Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21519

21519 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-25438 WordPress Gutenberg Blocks – Unlimited blocks For Gutenberg plugin <= 1.2.8 - Reflected Cross Site Scripting (XSS) vulnerability — Gutenberg Blocks 7.1 High2026-03-19
CVE-2025-68836 WordPress Table of Contents Creator plugin <= 1.6.4.1 - Reflected Cross Site Scripting (XSS) vulnerability — Table of Contents Creator 7.1 High2026-03-19
CVE-2025-67618 WordPress Brookside theme <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability — Brookside 7.1 High2026-03-19
CVE-2025-62043 WordPress WPCasa plugin <= 1.4.1 - Cross Site Scripting (XSS) vulnerability — WPCasa 6.5 Medium2026-03-19
CVE-2025-53222 WordPress tagDiv Opt-In Builder plugin <= 1.7.3 - Reflected Cross Site Scripting (XSS) vulnerability — tagDiv Opt-In Builder 7.1 High2026-03-19
CVE-2025-50001 WordPress tagDiv Composer plugin <= 5.4.2 - Reflected Cross Site Scripting (XSS) vulnerability — tagDiv Composer 6.1 -2026-03-19
CVE-2024-42210 HCL Unica Marketing Operations v12.1.8 and lower is affected by a Stored cross-site scripting (XSS) vulnerability — Unica Marketing Operations (Plan) 7.6 High2026-03-19
CVE-2026-4006 Draft List <= 2.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'display_name' Parameter — Draft List 6.4 Medium2026-03-19
CVE-2026-4120 Info Cards <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes — Info Cards – Add Text and Media in Card Layouts 6.4 Medium2026-03-19
CVE-2026-28044 WordPress WP Rocket plugin <= 3.19.4 - Cross Site Scripting (XSS) vulnerability — WP Rocket 5.9 Medium2026-03-19
CVE-2026-28073 WordPress WP eMember theme <= v10.2.2 - Reflected Cross Site Scripting (XSS) vulnerability — WP eMember 7.1 High2026-03-19
CVE-2026-1238 SlimStat Analytics <= 5.3.5 - Unauthenticated Stored Cross-Site Scripting via 'fh' — SlimStat Analytics 7.2 High2026-03-19
CVE-2025-15051 IBM QRadar SIEM Cross-Site Scripting — QRadar SIEM 5.4 Medium2026-03-19
CVE-2026-1276 IBM QRadar SIEM Cross-Site Scripting — QRadar SIEM 5.4 Medium2026-03-19
CVE-2026-32728 Parse Server has a stored XSS filter bypass via Content-Type MIME parameter and missing XML extension blocklist entries — parse-server 9.8 -2026-03-18
CVE-2026-32722 Memray-generated HTML reports vulnerable to Stored XSS via unescaped command-line metadata — memray 3.6 Low2026-03-18
CVE-2026-32703 OpenProject's repository files are served with the MIME type allowing them to be used to bypass Content Security Policy — openproject 9.1 Critical2026-03-18
CVE-2026-3090 Post SMTP <= 3.8.0 - Unauthenticated Stored Cross-Site Scripting via 'event_type' — Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App 7.2 High2026-03-18
CVE-2026-2512 Code Embed <= 2.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Fields — Code Embed 6.4 Medium2026-03-18
CVE-2026-3278 XSS Vulnerability discovered in OpenText™ ZENworks Service Desk. — ZENworks Service Desk 6.1 -2026-03-18
CVE-2025-12518 Stored XSS in beefree.io — Befree SDK 6.1 -2026-03-18
CVE-2026-22322 Stored Cross‑Site Scripting in Link Aggregation Name Handling — FL SWITCH 2005 7.1 High2026-03-18
CVE-2026-3512 Writeprint Stylometry <= 0.1 - Reflected Cross-Site Scripting via 'p' Parameter — Writeprint Stylometry 6.1 Medium2026-03-18
CVE-2026-1780 [CR]Paid Link Manager <= 0.5 - Reflected Cross-Site Scripting — [CR]Paid Link Manager 6.1 Medium2026-03-18
CVE-2026-31938 jsPDF has HTML Injection in New Window paths — jsPDF 9.6 Critical2026-03-18
CVE-2026-4268 WP Go Maps (formerly WP Google Maps) <= 10.0.05 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via admin_post_wpgmza_save_settings — WP Go Maps (formerly WP Google Maps) 6.4 Medium2026-03-18
CVE-2026-28499 LeafKit's HTML escaping may be skipped for Collection values, enabling XSS — leaf-kit 6.1 -2026-03-18
CVE-2026-4356 itsourcecode University Management System add_result.php cross site scripting — University Management System 2.4 Low2026-03-18
CVE-2026-4355 Portabilis i-Educar Endpoint educar_servidor_curso_lst.php cross site scripting — i-Educar 3.5 Low2026-03-17
CVE-2026-4354 TRENDnet TEW-824DRU Web apply_sec.cgi sub_420A78 cross site scripting — TEW-824DRU 3.5 Low2026-03-17

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21519 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.