Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21489

21489 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-4341 Prime Slider <= 4.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'follow_us_text' Parameter — Prime Slider – Addons for Elementor 6.4 Medium2026-04-08
CVE-2026-4333 LearnPress <= 4.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'skin' Shortcode Attribute — LearnPress – WordPress LMS Plugin for Create and Sell Online Courses 6.4 Medium2026-04-08
CVE-2026-2988 Blubrry PowerPress <= 11.15.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via powerpress and podcast Shortcodes — PowerPress Podcasting plugin by Blubrry 6.4 Medium2026-04-08
CVE-2026-4379 LightPress Lightbox <= 2.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'group' Shortcode Attribute — LightPress Lightbox 6.4 Medium2026-04-08
CVE-2026-4406 Gravity Forms <= 2.9.30 - Reflected Cross-Site Scripting via 'form_ids' Parameter — Gravity Forms 4.7 Medium2026-04-07
CVE-2026-4394 Gravity Forms <= 2.9.30 - Unauthenticated Stored Cross-Site Scripting via Credit Card 'Card Type' Sub-Field — Gravity Forms 6.1 Medium2026-04-07
CVE-2026-39936 Stored XSS in Score due to usage of non-reserved data attributes — Mediawiki - Score Extension 6.1AIMediumAI2026-04-07
CVE-2026-39935 XSS-via-i18n in localised wiki names — Mediawiki - CampaignEvents Extension 6.1AIMediumAI2026-04-07
CVE-2026-39933 Multiple XSS vulnerabilities in GlobalWatchlist — Mediawiki - GlobalWatchlist Extension 6.1AIMediumAI2026-04-07
CVE-2026-39846 SiYuan affected by Remote Code Execution in the Electron desktop client via stored XSS in synced table captions — siyuan 9.1 Critical2026-04-07
CVE-2026-32712 Open Source Point of Sale has Stored XSS in Customer Name (Sales) — opensourcepos 5.4 Medium2026-04-07
CVE-2026-39400 Stored XSS via Job HTML/Table Output in Cronicle — Cronicle 5.4AIMediumAI2026-04-07
CVE-2026-39380 Open Source Point of Sale has Stored XSS in Stock Location (Configuration) — opensourcepos 5.4 Medium2026-04-07
CVE-2026-39840 CSS injection in multiple Cargo display formats — Mediawiki - Cargo Extension 6.1AIMediumAI2026-04-07
CVE-2026-39367 WWBN AVideo has Stored XSS via Malicious EPG XML Program Titles in AVideo EPG Page — AVideo 5.4 Medium2026-04-07
CVE-2026-39838 ProofreadPage improperly sanitizes multiline styles using Sanitizer::checkCSS — MediaWiki - ProofreadPage Extension 6.1AIMediumAI2026-04-07
CVE-2026-39338 ChurchCRM has Blind XSS via Global Search – Administrative Cookie Session Exfiltration — CRM 5.4AIMediumAI2026-04-07
CVE-2026-39336 ChurchCRM has Stored XSS from unescaped config values in HTML attributes — CRM 6.1 Medium2026-04-07
CVE-2026-39333 ChurchCRM has Reflected XSS in DateStart/DateEnd parameters in FindFundRaiser.php — CRM 8.7 High2026-04-07
CVE-2026-39332 ChurchCRM has Reflected Cross-Site Scripting (XSS) in GeoPage.php — CRM 8.7 High2026-04-07
CVE-2026-39328 ChurchCRM has Stored XSS in Social Profile Fields — CRM 8.9 High2026-04-07
CVE-2026-39335 ChurchCRM has Stored XSS via Unescaped data-* Attributes in Group/Family Controls — CRM 6.1 Medium2026-04-07
CVE-2026-35576 ChurchCRM has Stored Cross-Site Scripting (XSS) in Person Properties via PrintView.php — CRM 8.7 High2026-04-07
CVE-2026-35575 ChurchCRM has Stored XSS in Group Name — CRM 8.0 High2026-04-07
CVE-2026-35574 ChurchCRM has a Stored XSS in Person Profile - Add a Note — CRM 7.3 High2026-04-07
CVE-2026-35608 QuickDrop has stored XSS in SVG file preview endpoint allowing JavaScript execution — quickdrop 5.4AIMediumAI2026-04-07
CVE-2026-35534 ChurchCRM has Stored XSS in PersonView.php via Facebook Field Attribute Injection — CRM 7.6 High2026-04-07
CVE-2026-35571 Emissary has Stored XSS via Navigation Template Link Injection — emissary 4.8 Medium2026-04-07
CVE-2026-33865 Stored XSS via unsafe YAML parsing in MLflow — Mlflow 5.4AIMediumAI2026-04-07
CVE-2026-3466 Cross-site scripting in dashlet title — Checkmk 5.4AIMediumAI2026-04-07

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21489 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.