Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21506

21506 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-34951 Reflected XSS in footer.php in Workbench Allows Attackers to Hijack Authenticated Sessions — forceworkbench 6.1AIMediumAI2026-04-06
CVE-2026-33405 Pi-hole has a Stored HTML Injection in queries.js — web 3.1 Low2026-04-06
CVE-2026-34897 WordPress Media LIbrary Assistant plugin <= 3.34 - Cross Site Scripting (XSS) vulnerability — Media LIbrary Assistant 6.5 Medium2026-04-06
CVE-2026-33406 Pi-hole has a Stored HTML attribute injection — web 5.4 Medium2026-04-06
CVE-2026-33404 Pi-hole has a Stored XSS / HTML injection in the Network page/Dashboard — web 3.4 Low2026-04-06
CVE-2026-33403 Pi-hole has a Reflected XSS / HTML injection in taillog.js — web 6.1 Medium2026-04-06
CVE-2026-26027 GLPI has an Unauthenticated Stored XSS via inventory — glpi 7.5 High2026-04-06
CVE-2026-5647 code-projects Online Shoe Store Add Product admin_feature.php cross site scripting — Online Shoe Store 2.4 Low2026-04-06
CVE-2026-5644 Cyber-III Student-Management-System batch-notice.php cross site scripting — Student-Management-System 2.4 Low2026-04-06
CVE-2026-5643 Cyber-III Student-Management-System Admin Add Endpoint notice.php cross site scripting — Student-Management-System 2.4 Low2026-04-06
CVE-2026-5630 assafelovic gpt-researcher Report API app.py cross site scripting — gpt-researcher 4.3 Medium2026-04-06
CVE-2026-5625 assafelovic gpt-researcher WebSocket researcher.py cross site scripting — gpt-researcher 4.3 Medium2026-04-06
CVE-2026-5615 givanz Vvvebjs File Upload Endpoint upload.php cross site scripting — Vvvebjs 4.3 Medium2026-04-06
CVE-2019-25676 Ask Expert Script 3.0.5 Cross Site Scripting SQL Injection — Ask Expert Script 8.2 High2026-04-05
CVE-2026-5568 Akaunting Invoice/Billing cross site scripting — Akaunting 3.5 Low2026-04-05
CVE-2026-5542 code-projects Simple Laundry System Parameter modstaffinfo.php cross site scripting — Simple Laundry System 4.3 Medium2026-04-05
CVE-2026-5541 code-projects Simple Laundry System Parameter modmemberinfo.php cross site scripting — Simple Laundry System 4.3 Medium2026-04-05
CVE-2026-5539 code-projects Simple Laundry System Parameter modifymember.php cross site scripting — Simple Laundry System 4.3 Medium2026-04-05
CVE-2026-5533 badlogic pi-mono SVG Artifact SvgArtifact.ts cross site scripting — pi-mono 4.3 Medium2026-04-05
CVE-2016-20054 Nodcms Cross Site Request Forgery via admin endpoints — nodCMS 4.3 Medium2026-04-04
CVE-2018-25250 MyBB Last User's Threads in Profile Plugin 1.2 Persistent XSS — MyBB Last User's Threads in Profile Plugin 7.2 High2026-04-04
CVE-2018-25249 MyBB My Arcade Plugin 1.3 Persistent XSS via Comment — MyBB My Arcade Plugin 6.4 Medium2026-04-04
CVE-2018-25248 MyBB Downloads Plugin 2.0.3 Persistent XSS via downloads.php — MyBB Downloads Plugin 7.2 High2026-04-04
CVE-2018-25247 MyBB Like Plugin 3.0.0 Cross-Site Scripting via User Profiles — MyBB Like Plugin 6.1 Medium2026-04-04
CVE-2026-2936 Visitor Traffic Real Time Statistics <= 8.4 - Unauthenticated Stored Cross-Site Scripting — Visitor Traffic Real Time Statistics 7.2 High2026-04-04
CVE-2026-0626 WPFunnels <= 3.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpf_optin_form' Shortcode — WPFunnels – Funnel Builder for WooCommerce with Checkout & One Click Upsell 6.4 Medium2026-04-04
CVE-2026-2437 WP Travel Engine - Travel and Tour Booking Plugin <= 6.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via wte_trip_tax Shortcode — WP Travel Engine – Tour Booking Plugin – Tour Operator Software 6.4 Medium2026-04-04
CVE-2026-5425 Widgets for Social Photo Feed <= 1.7.9 - Unauthenticated Stored Cross-Site Scripting via feed_data — Widgets for Social Photo Feed 7.2 High2026-04-04
CVE-2025-13368 Xpro Addons — 140+ Widgets for Elementor <= 1.4.20 - Authenticated (Contributor+) Stored Cross-Site Scripting — Xpro Addons — 140+ Widgets for Elementor 6.4 Medium2026-04-04
CVE-2026-0737 Shortcodes Ultimate <= 7.4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'su_lightbox' Shortcode — WP Shortcodes Plugin — Shortcodes Ultimate 6.4 Medium2026-04-04

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21506 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.