Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21515

21515 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-2231 Fluent Booking <= 2.0.01 - Unauthenticated Stored Cross-Site Scripting via Multiple Parameters — Fluent Booking – The Ultimate Appointments Scheduling, Events Booking, Events Calendar Solution 7.2 High2026-03-26
CVE-2026-4877 itsourcecode Payroll Management System index.php cross site scripting — Payroll Management System 4.3 Medium2026-03-26
CVE-2025-41027 Multiple vulnerabilities in GDTaller — GDTaller 6.1 -2026-03-26
CVE-2025-41026 Multiple vulnerabilities in GDTaller — GDTaller 6.1 -2026-03-26
CVE-2018-25210 WebOfisi E-Ticaret 4.0 SQL Injection via urun Parameter — Ticaret V4 8.2 High2026-03-26
CVE-2026-4849 code-projects Simple Laundry System Parameter modify.php cross site scripting — Simple Laundry System 4.3 Medium2026-03-26
CVE-2026-4848 dameng100 muucmf list.html cross site scripting — muucmf 4.3 Medium2026-03-26
CVE-2026-4847 dameng100 muucmf list.html cross site scripting — muucmf 4.3 Medium2026-03-26
CVE-2026-4846 dameng100 muucmf autoReply.html cross site scripting — muucmf 4.3 Medium2026-03-26
CVE-2026-4845 dameng100 muucmf index.html cross site scripting — muucmf 4.3 Medium2026-03-26
CVE-2026-4389 DSGVO snippet for Leaflet Map and its Extensions <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'unset' Attribute — DSGVO snippet for Leaflet Map and its Extensions 6.4 Medium2026-03-26
CVE-2026-4329 Blackhole for Bad Bots <= 3.8 - Unauthenticated Stored Cross-Site Scripting via User-Agent HTTP Header — Blackhole for Bad Bots 7.2 High2026-03-26
CVE-2026-4278 Simple Download Counter <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'text' Shortcode Attribute — Simple Download Counter 6.4 Medium2026-03-26
CVE-2026-1986 FloristPress for Woo <= 7.8.2 - Reflected Cross-Site Scripting via 'noresults' Parameter — FloristPress for Woo – Customize your eCommerce store for your Florist 6.1 Medium2026-03-26
CVE-2026-4075 BWL Advanced FAQ Manager Lite <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sbox_id' Shortcode Attribute — BWL Advanced FAQ Manager Lite 6.4 Medium2026-03-26
CVE-2026-4335 ShortPixel Image Optimizer <= 6.4.3 - Authenticated (Author+) Stored Cross-Site Scripting via Attachment Title — ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF 5.4 Medium2026-03-26
CVE-2026-4835 code-projects Accounting System Web Application add_costumer.php cross site scripting — Accounting System 3.5 Low2026-03-26
CVE-2026-33933 Reflected XSS via Unescaped contextName Parameter in Custom Template Editor — openemr 6.1 Medium2026-03-25
CVE-2026-33932 OpenEMR has Stored XSS in CCDA Preview via Unsanitized linkHtml Attributes — openemr 7.6 High2026-03-25
CVE-2026-33912 OpenEMR has reflected XSS in ajax_download.php via reportID parameter — openemr 5.4 Medium2026-03-25
CVE-2026-33911 OpenEMR vulnerable to reflected XSS in graphs.php via title parameter — openemr 5.4 Medium2026-03-25
CVE-2026-33348 OpenEMR has Stored XSS in patient encounter Eye Exam form $CHRONIC2 and $CHRONIC3 — openemr 8.7 High2026-03-25
CVE-2026-2483 IBM InfoSphere Information Server Cross-Site Scripting — InfoSphere Information Server 5.4 Medium2026-03-25
CVE-2026-2485 IBM InfoSphere Information Server Cross-Site Scripting — InfoSphere Information Server 4.8 Medium2026-03-25
CVE-2026-33749 n8n Vulnerable to XSS via Binary Data Inline HTML Rendering — n8n 4.6 -2026-03-25
CVE-2026-1001 Domoticz < 2026.1 Stored XSS via Hardware Configuration Endpoint — Domoticz 4.8 -2026-03-25
CVE-2026-2973 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLab 5.4 Medium2026-03-25
CVE-2026-32542 WordPress Fusion Builder plugin < 3.15.0 - Reflected Cross Site Scripting (XSS) vulnerability — Fusion Builder 6.1 -2026-03-25
CVE-2026-32545 WordPress Taboola Pixel plugin <= 1.1.4 - Reflected Cross Site Scripting (XSS) vulnerability — Taboola Pixel 6.1 -2026-03-25
CVE-2026-32544 WordPress OOPSpam Anti-Spam plugin <= 1.2.62 - Cross Site Scripting (XSS) vulnerability — OOPSpam Anti-Spam 5.4 -2026-03-25

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21515 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.