Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21506

21506 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-0552 Simple Shopping Cart <= 5.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpsc_display_product' Shortcode — Simple Shopping Cart 6.4 Medium2026-04-04
CVE-2026-0738 Shortcodes Ultimate <= 7.4.8 - authenticated (Contributor+) Stored Cross-Site Scripting via 'su_carousel' Shortcode — WP Shortcodes Plugin — Shortcodes Ultimate 6.4 Medium2026-04-04
CVE-2026-0664 Royal Elementor Addons <= 1.7.1049 - Authenticated (Contributor+) Stored Cross-Site Scripting via REST API Meta Bypass — Royal Addons for Elementor – Addons and Templates Kit for Elementor 6.4 Medium2026-04-04
CVE-2026-2600 ElementsKit Elementor Addons and Templates <= 3.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Simple Tab Widget — ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor 6.4 Medium2026-04-04
CVE-2025-15064 Ultimate Member <= 2.11.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via DOM Gadgets — Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin 6.4 Medium2026-04-04
CVE-2026-2949 Xpro Addons — 140+ Widgets for Elementor <= 1.4.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Icon Box Widget — Xpro Addons — 140+ Widgets for Elementor 6.4 Medium2026-04-04
CVE-2026-2924 Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem <= 3.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'imageLoad' — Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem 6.4 Medium2026-04-04
CVE-2026-34229 Emlog: Stored XSS in Comment Module via URI Scheme Validation Bypass — emlog 6.1 Medium2026-04-03
CVE-2026-35218 Budibase: Stored XSS via unsanitized entity names rendered with {@html} in Builder Command Palette — budibase 8.7 High2026-04-03
CVE-2026-5468 Casdoor dangerouslySetInnerHTML cross site scripting — Casdoor 3.5 Low2026-04-03
CVE-2026-27655 Stored XSS Vulnerability — ManageEngine Exchange Reporter Plus 7.3 High2026-04-03
CVE-2026-4108 Stored XSS Vulnerability — ManageEngine Exchange Reporter Plus 7.3 High2026-04-03
CVE-2026-4107 Stored XSS Vulnerability — ManageEngine Exchange Reporter Plus 7.3 High2026-04-03
CVE-2026-3880 Stored XSS Vulnerability — ManageEngine Exchange Reporter Plus 7.3 High2026-04-03
CVE-2026-3879 Stored XSS Vulnerability — ManageEngine Exchange Reporter Plus 7.3 High2026-04-03
CVE-2026-28703 Stored XSS Vulnerability — ManageEngine Exchange Reporter Plus 7.3 High2026-04-03
CVE-2026-28756 Stored XSS Vulnerability — ManageEngine Exchange Reporter Plus 7.3 High2026-04-03
CVE-2026-28754 Stored XSS Vulnerability — ManageEngine Exchange Reporter Plus 7.3 High2026-04-03
CVE-2026-35539 Roundcube Webmail 跨站脚本漏洞 — Webmail 6.1 Medium2026-04-03
CVE-2026-35508 shynet 跨站脚本漏洞 — Shynet 5.4 Medium2026-04-03
CVE-2026-35466 Stored XSS via unsanitized input from remote service — cveClient/cveInterface.js 6.1AIMediumAI2026-04-02
CVE-2026-34848 hoppscotch: Stored XSS in team member overflow tooltip via display name — hoppscotch 5.4 Medium2026-04-02
CVE-2026-34932 hoppscotch: Stored XSS via mock server responses on backend origin — hoppscotch 8.1AIHighAI2026-04-02
CVE-2026-5429 Kiro IDE Webview Cross-Site Scripting via Workspace Color Theme — Kiro IDE 7.8 High2026-04-02
CVE-2026-34606 Stored XSS in Frappe LMS — lms 5.4AIMediumAI2026-04-02
CVE-2026-34598 YesWiki has Persistant Blind XSS at "/?BazaR&vue=consulter" — yeswiki 6.1AIMediumAI2026-04-02
CVE-2026-5370 krayin laravel-crm Activities Module/Notes inbox.spec.ts composeMail cross site scripting — laravel-crm 3.5 Low2026-04-02
CVE-2026-34974 phpMyFAQ: SVG Sanitizer Bypass via HTML Entity Encoding leads to Stored XSS and Privilege Escalation — phpMyFAQ 5.4 Medium2026-04-02
CVE-2026-34729 phpMyFAQ: Stored XSS via Regex Bypass in Filter::removeAttributes() — phpMyFAQ 6.1 Medium2026-04-02
CVE-2026-34823 Endian Firewall /manage/password/web/ remark Stored Cross-Site Scripting — Endian Firewall 6.4 Medium2026-04-02

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21506 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.