Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21489

21489 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-4420 Stored XSS via Page Creating functionality in Bludit — Bludit 5.4AIMediumAI2026-04-07
CVE-2026-5705 code-projects Online Hotel Booking Booking Endpoint booknow.php cross site scripting — Online Hotel Booking 4.3 Medium2026-04-06
CVE-2026-22675 OCS Inventory NG Server Stored XSS via User-Agent — OCS Inventory NG Server 5.4 Medium2026-04-06
CVE-2026-35399 WeGIA has Stored XSS in backup file names — WeGIA 5.4AIMediumAI2026-04-06
CVE-2026-35390 Content-Security-Policy was set to Report-Only mode, failing to block XSS attacks — webmail 5.4AIMediumAI2026-04-06
CVE-2026-35208 lichess.org has an Unsanitized Stream Title Injection on /streamer — lila 5.4AIMediumAI2026-04-06
CVE-2026-35166 Hugo does not properly escape some Markdown links — hugo 6.4 -2026-04-06
CVE-2026-35052 D-Tale affected by Remote Code Execution through redis/shelf storage — dtale 9.8AICriticalAI2026-04-06
CVE-2026-35046 Tandoor has a Stored CSS Injection via <style> Tag in Recipe Instructions (API-Level) — recipes 5.4 Medium2026-04-06
CVE-2026-5671 Cyber-III Student-Management-System Class Schedule Deletion Endpoint delete_batch.php cross site scripting — Student-Management-System 4.3 Medium2026-04-06
CVE-2026-35035 CI4MS Company Information Public-Facing Page Full Platform Compromise & Full Account Takeover for All Roles & Privilege-Escalation via System Settings Company Information Stored DOM XSS — ci4ms 7.2 High2026-04-06
CVE-2026-34989 CI4MS affected by Profile & User Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS — ci4ms 5.4AIMediumAI2026-04-06
CVE-2026-5668 Cyber-III Student-Management-System add%20notice.php cross site scripting — Student-Management-System 2.4 Low2026-04-06
CVE-2026-34951 Reflected XSS in footer.php in Workbench Allows Attackers to Hijack Authenticated Sessions — forceworkbench 6.1AIMediumAI2026-04-06
CVE-2026-33405 Pi-hole has a Stored HTML Injection in queries.js — web 3.1 Low2026-04-06
CVE-2026-34897 WordPress Media LIbrary Assistant plugin <= 3.34 - Cross Site Scripting (XSS) vulnerability — Media LIbrary Assistant 6.5 Medium2026-04-06
CVE-2026-33406 Pi-hole has a Stored HTML attribute injection — web 5.4 Medium2026-04-06
CVE-2026-33404 Pi-hole has a Stored XSS / HTML injection in the Network page/Dashboard — web 3.4 Low2026-04-06
CVE-2026-33403 Pi-hole has a Reflected XSS / HTML injection in taillog.js — web 6.1 Medium2026-04-06
CVE-2026-26027 GLPI has an Unauthenticated Stored XSS via inventory — glpi 7.5 High2026-04-06
CVE-2026-5647 code-projects Online Shoe Store Add Product admin_feature.php cross site scripting — Online Shoe Store 2.4 Low2026-04-06
CVE-2026-5644 Cyber-III Student-Management-System batch-notice.php cross site scripting — Student-Management-System 2.4 Low2026-04-06
CVE-2026-5643 Cyber-III Student-Management-System Admin Add Endpoint notice.php cross site scripting — Student-Management-System 2.4 Low2026-04-06
CVE-2026-5630 assafelovic gpt-researcher Report API app.py cross site scripting — gpt-researcher 4.3 Medium2026-04-06
CVE-2026-5625 assafelovic gpt-researcher WebSocket researcher.py cross site scripting — gpt-researcher 4.3 Medium2026-04-06
CVE-2026-5615 givanz Vvvebjs File Upload Endpoint upload.php cross site scripting — Vvvebjs 4.3 Medium2026-04-06
CVE-2019-25676 Ask Expert Script 3.0.5 Cross Site Scripting SQL Injection — Ask Expert Script 8.2 High2026-04-05
CVE-2026-5568 Akaunting Invoice/Billing cross site scripting — Akaunting 3.5 Low2026-04-05
CVE-2026-5542 code-projects Simple Laundry System Parameter modstaffinfo.php cross site scripting — Simple Laundry System 4.3 Medium2026-04-05
CVE-2026-5541 code-projects Simple Laundry System Parameter modmemberinfo.php cross site scripting — Simple Laundry System 4.3 Medium2026-04-05

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21489 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.