CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21515

21515 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-4973	SourceCodester Online Quiz System add-question.php cross site scripting — Online Quiz System	3.5	Low	2026-03-27
CVE-2026-33739	FOG has Stored XSS in Multiple Management Pages — fogproject	5.7	Medium	2026-03-27
CVE-2026-33045	Home Assistant has stored XSS in history-graphs — core	6.1	-	2026-03-27
CVE-2026-33044	Home Assistant has stored XSS in Map-card through malicious device name — core	5.4	-	2026-03-27
CVE-2026-4972	code-projects Online Reviewer System btn_functions.php cross site scripting — Online Reviewer System	2.4	Low	2026-03-27
CVE-2026-4969	code-projects Social Networking Site Alert home.php cross site scripting — Social Networking Site	3.5	Low	2026-03-27
CVE-2026-34375	AVideo Vulnerable to Reflected XSS via Unsanitized plugin Parameter in YPTWallet Stripe Payment Page — AVideo	8.2	High	2026-03-27
CVE-2026-5026	Langflow - Stored XSS via Malicious SVG Upload — langflow	5.4	-	2026-03-27
CVE-2026-5010	Reflected Cross-Site Scripting (XSS) in Sanoma’s Clickedu — Clickedu	6.1	-	2026-03-27
CVE-2026-32859	ByteDance DeerFlow Stored XSS via Inline Artifact Rendering — DeerFlow	5.4	Medium	2026-03-27
CVE-2026-25100	Stored XSS via SVG File Upload in Bludit — Bludit	5.4	-	2026-03-27
CVE-2026-3457	Stored XSS vulnerability in Sentinel ACC — Sentinel LDK Runtime	5.4	-	2026-03-27
CVE-2026-33559	WordPress plugin OpenStreetMap 跨站脚本漏洞 — OpenStreetMap	5.4	-	2026-03-27
CVE-2026-4909	code-projects Exam Form Submission update_s7.php cross site scripting — Exam Form Submission	2.4	Low	2026-03-27
CVE-2026-4899	code-projects Online Food Ordering System food.php cross site scripting — Online Food Ordering System	2.4	Low	2026-03-26
CVE-2026-33673	PrestaShop has multiple stored XSS vulnerabilities via unprotected Template variables — PrestaShop	7.7	High	2026-03-26
CVE-2026-33664	Kestra Vulnerable to Stored Cross-Site Scripting via Flow YAML Fields — kestra	7.3	High	2026-03-26
CVE-2026-4898	code-projects Online Food Ordering System contact.php cross site scripting — Online Food Ordering System	4.3	Medium	2026-03-26
CVE-2026-33653	Uploady Vulnerable to Stored Cross-Site Scripting (XSS) — Uploady	4.6	Medium	2026-03-26
CVE-2026-33742	Invoice Ninja has Stored XSS via Markdown HTML Injection in Product Notes — invoiceninja	5.4	Medium	2026-03-26
CVE-2026-33628	Invoice Ninja Denylist Bypass may Lead to Stored XSS via Invoice Line Items — invoiceninja	5.4	Medium	2026-03-26
CVE-2026-33738	Lychee Vulnerable to Stored XSS via Photo Description in RSS/Atom/JSON Feed (No Sanitization on Public Endpoint) — Lychee	6.1	-	2026-03-26
CVE-2026-3529	Google Analytics GA4 - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-024 — Google Analytics GA4	6.1^AI	Medium^AI	2026-03-26
CVE-2026-3528	Calculation Fields - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-023 — Calculation Fields	6.1^AI	Medium^AI	2026-03-26
CVE-2026-33525	Authelia: Improper Neutralization of Input During Web Page Generation Leads to Potential Cross-site Scripting — authelia	6.1	-	2026-03-26
CVE-2026-34071	Stirling-PDF has Stored Cross Site Scripting (XSS) via EML-to-HTML Export — Stirling-PDF	5.4	Medium	2026-03-26
CVE-2026-33402	SAK-52311: Sakai site-manage group titles can contain XSS content — sakai	5.4	-	2026-03-26
CVE-2026-28298	SolarWinds Observability Self-Hosted Stored Cross-Site Scripting Vulnerability — SolarWinds Observability Self-Hosted	5.9	Medium	2026-03-26
CVE-2026-28297	SolarWinds Observability Self-Hosted Stored Cross-Site Scripting Vulnerability — SolarWinds Observability Self-Hosted	6.1	Medium	2026-03-26
CVE-2026-2389	Complianz – GDPR/CCPA Cookie Consent <= 7.4.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Content Filter — Complianz – GDPR/CCPA Cookie Consent	4.9	Medium	2026-03-26

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21515 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21515