Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21506

21506 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-5319 itsourcecode Payroll Management System navbar.php cross site scripting — Payroll Management System 4.3 Medium2026-04-02
CVE-2026-34571 CI4MS: Stored Cross‑Site Scripting (Stored XSS) in Backend User Management Allows Session Hijacking and Full Administrative Account Compromise — ci4ms 10.0 Critical2026-04-01
CVE-2026-34569 CI4MS: Blogs Categories Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS — ci4ms 10.0 Critical2026-04-01
CVE-2026-34568 CI4MS: Blogs Posts Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS — ci4ms 9.1 Critical2026-04-01
CVE-2026-34567 CI4MS: Blogs Posts (Categories) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS — ci4ms 9.1 Critical2026-04-01
CVE-2026-34566 CI4MS: Pages Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS — ci4ms 9.1 Critical2026-04-01
CVE-2026-34565 CI4MS: Menu Management (Posts) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS — ci4ms 9.1 Critical2026-04-01
CVE-2026-34564 CI4MS: Menu Management (Pages) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS — ci4ms 9.1 Critical2026-04-01
CVE-2026-34563 CI4MS: Backup Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM Blind XSS — ci4ms 9.1 Critical2026-04-01
CVE-2026-34562 CI4MS: System Settings (Company Information) Full Platform Compromise & Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS — ci4ms 4.7 Medium2026-04-01
CVE-2026-34561 CI4MS: System Settings (Social Media Management) Full Platform Compromise & Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS — ci4ms 4.7 Medium2026-04-01
CVE-2026-34560 CI4MS: Logs Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS — ci4ms 9.1 Critical2026-04-01
CVE-2026-34559 CI4MS: Blogs Tags Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS — ci4ms 9.1 Critical2026-04-01
CVE-2026-34530 File Browser is vulnerable to Stored Cross-Site Scripting via text/template branding injection — filebrowser 6.9 Medium2026-04-01
CVE-2026-34529 File Browser is vulnerable to Stored Cross-site Scripting via crafted EPUB file — filebrowser 7.6 High2026-04-01
CVE-2026-4364 Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access — Verify Identity Access Container 5.4 Medium2026-04-01
CVE-2026-34748 @payloadcms/next has Stored XSS in Admin Panel — payload 8.7 High2026-04-01
CVE-2026-20090 Cisco Integrated Management Controller Cross-Site Scripting Vulnerability — Cisco Enterprise NFV Infrastructure Software 4.8 Medium2026-04-01
CVE-2026-20089 Cisco Integrated Management Controller Cross-Site Scripting Vulnerability — Cisco Enterprise NFV Infrastructure Software 4.8 Medium2026-04-01
CVE-2026-20087 Cisco Integrated Management Controller Cross-Site Scripting Vulnerability — Cisco Enterprise NFV Infrastructure Software 4.8 Medium2026-04-01
CVE-2026-20088 Cisco Integrated Management Controller Cross-Site Scripting Vulnerability — Cisco Enterprise NFV Infrastructure Software 4.8 Medium2026-04-01
CVE-2026-20085 Cisco Integrated Management Controller Cross-Site Scripting Vulnerability — Cisco Enterprise NFV Infrastructure Software 6.1 Medium2026-04-01
CVE-2026-33978 Notesnook: Stored XSS in mobile share editor via unescaped web clip title metadata — notesnook 5.4 Medium2026-04-01
CVE-2025-13535 King Addons for Elementor <= 51.1.38 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Multiple Widgets — King Addons for Elementor – 80+ Elementor Widgets, 4 000+ Elementor Templates, WooCommerce, Mega Menu, Popup Builder 6.4 Medium2026-04-01
CVE-2026-3877 Reflected Cross-Site Scripting in Dashboard Search — VertiGIS FM 6.1AIMediumAI2026-04-01
CVE-2026-21631 Joomla! Core - [20260303] - XSS vector in com_associations comparison view — Joomla! CMS 6.1AIMediumAI2026-04-01
CVE-2026-21632 Joomla! Core - [20260304] - XSS vectors in various article title outputs — Joomla! CMS 5.4AIMediumAI2026-04-01
CVE-2026-34889 WordPress Ultimate Addons for WPBakery Page Builder plugin < 3.21.4 - Cross Site Scripting (XSS) vulnerability — Ultimate Addons for WPBakery Page Builder 6.5 Medium2026-04-01
CVE-2026-5255 code-projects Simple Laundry System Parameter delstaffinfo.php cross site scripting — Simple Laundry System 4.3 Medium2026-04-01
CVE-2026-5254 welovemedia FFmate Webhook AppJsonTreeView.vue cross site scripting — FFmate 3.5 Low2026-04-01

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21506 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.