CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21489

21489 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-5810	SourceCodester Sales and Inventory System GET Parameter delete.php cross site scripting — Sales and Inventory System	3.5	Low	2026-04-08
CVE-2026-40028	Hayabusa < 3.8.0 XSS via JSON Log Import — hayabusa	5.4	Medium	2026-04-08
CVE-2026-5808	openstatusHQ openstatus Onboarding Endpoint client.tsx cross site scripting — openstatus	4.3	Medium	2026-04-08
CVE-2026-5711	Post Blocks & Tools <= 1.3.0 - Authenticated (Author+) Stored Cross-Site Scripting via 'sliderStyle' Block Attribute — Post Blocks & Tools	6.4	Medium	2026-04-08
CVE-2026-5806	code-projects Easy Blog Site update.php cross site scripting — Easy Blog Site	3.5	Low	2026-04-08
CVE-2026-5451	Extensions for Leaflet Map <= 4.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'elevation-track' Shortcode — Extensions for Leaflet Map	6.4	Medium	2026-04-08
CVE-2026-39416	Stored XSS in modal item preview for long item content in AIL Framework — ail-framework	5.4^AI	Medium^AI	2026-04-08
CVE-2026-35455	immich has Stored XSS via OCR Text in 360° Panorama Viewer — immich	7.3	High	2026-04-08
CVE-2026-35403	LORIS has potential cross-site scripting in survey_accounts module — Loris	6.5	Medium	2026-04-08
CVE-2026-35169	LORIS has potential cross-site scripting in help_editor module — Loris	8.7	High	2026-04-08
CVE-2026-39392	CI4MS has Stored XSS in Pages Content Due to Missing html_purify Sanitization — ci4ms	5.5	Medium	2026-04-08
CVE-2026-39391	CI4MS has Stored XSS via Unescaped Blacklist Note in Admin User List — ci4ms	4.8	Medium	2026-04-08
CVE-2026-39390	CI4MS has Stored XSS via srcdoc attribute bypass in Google Maps iframe setting — ci4ms	5.5	Medium	2026-04-08
CVE-2026-2509	Page Builder: Pagelayer <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget Custom Attributes — Page Builder: Pagelayer – Drag and Drop website builder	6.4	Medium	2026-04-08
CVE-2026-5301	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in coolercontrol-ui — coolercontrol-ui	7.6	High	2026-04-08
CVE-2026-2481	Beaver Builder Page Builder – Drag and Drop Website Builder <= 2.10.1.1 - Authenticated (Author+) Stored Cross-Site Scripting via 'settings[js]' — Beaver Builder Page Builder – Drag and Drop Website Builder	6.4	Medium	2026-04-08
CVE-2026-4300	Robo Gallery <= 5.1.3 - Authenticated (Author+) Stored Cross-Site Scripting via 'Loading Label' Setting — Robo Gallery – Photo & Image Slider	6.4	Medium	2026-04-08
CVE-2026-4025	PrivateContent Free <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'align' Shortcode Attribute — PrivateContent Free	6.4	Medium	2026-04-08
CVE-2026-4303	WP Visitor Statistics (Real Time Traffic) <= 8.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'height' Shortcode Attribute — WP Visitor Statistics (Real Time Traffic)	6.4	Medium	2026-04-08
CVE-2026-4073	pdfl.io <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'text' Shortcode Attribute — pdfl.io	6.4	Medium	2026-04-08
CVE-2026-39708	WordPress UiCore Elements plugin <= 1.3.14 - Cross Site Scripting (XSS) vulnerability — UiCore Elements	5.4^AI	Medium^AI	2026-04-08
CVE-2026-39702	WordPress Animation Addons for Elementor plugin <= 2.6.1 - Cross Site Scripting (XSS) vulnerability — Animation Addons for Elementor	6.1^AI	Medium^AI	2026-04-08
CVE-2026-39703	WordPress WPBITS Addons For Elementor Page Builder plugin <= 1.8.1 - Cross Site Scripting (XSS) vulnerability — WPBITS Addons For Elementor Page Builder	5.4^AI	Medium^AI	2026-04-08
CVE-2026-39696	WordPress Elfsight WhatsApp Chat CC plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability — Elfsight WhatsApp Chat CC	6.1^AI	Medium^AI	2026-04-08
CVE-2026-39693	WordPress FSM Custom Featured Image Caption plugin <= 1.25.1 - Cross Site Scripting (XSS) vulnerability — FSM Custom Featured Image Caption	6.1^AI	Medium^AI	2026-04-08
CVE-2026-39692	WordPress tagDiv Composer plugin <= 5.4.3 - Cross Site Scripting (XSS) vulnerability — tagDiv Composer	5.4^AI	Medium^AI	2026-04-08
CVE-2026-39683	WordPress Garden Gnome Package plugin <= 2.4.1 - Cross Site Scripting (XSS) vulnerability — Garden Gnome Package	6.1^AI	Medium^AI	2026-04-08
CVE-2026-39674	WordPress MK Google Directions plugin <= 3.1.1 - Cross Site Scripting (XSS) vulnerability — MK Google Directions	6.1^AI	Medium^AI	2026-04-08
CVE-2026-39667	WordPress Korea SNS plugin <= 1.7.0 - Cross Site Scripting (XSS) vulnerability — Korea SNS	6.1^AI	Medium^AI	2026-04-08
CVE-2026-39665	WordPress SEO Friendly Images plugin <= 3.0.5 - Cross Site Scripting (XSS) vulnerability — SEO Friendly Images	6.1^AI	Medium^AI	2026-04-08

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21489 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21489