Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21489

21489 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-2714 Institute Management <= 5.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Enquiry Form Title' Setting — Institute Management – Learning Management System 4.4 Medium2026-04-22
CVE-2026-4088 Switch CTA Box <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Switch CTA Box 6.4 Medium2026-04-22
CVE-2026-6041 Buzz Comments <= 0.9.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Custom Buzz Avatar' Setting — Buzz Comments 4.4 Medium2026-04-22
CVE-2026-1845 Real Estate Pro <= 1.0.9 - Authenticated (Admin+) Stored Cross-Site Scripting via Settings — Real Estate Pro 5.5 Medium2026-04-22
CVE-2026-1379 HTTP Headers <= 1.19.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Custom Headers' Plugin Setting — HTTP Headers 4.4 Medium2026-04-22
CVE-2026-4279 Bread & Butter: Content Gating for Verified Leads <= 8.2.0.25 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — Bread & Butter: AI-Powered Lead Intelligence 6.4 Medium2026-04-22
CVE-2026-4082 ER Swiffy Insert <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — ER Swiffy Insert 6.4 Medium2026-04-22
CVE-2026-5820 Zypento Blocks <= 1.0.6 - Authenticated (Author+) Stored Cross-Site Scripting via Table of Contents Block — Zypento Blocks 6.4 Medium2026-04-22
CVE-2026-40451 DeepL for Chrome 跨站脚本漏洞 — Chrome browser extension 6.1AIMediumAI2026-04-22
CVE-2026-41063 WWBN AVideo has incomplete fix for CVE-2026-33500 (XSS) — AVideo 5.4 Medium2026-04-21
CVE-2026-41061 WWBN AVideo Vulnerable to stored XSS via Unanchored Duration Regex in Video Encoder Receiver — AVideo 5.4 Medium2026-04-21
CVE-2026-40927 Docmost: XSS in Comments with JavaScript URI — docmost 5.4 Medium2026-04-21
CVE-2026-40878 mailcow-dockerized Login Page has Reflected Parameter Injection / Wrong-Context XSS Escaping — mailcow-dockerized 8.2AIHighAI2026-04-21
CVE-2026-40875 mailcow: dockerized vulnerable to stored XSS in user login history real_rip — mailcow-dockerized 6.1AIMediumAI2026-04-21
CVE-2026-40873 mailcow: dockerized vulnerable to stored XSS in Quarantine attachment filenames — mailcow-dockerized 6.1AIMediumAI2026-04-21
CVE-2026-40872 mailcow: dockerized vulnerable to stored XSS in autodiscover logs email address field — mailcow-dockerized 6.1AIMediumAI2026-04-21
CVE-2026-6745 Bagisto Custom Scripts cross site scripting — Bagisto 3.5 Low2026-04-21
CVE-2026-41456 Bludit CMS Reflected XSS via Search Plugin — bludit 6.1AIMediumAI2026-04-21
CVE-2026-6743 WebSystems WebTOTUM Calendar cross site scripting — WebTOTUM 3.5 Low2026-04-21
CVE-2026-35451 Twenty: Stored XSS via BlockNote FileBlock — twenty 5.7 Medium2026-04-21
CVE-2026-27937 October: Reflected XSS via DataTable Form Widget — october 3.1 Low2026-04-21
CVE-2026-40568 FreeScout Vulnerable to XSS via Mailbox Signature Due to Incomplete HTML Sanitization — freescout 8.5 High2026-04-21
CVE-2026-40565 FreeScout has Stored XSS / CSS Injection via linkify() — Unescaped URL in Anchor href — freescout 6.1 Medium2026-04-21
CVE-2025-41011 HTML injection in PHP Point Of Sale — PHP Point Of Sale 5.4AIMediumAI2026-04-21
CVE-2025-10354 Reflected Cross-Site Scripting (XSS) in Semantic MediaWiki — Semantic MediaWiki 6.1AIMediumAI2026-04-21
CVE-2026-3317 Reflected Cross-Site Scripting in Navigate CMS application — Navigate CMS 6.1AIMediumAI2026-04-21
CVE-2026-6712 Website LLMs.txt <= 8.2.6 - Authenticated (Admin+) Stored Cross-Site Scripting — Website LLMs.txt 4.4 Medium2026-04-21
CVE-2026-6711 Website LLMs.txt <= 8.2.6 - Reflected Cross-Site Scripting — Website LLMs.txt 6.1 Medium2026-04-21
CVE-2026-40497 FreeScout Vulnerable to CSS Injection via Stored Style Tag in Mailbox Signature (CSRF Token Exfiltration) — freescout 8.1 High2026-04-21
CVE-2026-5721 wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin <= 6.5.0.4 - Unauthenticated Stored Cross-Site Scripting via CSV/Excel Data Import — wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin 4.7 Medium2026-04-20

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21489 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.