CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21517

21517 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-32851	MailEnable < 10.55 Reflected XSS via FreeBusy.aspx Attendees Parameter — MailEnable	6.1	-	2026-03-23
CVE-2026-32850	MailEnable < 10.55 Reflected XSS via ManageShares.aspx SelectedIndex Parameter — MailEnable	6.1	-	2026-03-23
CVE-2026-33683	AVideo vulnerable to Stored XSS via html_entity_decode() Reversing xss_esc() Sanitization in Channel About Field — AVideo	5.4	Medium	2026-03-23
CVE-2026-4595	code-projects Exam Form Submission update_s6.php cross site scripting — Exam Form Submission	2.4	Low	2026-03-23
CVE-2026-33500	AVideo Vulnerable to Stored XSS via Markdown `javascript:` URI Bypasses ParsedownSafeWithLinks Sanitization — AVideo	5.4	Medium	2026-03-23
CVE-2026-33499	AVideo has Reflected XSS via unlockPassword Parameter in forbiddenPage.php and warningPage.php — AVideo	6.1	Medium	2026-03-23
CVE-2026-4578	code-projects Exam Form Submission update_s3.php cross site scripting — Exam Form Submission	2.4	Low	2026-03-23
CVE-2025-6229	Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via `Fancy Text Widget` And `Countdown Widget` — Sina Extension for Elementor	6.4	Medium	2026-03-23
CVE-2026-4577	code-projects Exam Form Submission update_s4.php cross site scripting — Exam Form Submission	2.4	Low	2026-03-23
CVE-2026-4576	code-projects Exam Form Submission update_s5.php cross site scripting — Exam Form Submission	2.4	Low	2026-03-23
CVE-2026-4575	code-projects Exam Form Submission update_s2.php cross site scripting — Exam Form Submission	2.4	Low	2026-03-23
CVE-2026-4557	code-projects Exam Form Submission update_s1.php cross site scripting — Exam Form Submission	4.3	Medium	2026-03-22
CVE-2026-33295	AVideo Vulnerable to Stored XSS via Unescaped Video Title in CDN downloadButtons.php — AVideo	5.4	-	2026-03-22
CVE-2026-4544	Wavlink WL-WN578W2 POST Request login.cgi cross site scripting — WL-WN578W2	2.4	Low	2026-03-22
CVE-2026-3427	Yoast SEO <= 27.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'jsonText' Block Attribute — Yoast SEO – Advanced SEO with real-time guidance and built-in AI	6.4	Medium	2026-03-22
CVE-2025-71276	SOGo 跨站脚本漏洞 — SOGo	6.4	Medium	2026-03-22
CVE-2026-4510	PbootCMS Parameter MemberController.php alert_location cross site scripting — PbootCMS	4.3	Medium	2026-03-21
CVE-2026-4022	Show Posts list <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Show Posts list – Easy designs, filters and more	6.4	Medium	2026-03-21
CVE-2026-1914	FuseDesk <= 6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'emailtext' Shortcode Attribute — FuseDesk	6.4	Medium	2026-03-21
CVE-2026-2501	Ed's Social Share <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — Ed's Social Share	6.4	Medium	2026-03-21
CVE-2026-1278	Mandatory Field <= 1.6.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Fields — Mandatory Field	4.4	Medium	2026-03-21
CVE-2026-2837	Ricerca – advanced search <= 1.1.12 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin's Settings — Ricerca – advanced search	4.4	Medium	2026-03-21
CVE-2026-2121	Weaver Show Posts <= 1.8.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Additional Classes to Wrap Posts' Widget Setting — Weaver Show Posts	4.4	Medium	2026-03-21
CVE-2026-1397	PQ Addons – Creative Elementor Widgets <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Attributes — PQ Addons – Creative Elementor Widgets	6.4	Medium	2026-03-21
CVE-2026-3997	Text Toggle <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Shortcode Attribute — Text Toggle	6.4	Medium	2026-03-21
CVE-2026-3354	Wikilookup <= 1.1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Popup Width' Setting — Wikilookup	4.4	Medium	2026-03-21
CVE-2026-4161	Review Map by RevuKangaroo <= 1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings — Review Map by RevuKangaroo	4.4	Medium	2026-03-21
CVE-2026-3554	Sherk Custom Post Type Displays <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Shortcode Attribute — Sherk Custom Post Type Displays	6.4	Medium	2026-03-21
CVE-2026-3353	Comment SPAM Wiper <= 1.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'API Key' Setting — Comment SPAM Wiper	4.4	Medium	2026-03-21
CVE-2026-1911	Twitter Feeds <= 1.0.0 - Authenticated (Contributor+) Cross-Site Scripting via 'tweet_title' Shortcode Attribute — Twitter Feeds	6.4	Medium	2026-03-21

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21517 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21517