Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21493

21493 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-32893 Chamilo LMS has Reflected XSS via Unsanitized http_build_query() in Exercise Question List Pagination — chamilo-lms 5.4 Medium2026-04-10
CVE-2026-35600 Vikunja has HTML Injection via Task Titles in Overdue Email Notifications — vikunja 5.4 Medium2026-04-10
CVE-2025-58920 WordPress Cerato theme <= 2.2.18 - Reflected Cross Site Scripting (XSS) vulnerability — Cerato 7.1 High2026-04-10
CVE-2026-6035 code-projects Vehicle Showroom Management System ServiceAndSalesReport.php cross site scripting — Vehicle Showroom Management System 4.3 Medium2026-04-10
CVE-2026-6034 code-projects Vehicle Showroom Management System ProfitAndLossReport.php cross site scripting — Vehicle Showroom Management System 4.3 Medium2026-04-10
CVE-2026-6032 code-projects Simple Laundry System checkcheckout.php cross site scripting — Simple Laundry System 4.3 Medium2026-04-10
CVE-2026-1115 Stored XSS in parisneo/lollms — parisneo/lollms 6.1AIMediumAI2026-04-10
CVE-2026-2305 AddFunc Head & Footer Code <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Fields — AddFunc Head & Footer Code 6.4 Medium2026-04-10
CVE-2026-6003 code-projects Simple IT Discussion Forum user.php cross site scripting — Simple IT Discussion Forum 2.4 Low2026-04-10
CVE-2026-4305 Royal WordPress Backup & Restore Plugin <= 1.0.16 - Reflected Cross-Site Scripting via 'wpr_pending_template' Parameter — Royal WordPress Backup, Restore & Migration Plugin – Backup WordPress Sites Safely 6.1 Medium2026-04-10
CVE-2026-1263 Webling <= 3.9.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'title' Parameter — Webling 6.4 Medium2026-04-10
CVE-2026-40212 OpenStack Skyline 安全漏洞 — Skyline 5.4 Medium2026-04-10
CVE-2026-21904 Junos Space: ilpFilter field on nLegacy.jsp is vulnerable to reflected cross-site script injection — Junos Space 6.1 Medium2026-04-09
CVE-2026-40112 PraisonAI has Stored XSS via Unsanitized Agent Output in HTML Rendering (nh3 Not a Required Dependency) — PraisonAI 5.4 Medium2026-04-09
CVE-2023-54364 Joomla HikaShop 4.7.4 Reflected XSS via Product Filter — Joomla HikaShop 6.1 Medium2026-04-09
CVE-2023-54363 Joomla Solidres 2.13.3 Reflected XSS via Multiple Parameters — Joomla Solidres 6.1 Medium2026-04-09
CVE-2023-54362 Joomla VirtueMart Shopping-Cart 4.0.12 Reflected XSS via keyword — Cart 6.1 Medium2026-04-09
CVE-2023-54361 Joomla iProperty Real Estate 4.1.1 Reflected XSS via filter_keyword — Joomla iProperty Real Estate 6.1 Medium2026-04-09
CVE-2023-54360 Joomla JLex Review 6.0.1 Reflected XSS via review_id Parameter — Joomla JLex Review 6.1 Medium2026-04-09
CVE-2023-54358 WordPress adivaha Travel Plugin 2.3 Reflected XSS via isMobile — WordPress adivaha Travel Plugin 6.1 Medium2026-04-09
CVE-2026-39941 ChurchCRM has an XSS vulnerability — CRM 6.1AIMediumAI2026-04-09
CVE-2026-3005 List category posts <= 0.94.0 - Authenticated (Author+) Stored Cross-Site Scripting via 'catlist' Shortcode — List category posts 6.4 Medium2026-04-09
CVE-2026-4336 Ultimate FAQ Accordion Plugin <= 2.4.7 - Authenticated (Author+) Stored Cross-Site Scripting via FAQ Content — Ultimate FAQ Accordion Plugin 6.4 Medium2026-04-09
CVE-2026-5742 UsersWP <= 1.2.60 - Authenticated (Subscriber+) Stored Cross-Site Scripting via User Badge Link Substitution — UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP 6.4 Medium2026-04-09
CVE-2026-5836 code-projects Online Shoe Store admin_product.php cross site scripting — Online Shoe Store 2.4 Low2026-04-09
CVE-2026-5835 code-projects Online Shoe Store admin_football.php cross site scripting — Online Shoe Store 2.4 Low2026-04-09
CVE-2026-5834 code-projects Online Shoe Store admin_running.php cross site scripting — Online Shoe Store 2.4 Low2026-04-09
CVE-2026-3574 Experto Dashboard for WooCommerce <= 1.0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Navigation Font Size' Setting — Experto Dashboard for WooCommerce 4.4 Medium2026-04-09
CVE-2026-4429 OSM <= 6.1.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'marker_name' Shortcode Attribute — OSM – OpenStreetMap 6.4 Medium2026-04-09
CVE-2026-5357 Download Manager <= 3.3.52 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — Download Manager 6.4 Medium2026-04-09

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21493 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.