Cross-Site Scripting via Location Hash Parameter — MDwiki	6.1	Medium	2026-04-12
CVE-2026-1116	Cross-site Scripting (XSS) in parisneo/lollms — parisneo/lollms	5.4^AI	Medium^AI	2026-04-12
CVE-2026-6107	1Panel-dev MaxKB ChatHeadersMiddleware chat_headers_middleware.py cross site scripting — MaxKB	3.5	Low	2026-04-12
CVE-2026-6106	1Panel-dev MaxKB Public Chat static_headers_middleware.py StaticHeadersMiddleware cross site scripting — MaxKB	3.5	Low	2026-04-11
CVE-2026-31845	Rukovoditel CRM 安全漏洞 — Rukovoditel CRM	9.3	Critical	2026-04-11
CVE-2026-23900	Extension - phoca.cz - Stored XSS vectors in Phoca Maps component 5.0.0 - 6.0.2 for Joomla — phoca.cz - Phoca Maps for Joomla	5.4	-	2026-04-11
CVE-2026-3498	BlockArt Blocks <= 2.2.15 - Authenticated (Author+) Stored Cross-Site Scripting via 'clientId' Block Attribute — BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library	6.4	Medium	2026-04-11
CVE-2026-4895	Greenshift <= 12.8.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via disablelazy Attribute — Greenshift – animation and page builder blocks	6.4	Medium	2026-04-11
CVE-2026-5217	Optimole <= 4.2.2 - Unauthenticated Stored Cross-Site Scripting via Srcset Descriptor Parameter — Optimole – Optimize Images in Real Time	7.2	High	2026-04-11
CVE-2026-5226	Optimole <= 4.2.3 - Reflected Cross-Site Scripting via Page Profiler URL — Optimole – Optimize Images in Real Time	6.1	Medium	2026-04-11
CVE-2026-32893	Chamilo LMS has Reflected XSS via Unsanitized http_build_query() in Exercise Question List Pagination — chamilo-lms	5.4	Medium	2026-04-10

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21492 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21492