CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21520

21520 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-4354	TRENDnet TEW-824DRU Web apply_sec.cgi sub_420A78 cross site scripting — TEW-824DRU	3.5	Low	2026-03-17
CVE-2026-32840	Edimax GS-5008PL <= 1.00.54 Stored XSS via Device Name — Edimax GS-5008PL	5.4	Medium	2026-03-17
CVE-2025-62320	HTML Injection Leading to Data Exfiltration to External Server vulnerability affects HCL Unica Platform — Sametime	4.7	Medium	2026-03-17
CVE-2026-30882	Chamilo LMS: Reflected XSS in the session category listing page — chamilo-lms	6.1	Medium	2026-03-16
CVE-2026-29510	Hereta ETH-IMC408M Stored XSS via Device Name — Hereta ETH-IMC408M	5.4	Medium	2026-03-16
CVE-2026-29513	Hereta ETH-IMC408M Stored XSS via Device Location — Hereta ETH-IMC408M	5.4	Medium	2026-03-16
CVE-2026-29520	Hereta ETH-IMC408M Reflected XSS via ping_ipaddr Parameter — Hereta ETH-IMC408M	6.1	Medium	2026-03-16
CVE-2025-2274	Stored Cross Site Scripting in Forcepoint Web Security — Web Security (On-Prem)	5.4^AI	Medium^AI	2026-03-16
CVE-2026-25369	WordPress Flexmls® IDX plugin <= 3.15.9 - Reflected Cross Site Scripting (XSS) vulnerability — Flexmls® IDX	7.1	High	2026-03-16
CVE-2025-69245	Reflected XSS in Raytha CMS — Raytha	6.1	-	2026-03-16
CVE-2025-69242	Reflected XSS in Raytha CMS — Raytha	6.1	-	2026-03-16
CVE-2025-69241	Stored XSS in Raytha CMS — Raytha	5.4	-	2026-03-16
CVE-2025-69237	Stored XSS in Raytha CMS — Raytha	5.4	-	2026-03-16
CVE-2025-69236	Stored XSS in Raytha CMS — Raytha	5.4	-	2026-03-16
CVE-2026-3024	Stored Cross-Site Scripting (XSS) vulnerability in the Wakyma application web — Wakyma application web	5.4^AI	Medium^AI	2026-03-16
CVE-2026-4225	CMS Made Simple User Management listusers.php cross site scripting — CMS Made Simple	2.4	Low	2026-03-16
CVE-2026-4186	UEditor JSONP Callback controller.php cross site scripting — UEditor	3.5	Low	2026-03-15
CVE-2017-20219	Serviio PRO 1.8 DOM-based Cross-Site Scripting via mediabrowser — Serviio PRO	6.1	Medium	2026-03-15
CVE-2016-20036	Wowza Streaming Engine 4.5.0 Multiple Cross-Site Scripting Vulnerabilities — Wowza Streaming Engine	6.1	Medium	2026-03-15
CVE-2015-20119	RealtyScript 4.0.2 Stored Cross-Site Scripting via text Parameter in pages.php — RealtyScript	6.4	Medium	2026-03-15
CVE-2015-20118	RealtyScript 4.0.2 Stored Cross-Site Scripting via location_name Parameter — RealtyScript	7.2	High	2026-03-15
CVE-2015-20115	RealtyScript 4.0.2 Stored Cross-Site Scripting via File Upload Parameter — RealtyScript	7.2	High	2026-03-15
CVE-2015-20116	RealtyScript 4.0.2 Stored Cross-Site Scripting via CSV File Upload Filename — RealtyScript	6.1	Medium	2026-03-15
CVE-2015-20114	RealtyScript 4.0.2 Cross-Site Scripting via Multiple Parameters — RealtyScript	6.1	Medium	2026-03-15
CVE-2013-20006	Qool CMS Multiple Persistent Cross-Site Scripting Vulnerabilities — Qool CMS	7.5	High	2026-03-15
CVE-2013-20005	Qool CMS 2.0 RC2 Cross-Site Request Forgery via adduser — Qool CMS	5.3	Medium	2026-03-15
CVE-2016-20032	ZKTeco ZKAccess Security System 5.3.1 Stored XSS — ZKTeco ZKAccess Security System	7.2	High	2026-03-15
CVE-2016-20027	ZKTeco ZKBioSecurity 3.0 Multiple Reflected XSS Vulnerabilities — ZKTeco ZKBioSecurity	6.1	Medium	2026-03-15
CVE-2026-4175	Aureus ERP Chatter Message content-text-entry.blade.php cross site scripting — ERP	3.5	Low	2026-03-15
CVE-2026-4169	Tecnick TCExam XML Export tce_xml_users.php F_xml_export_users cross site scripting — TCExam	2.4	Low	2026-03-15

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21520 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21520