Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21517

21517 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-20108 Cisco Catalyst SD-WAN Manager(Cisco SD-WAN vManage) 跨站脚本漏洞 — Cisco Catalyst SD-WAN Manager 5.4 Medium2026-03-25
CVE-2026-20112 Cisco IOS XE Software 跨站脚本漏洞 — Cisco IOS XE Software 4.8 Medium2026-03-25
CVE-2026-3218 Responsive Favicons - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-019 — Responsive Favicons 6.1 -2026-03-25
CVE-2026-3217 SAML SSO - Service Provider - Critical - Cross-site scripting - SA-CONTRIB-2026-018 — SAML SSO - Service Provider 6.1 -2026-03-25
CVE-2026-3215 Islandora - Moderately critical - Arbitrary file upload, Cross-site scripting - SA-CONTRIB-2026-016 — Islandora 6.1 -2026-03-25
CVE-2026-3213 Anti-Spam by CleanTalk - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-014 — Anti-Spam by CleanTalk 6.1 -2026-03-25
CVE-2026-24750 Kiteworks Secure Data Forms vulnerable to Cross-site Scripting — Secure Data Forms 7.6 High2026-03-25
CVE-2026-3212 Tagify - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-013 — Tagify 6.1 -2026-03-25
CVE-2026-2349 UI Icons - Critical - Cross-site Scripting - SA-CONTRIB-2026-010 — UI Icons 6.1 -2026-03-25
CVE-2026-2348 Quick Edit - Moderately critical - Cross-site Scripting - SA-CONTRIB-2026-009 — Quick Edit 6.1 -2026-03-25
CVE-2026-4816 Reflected Cross Site Scripting (XSS) vulnerability in Support Board — Support Board 6.1 -2026-03-25
CVE-2025-40842 Ericsson Indoor Connect 8855 - Improper Neutralization of Input During Web Page Generation Vulnerability — Indoor Connect 8855 5.4 -2026-03-25
CVE-2026-2072 Cross-Site Scripting vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer — Hitachi Infrastructure Analytics Advisor 8.2 High2026-03-25
CVE-2026-4766 Easy Image Gallery <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Shortcode Post Meta — Easy Image Gallery 6.4 Medium2026-03-25
CVE-2026-33347 league/commonmark has an embed extension allowed_domains bypass — commonmark 9.1 -2026-03-24
CVE-2026-33331 oRPC: Stored XSS in OpenAPI Reference Plugin via unescaped JSON.stringify — orpc 8.2 High2026-03-24
CVE-2026-33400 Wallos: Stored cross-site scripting (XSS) vulnerability in the payment method rename endpoint — Wallos 5.4 Medium2026-03-24
CVE-2026-33311 @dicebear/core and @dicebear/initials Vulnerable to SVG Injection via Unsanitized Options — dicebear 4.7 Medium2026-03-24
CVE-2026-4754 CWE-79 in MolotovCherry Android-ImageMagick7 — Android-ImageMagick7 6.1 Medium2026-03-24
CVE-2026-4626 projectworlds Lawyer Management System lawyer_booking.php cross site scripting — Lawyer Management System 3.5 Low2026-03-24
CVE-2026-4616 bolo-blog Article Title article cross site scripting — bolo-blog 2.4 Low2026-03-24
CVE-2026-33170 Rails Active Support has a possible XSS vulnerability in SafeBuffer#% — activesupport 8.6 -2026-03-23
CVE-2026-33168 Rails has a possible XSS vulnerability in its Action View tag helpers — actionview 6.1 -2026-03-23
CVE-2026-33167 Rails has a possible XSS vulnerability in its Action Pack debug exceptions — actionpack 6.1 -2026-03-23
CVE-2026-32277 Connect-CMS has DOM-based Cross-Site Scripting (XSS) in the Cabinet Plugin List View — connect-cms 8.7 High2026-03-23
CVE-2025-60948 Census CSWeb stored XSS — CSWeb 4.6 Medium2026-03-23
CVE-2026-4596 projectworlds Lawyer Management System lawyers.php cross site scripting — Lawyer Management System 3.5 Low2026-03-23
CVE-2026-33548 MantisBT has Stored HTML Injection / XSS when displaying Tags in Timeline — mantisbt 5.4 -2026-03-23
CVE-2026-33517 MantisBT Vulnerable to Stored HTML Injection in Tag Delete Confirmation — mantisbt 5.4 -2026-03-23
CVE-2026-32852 MailEnable < 10.55 Reflected XSS via FreeBusy.aspx StartDate Parameter — MailEnable 6.1 -2026-03-23

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21517 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.