Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21515

21515 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-5255 code-projects Simple Laundry System Parameter delstaffinfo.php cross site scripting — Simple Laundry System 4.3 Medium2026-04-01
CVE-2026-5254 welovemedia FFmate Webhook AppJsonTreeView.vue cross site scripting — FFmate 3.5 Low2026-04-01
CVE-2026-5253 bufanyun HotGo editNotice Endpoint MessageList.vue cross site scripting — HotGo 3.5 Low2026-04-01
CVE-2026-5252 z-9527 admin Message Create Endpoint message.js cross site scripting — admin 3.5 Low2026-04-01
CVE-2026-5249 gougucms Record Endpoint record.html cross site scripting — gougucms 3.5 Low2026-04-01
CVE-2026-35057 XenForo Stored Cross-Site Scripting via Structured Text Mentions — XenForo 6.4 Medium2026-04-01
CVE-2026-35055 XenForo Cross-Site Scripting via Lightbox in Posts — XenForo 6.1 Medium2026-04-01
CVE-2026-35054 XenForo Stored Cross-Site Scripting via BB Code Rendering — XenForo 6.4 Medium2026-04-01
CVE-2026-5240 code-projects BloodBank Managing System admin_state.php cross site scripting — BloodBank Managing System 4.3 Medium2026-03-31
CVE-2026-2480 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.4.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'max_width' Shortcode Attribute — WP Shortcodes Plugin — Shortcodes Ultimate 6.4 Medium2026-03-31
CVE-2026-34605 SiYuan: Reflected XSS via SVG namespace prefix bypass in SanitizeSVG ( getDynamicIcon, unauthenticated ) — siyuan 6.1 -2026-03-31
CVE-2026-34585 SiYuan: Stored XSS in imported .sy.zip content leads to arbitrary command execution — siyuan 8.6 High2026-03-31
CVE-2026-34448 SiYuan: Stored XSS in Attribute View gallery/kanban cover rendering allows arbitrary command execution in the desktop client — siyuan 9.1 Critical2026-03-31
CVE-2026-34405 Nuxt OG Image vulnerable to reflected XSS via query parameter injection into HTML attributes — og-image 6.1 Medium2026-03-31
CVE-2026-34739 AVideo: Reflected XSS via Unescaped ip Parameter in User_Location testIP.php — AVideo 6.1 Medium2026-03-31
CVE-2026-34716 AVideo: DOM XSS via Unsanitized Display Name in WebSocket Call Notification — AVideo 6.4 Medium2026-03-31
CVE-2026-34396 AVideo: Stored XSS via Unescaped Plugin Configuration Values in Admin Panel — AVideo 6.1 Medium2026-03-31
CVE-2026-3468 SonicWALL Email Security 跨站脚本漏洞 — Email Security 4.8AIMediumAI2026-03-31
CVE-2026-34206 Captcha Protect: Reflected XSS in challenge page via unsanitized destination rendered with text/template — captcha-protect 6.1 Medium2026-03-31
CVE-2026-5209 SourceCodester Leave Application System User Management cross site scripting — Leave Application System 2.4 Low2026-03-31
CVE-2025-62184 Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. — Pega Infinity 4.8AIMediumAI2026-03-31
CVE-2026-32607 Discourse: Stored XSS via unescaped assignee name — discourse 5.4 -2026-03-31
CVE-2026-32273 Discourse: XSS on category description update via API — discourse 5.4 Medium2026-03-31
CVE-2026-32243 Discourse: Stored XSS in discourse-ai shared conversations onebox — discourse 5.4 -2026-03-31
CVE-2026-34231 Slippers: Cross-Site Scripting (XSS) in `attrs` Template Tag — slippers 6.1 Medium2026-03-31
CVE-2026-20915 Stored cross-site scripting in Pending Changes sidebar — Checkmk 5.4AIMediumAI2026-03-31
CVE-2026-33276 XSS in Unified Search via Unescaped Host/Service Names — Checkmk 5.4AIMediumAI2026-03-31
CVE-2026-4267 Query Monitor <= 3.20.3 - Reflected Cross-Site Scripting via Request URI — Query Monitor 7.2 High2026-03-31
CVE-2026-34887 WordPress Kubio AI Page Builder plugin <= 2.7.0 - Cross Site Scripting (XSS) vulnerability — Kubio AI Page Builder 6.5 Medium2026-03-31
CVE-2026-3107 Multiple vulnerabilities in Teampass — Teampass 5.4AIMediumAI2026-03-31

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21515 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.