Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21520

21520 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-2721 MailArchiver <= 4.4.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings — MailArchiver 4.8 Medium2026-03-07
CVE-2026-1902 Hammas Calendar <= 1.5.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'apix' Shortcode Attribute — Hammas Calendar 6.4 Medium2026-03-07
CVE-2026-25073 XikeStor SKS8310-8X Stored XSS via System Name — XikeStor SKS8310-8X 5.4 -2026-03-07
CVE-2026-30238 Group-Office: Reflected XSS in JavaScript context — groupoffice 6.1 -2026-03-06
CVE-2026-30237 Group-Office: Self XSS in GroupOffice Installer License Page (install/license.php) — groupoffice 6.1 -2026-03-06
CVE-2026-29082 Kestra: Stored Cross-Site Scripting in Markdown File Preview — kestra 7.3 High2026-03-06
CVE-2024-35644 WordPress Preferred Languages plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability — Preferred Languages 5.9 Medium2026-03-06
CVE-2026-29183 SiYuan: Unauthenticated reflected SVG XSS in `/api/icon/getDynamicIcon` (`type=8`) enables arbitrary JavaScript execution — siyuan 9.3 Critical2026-03-06
CVE-2026-29048 HumHub: XSS in Button component — humhub 5.4 -2026-03-06
CVE-2026-29038 changedetection.io: Reflected XSS in RSS Tag Error Response — changedetection.io 6.1 Medium2026-03-06
CVE-2026-28683 Gokapi: Stored XSS in SVG Hotlinks — Gokapi 8.7 High2026-03-06
CVE-2026-28509 LangBot has a Cross Site Scripting(XSS) Vulnerability — LangBot 6.3 Medium2026-03-06
CVE-2025-59543 Chamilo: Account Takeover via Stored XSS in Course Description — chamilo-lms 9.1 Critical2026-03-06
CVE-2025-59542 Chamilo: Account Takeover via Stored XSS in Course Learning Paths — chamilo-lms 9.1 Critical2026-03-06
CVE-2025-55289 Chamilo: Stored Cross Site Scripting in Skills Argumentation — chamilo-lms 8.8 High2026-03-06
CVE-2026-3610 HSC Cybersecurity Mailinspector URL mliUserValidation.php cross site scripting — Mailinspector 4.3 Medium2026-03-06
CVE-2026-2593 Greenshift – animation and page builder blocks <= 12.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting — Greenshift – animation and page builder blocks 6.4 Medium2026-03-05
CVE-2025-55208 Chamilo LMS has Stored Cross Site Scripting on Social Networks Uploaded Files — chamilo-lms 9.1 Critical2026-03-05
CVE-2026-28436 Frappe: Stored XSS in avatar_macro.html — frappe 5.4 -2026-03-05
CVE-2026-28405 MarkUs: Stored XSS in Submission HTML Preview Enables Instructor-Context Actions — Markus 8.0 High2026-03-05
CVE-2026-28343 CKEditor: Cross-site scripting (XSS) in the HTML Support package — ckeditor5 6.4 Medium2026-03-05
CVE-2026-28222 Wagtail: Improper escaping of HTML (Cross-site Scripting) on TableBlock class attributes — wagtail 6.1 Medium2026-03-05
CVE-2026-28223 Wagtail: Improper escaping of HTML (Cross-site Scripting) in simple_translation admin interface — wagtail 6.1 Medium2026-03-05
CVE-2026-26276 Gogs: DOM-based XSS via milestone selection — gogs 7.3 High2026-03-05
CVE-2026-26195 Gogs: Stored XSS in branch and wiki views through author and committer names — gogs 5.4 -2026-03-05
CVE-2026-26022 Gogs: Stored XSS via data URI in issue comments — gogs 8.7 High2026-03-05
CVE-2026-28137 WordPress MediCenter - Health Medical Clinic WordPress Theme theme <= 14.9 - Reflected Cross Site Scripting (XSS) vulnerability — MediCenter - Health Medical Clinic 7.1 High2026-03-05
CVE-2026-28130 WordPress UDesign theme <= 4.14.0 - Reflected Cross Site Scripting (XSS) vulnerability — UDesign 7.1 High2026-03-05
CVE-2026-28127 WordPress Lawyer Directory plugin <= 1.3.2 - Cross Site Scripting (XSS) vulnerability — Lawyer Directory 7.1 High2026-03-05
CVE-2026-28126 WordPress RH Frontend Publishing Pro plugin < 4.3.4 - Cross Site Scripting (XSS) vulnerability — RH Frontend Publishing Pro 7.1 High2026-03-05

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21520 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.