CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21519

21519 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-4077	Ecover Builder For Dummies <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute — Ecover Builder For Dummies	6.4	Medium	2026-03-21
CVE-2026-1854	Post Flagger <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'slug' Shortcode Attribute — Post Flagger	6.4	Medium	2026-03-21
CVE-2026-1822	WP NG Weather <= 1.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — WP NG Weather	6.4	Medium	2026-03-21
CVE-2026-4086	WP Random Button <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'cat' Shortcode Attribute — WP Random Button	6.4	Medium	2026-03-21
CVE-2026-2440	SurveyJS: Drag & Drop Form Builder <= 2.5.3 - Unauthenticated Stored Cross-Site Scripting — SurveyJS: Drag & Drop Form Builder	7.2	High	2026-03-21
CVE-2026-3350	Image Alt Text Manager <= 1.8.2 - Authenticated (Author+) Stored Cross-Site Scripting via Post Title — Image Alt Text Manager – Bulk & Dynamic Alt Tags For image SEO Optimization + AI	6.4	Medium	2026-03-20
CVE-2026-2430	Autoptimize <= 3.1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Lazy-loaded Image Attributes — Autoptimize	6.4	Medium	2026-03-20
CVE-2026-3516	Contact List <= 3.0.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via '_cl_map_iframe' Parameter — Contact List – Online Staff Directory & Address Book	6.4	Medium	2026-03-20
CVE-2026-3572	iTracker360 <= 2.2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'itracker_license' Settings Field — iTracker360	6.1	Medium	2026-03-20
CVE-2026-2352	Autoptimize <= 3.1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ao_post_preload' Meta Value — Autoptimize	6.4	Medium	2026-03-20
CVE-2026-3368	Injection Guard <= 1.2.9 - Unauthenticated Stored Cross-Site Scripting via Query Parameter Name — Injection Guard	7.2	High	2026-03-20
CVE-2026-3577	Keep Backup Daily <= 2.1.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Backup Title — Keep Backup Daily	4.4	Medium	2026-03-20
CVE-2026-4083	Scoreboard for HTML5 Games Lite <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — Scoreboard for HTML5 Games Lite	6.4	Medium	2026-03-20
CVE-2026-33411	Discourse's solved topic stream has potential stored XSS in topic title — discourse	5.4	Medium	2026-03-20
CVE-2026-33230	nltk Vulnerable to Cross-site Scripting — nltk	6.1	Medium	2026-03-20
CVE-2026-33209	Avo has a XSS vulnerability on `return_to` param — avo	6.1	-	2026-03-20
CVE-2026-33172	Statamic has Stored XSS via SVG Sanitization Bypass — cms	8.7	High	2026-03-20
CVE-2026-33140	PySpector: Stored XSS in PySpector HTML Report Generation leads to Javascript Code Execution — PySpector	5.4	-	2026-03-20
CVE-2026-4495	atjiu pybbs CommentApiController.java create cross site scripting — pybbs	3.5	Low	2026-03-20
CVE-2026-4494	atjiu pybbs TopicApiController.java create cross site scripting — pybbs	3.5	Low	2026-03-20
CVE-2026-32844	XinLiangCoder / php_api_doc Reflected XSS via list_method.php — php_api_doc	6.1	Medium	2026-03-20
CVE-2026-22895	QuFTP Service — QuFTP Service	4.8	-	2026-03-20
CVE-2026-32986	Textpattern CMS 4.9.0: Second-Order XSS via Atom Feed Injection — Textpattern CMS	6.1	Medium	2026-03-20
CVE-2026-31382	Gainsight Assist reflected XSS/HTML injection — Gainsight Assist	6.1	Medium	2026-03-20
CVE-2026-33136	WeGIA has Reflected Cross-Site Scripting (XSS) in `listar_memorandos_ativos.php` via `sccd` parameter — WeGIA	9.3	Critical	2026-03-20
CVE-2026-33135	WeGIA has Reflected Cross-Site Scripting (XSS) in `novo_memorandoo.php` via `sccs` parameter — WeGIA	9.3	Critical	2026-03-20
CVE-2024-31119	WordPress Download Special Box for Content plugin <= 1 - Cross Site Scripting (XSS) vulnerability — Special Box for Content	5.9	Medium	2026-03-20
CVE-2026-33080	Filament: Unvalidated Range and Values summarizer values can be used for XSS — filament	7.3	High	2026-03-20
CVE-2026-2432	CM Custom Reports <= 1.2.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Labels — CM Custom Reports – Flexible reporting to track what matters most	4.4	Medium	2026-03-20
CVE-2026-33067	SiYuan has Stored XSS to RCE via Unsanitized Bazaar Package Metadata — siyuan	7.6	-	2026-03-20

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21519 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21519