Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21520

21520 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-31879 Frappe Workspace modification and stored XSS due to improper resource ownership checks — frappe 5.4AIMediumAI2026-03-11
CVE-2026-31876 Notesnook has Stored XSS via unsanitized Twitter/X embed URL in editor (`tweetToEmbed`) — notesnook 5.4 Medium2026-03-11
CVE-2026-31868 Parse Server has Stored XSS via file upload of HTML-renderable file types — parse-server 7.6AIHighAI2026-03-11
CVE-2026-31859 Craft has Reflective XSS via incomplete return URL sanitization — cms 6.1AIMediumAI2026-03-11
CVE-2026-20117 Multiple Cisco Contact Center Products Cross-Site Scripting Vulnerabilities — Cisco Unified Contact Center Express 6.1 Medium2026-03-11
CVE-2026-20116 Multiple Cisco Contact Center Products Cross-Site Scripting Vulnerabilities — Cisco Unified Contact Center Express 6.1 Medium2026-03-11
CVE-2026-20162 Stored Cross-Site Scripting (XSS) through Path Traversal in Splunk Enterprise — Splunk Enterprise 6.3 Medium2026-03-11
CVE-2026-30235 Business Logic Error on OpenProject through hyperlinks in markdown using DOM clobbering — openproject 6.5 Medium2026-03-11
CVE-2026-1090 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLab 8.7 High2026-03-11
CVE-2026-3946 PHPEMS index.php cross site scripting — PHPEMS 3.5 Low2026-03-11
CVE-2026-3178 Name Directory <= 1.32.1 - Unauthenticated Stored Cross-Site Scripting via 'name_directory_name' — Name Directory 7.2 High2026-03-11
CVE-2026-3231 Checkout Field Editor (Checkout Manager) for WooCommerce <= 2.1.7 - Unauthenticated Stored Cross-Site Scripting via Block Checkout Custom Radio Field — Checkout Field Editor (Checkout Manager) for WooCommerce 7.2 High2026-03-11
CVE-2026-3492 Gravity Forms <= 2.9.28.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Form Title — Gravity Forms 6.4 Medium2026-03-11
CVE-2026-1454 Responsive Contact Form Builder & Lead Generation Plugin <= 2.0.1 - Unauthenticated Stored Cross-Site Scripting — Lead Form Builder & Contact Form 7.2 High2026-03-11
CVE-2026-3534 Astra <= 4.12.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta — Astra 6.4 Medium2026-03-11
CVE-2026-3825 WellChoose|IFTOP - Reflected Cross-site Scripting — IFTOP 6.1 Medium2026-03-11
CVE-2026-2707 weForms <= 1.6.27 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Hidden Field Value via REST API — weForms – Easy Drag & Drop Contact Form Builder For WordPress 6.4 Medium2026-03-11
CVE-2026-2358 WP ULike <= 5.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attribute — WP ULike – Like & Dislike Buttons for Engagement and Feedback 6.4 Medium2026-03-11
CVE-2026-3884 spin.js 安全漏洞 — spin.js 6.1 Medium2026-03-11
CVE-2026-21291 Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79) — Adobe Commerce 4.8 Medium2026-03-11
CVE-2026-21284 Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79) — Adobe Commerce 8.1 High2026-03-11
CVE-2026-21292 Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79) — Adobe Commerce 5.4 Medium2026-03-11
CVE-2026-21290 Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79) — Adobe Commerce 8.7 High2026-03-11
CVE-2026-21361 Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79) — Adobe Commerce 8.1 High2026-03-11
CVE-2026-21311 Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79) — Adobe Commerce 8.0 High2026-03-11
CVE-2025-12473 RTMKit <= 1.6.8 - Reflected Cross-Site Scripting via 'themebuilder' Parameter — RTMKit 6.1 Medium2026-03-11
CVE-2026-27241 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) — Adobe Experience Manager 5.4 Medium2026-03-11
CVE-2026-27244 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) — Adobe Experience Manager 5.4 Medium2026-03-11
CVE-2026-27255 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) — Adobe Experience Manager 5.4 Medium2026-03-11
CVE-2026-27251 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) — Adobe Experience Manager 5.4 Medium2026-03-11

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21520 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.