Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21519

21519 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-33066 SiYuan has Stored XSS to RCE via Unsanitized Bazaar README Rendering — siyuan 5.4 -2026-03-20
CVE-2026-33061 Jexactyl has Stored DOM Cross-Site Scripting (XSS) via unescaped JSON in Blade template — Jexactyl 5.8 Medium2026-03-20
CVE-2026-4474 itsourcecode University Management System admin_single_student_update.php cross site scripting — University Management System 2.4 Low2026-03-20
CVE-2026-33051 Craft CMS Vulnerable to Stored XSS in Revision Context Menu — cms 5.4 -2026-03-20
CVE-2026-33035 Unauthenticated Reflected XSS via innerHTML in AVideo — AVideo 6.1 -2026-03-20
CVE-2026-32940 SiYuan has a SanitizeSVG bypass via data:text/xml in getDynamicIcon (incomplete fix for CVE-2026-29183) — siyuan 9.3 Critical2026-03-20
CVE-2026-32890 Anchorr: Stored XSS in User Mapping dropdown allows unprivileged Discord users to exfiltrate all secrets via /api/config — Anchorr 9.7 Critical2026-03-20
CVE-2026-32880 ChurchCRM is vulnerable to Stored XSS through JSON handling in SystemSettings.php — CRM 6.4 Medium2026-03-20
CVE-2026-32757 Admidio: HTMLPurifier Bypass in eCard Message Allows HTML Email Injection — admidio 5.4 Medium2026-03-19
CVE-2026-29106 SuiteCRM has blind XSS in return_id parameter — SuiteCRM 5.9 Medium2026-03-19
CVE-2026-29100 SuiteCRM has Reflected HTML Injection in Login Page via default_user_name Parameter — SuiteCRM 7.1 High2026-03-19
CVE-2026-32721 LuCI luci-mod-network: Possible XSS attack in WiFi scan on Joining Wireless Client modal — luci 8.6 High2026-03-19
CVE-2026-33395 Discourse has stored click‑based XSS via Graphviz SVG javascript: links — discourse 4.4 Medium2026-03-19
CVE-2026-32040 OpenClaw < 2026.2.23 - HTML Injection via Unvalidated Image MIME Type in Data-URL Interpolation — OpenClaw 4.6 Medium2026-03-19
CVE-2026-32754 FreeScout: Stored XSS via Unescaped Email Template Rendering ({!! $thread->body !!}) — freescout 9.3 Critical2026-03-19
CVE-2026-32751 SiYuan Vulnerable to Remote Code Execution via Stored XSS in Notebook Name - Mobile Interface — siyuan 5.4 -2026-03-19
CVE-2026-27740 Discourse has Stored XSS in AI Triage Automation — discourse 5.4 -2026-03-19
CVE-2026-27570 Discourse Vulnerable to Stored XSS via Shared AI Conversation Onebox — discourse 5.4 -2026-03-19
CVE-2026-33346 OpenEMR has stored XSS in portal_payment.php via Unescaped table_args — openemr 8.7 High2026-03-19
CVE-2026-33303 OpenEMR Vulnerable to Stored XSS via Unescaped portal_login_username in Credential Print View — openemr 5.4 Medium2026-03-19
CVE-2026-33299 OpenEMR has Stored XSS in patient encounter Eye Exam form answers — openemr 5.4 -2026-03-19
CVE-2026-32119 OpenEMR has Stored DOM XSS via SearchHighlight text-node reconstruction on Custom Report page — openemr 4.4 Medium2026-03-19
CVE-2026-32869 OPEXUS eComplaint and eCASE XSS via Name of Organization field — eComplaint 5.5 Medium2026-03-19
CVE-2026-32868 OPEXUS eComplaint and eCASE XSS via my information — eComplaint 5.5 Medium2026-03-19
CVE-2026-32866 OPEXUS eComplaint and eCase stored XSS via profile first and last name — eCASE 5.5 Medium2026-03-19
CVE-2026-32843 Linkit ONE Location Aware Sensor System (LASS) Reflected XSS via PM25.php — Location Aware Sensor System (LASS) 6.1 -2026-03-19
CVE-2026-21788 HCL Connections is vulnerable to cross-site scripting (XSS) — Connections 5.4 Medium2026-03-19
CVE-2026-27070 WordPress Everest Forms Pro plugin <= 1.9.10 - Cross Site Scripting (XSS) vulnerability — Everest Forms Pro 7.1 High2026-03-19
CVE-2026-27068 WordPress Website LLMs.txt plugin <= 8.2.6 - Reflected Cross Site Scripting (XSS) vulnerability — Website LLMs.txt 7.1 High2026-03-19
CVE-2026-25442 WordPress Kentha theme <= 4.7.2 - Reflected Cross Site Scripting (XSS) vulnerability — Kentha 7.1 High2026-03-19

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21519 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.