Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21520

21520 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-22455 WordPress Thebe theme <= 1.3.0 - Reflected Cross Site Scripting (XSS) vulnerability — Thebe 7.1 High2026-03-05
CVE-2026-22438 WordPress TheBi theme <= 1.0.5 - Reflected Cross Site Scripting (XSS) vulnerability — TheBi 7.1 High2026-03-05
CVE-2026-22440 WordPress Thecs theme <= 1.4.7 - Reflected Cross Site Scripting (XSS) vulnerability — Thecs 7.1 High2026-03-05
CVE-2025-69343 WordPress Theater for WordPress plugin <= 0.19 - Cross Site Scripting (XSS) vulnerability — Theater for WordPress 6.5 Medium2026-03-05
CVE-2026-29052 HumHub Calendar Module: Stored XSS in Event Types — calendar 5.4 -2026-03-05
CVE-2026-3034 OoohBoi Steroids for Elementor <= 2.1.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple URL Controls — OoohBoi Steroids for Elementor 6.4 Medium2026-03-05
CVE-2026-2365 Fluent Forms Pro <= 6.1.17 - Unauthenticated Stored Cross-Site Scripting via Draft Form Submission — Fluent Forms Pro Add On Pack 7.2 High2026-03-05
CVE-2025-66024 XWiki Blog Application home page vulnerable to Stored XSS via Post Title — application-blog-ui 5.4AIMediumAI2026-03-04
CVE-2026-20102 Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software SAML Reflected Cross-Site Scripting Vulnerability — Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 6.1 Medium2026-03-04
CVE-2026-20149 Cisco Webex 跨站脚本漏洞 — Cisco Webex Meetings 6.1 Medium2026-03-04
CVE-2019-25502 Simple Job Script Cross-Site Scripting via job_type_value Parameter — Simple Job Script 6.1 Medium2026-03-04
CVE-2025-40895 HTML injection in Sensor Map in CMC before 25.6.0 — CMC 4.8 Medium2026-03-04
CVE-2025-40894 HTML injection in Alerted Nodes Dashboard in Guardian/CMC before 25.6.0 — Guardian 4.4 Medium2026-03-04
CVE-2026-2355 My Calendar – Accessible Event Manager <= 3.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — My Calendar – Accessible Event Manager 6.4 Medium2026-03-04
CVE-2026-1706 All-in-One Video Gallery <= 4.7.1 - Reflected Cross-Site Scripting via 'vi' Parameter — All-in-One Video Gallery 6.1 Medium2026-03-04
CVE-2026-1236 Envira Gallery for WordPress <= 1.12.3 - Authenticated (Author+) Stored Cross-Site Scripting via 'justified_gallery_theme' Parameter via REST API — Envira Gallery – Image Photo Gallery, Albums, Video Gallery, Slideshows & More 6.4 Medium2026-03-04
CVE-2026-28772 Reflected XSS in IDC_Logging Index endpoint — SFX Series SuperFlex SatelliteReceiver Web Management Interface 6.1AIMediumAI2026-03-04
CVE-2026-28771 Reflected XSS In /index.cgi Endpoint On IDC Satellite Receiver Web Management Interface Version 101 — SFX Series SuperFlex Satellite Receiver Web Management Interface 6.1AIMediumAI2026-03-04
CVE-2026-3240 Concrete CMS below 9.4.8 is vulnerable to Stored XSS via Legacy form — Concrete CMS 5.4 -2026-03-04
CVE-2026-3241 Concrete CMS below version 9.4.8 is vulnerable to a stored cross-site scripting (XSS) in the "Legacy Form" block. — Concrete CMS 4.8 -2026-03-04
CVE-2026-3242 Concrete CMS below 9.4.8 is vulnerable to Stored XSS in the Switch Language block — Concrete CMS 4.8 -2026-03-04
CVE-2026-3244 Concrete CMS below version 9.4.8 is vulnerable to Stored XSS in Search Results via Page Names — Concrete CMS 4.8 -2026-03-04
CVE-2026-2292 Morkva UA Shipping <= 1.7.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Weight, kg' Field — Morkva UA Shipping 4.4 Medium2026-03-04
CVE-2026-2289 Taskbuilder <= 5.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Block Emails' Field — Taskbuilder – Project Management & Task Management Tool With Kanban Board 4.4 Medium2026-03-04
CVE-2026-1945 WPBookit <= 1.0.8 - Unauthenticated Stored Cross-Site Scripting via 'wpb_user_name' and 'wpb_user_email' Parameters — WPBookit 7.2 High2026-03-04
CVE-2026-26272 HomeBox affected by Stored XSS via HTML/SVG Attachment Upload — homebox 4.6 Medium2026-03-03
CVE-2026-26266 AliasVault affected by Cross-Site Scripting (XSS) via Email HTML Rendering — aliasvault 9.3 Critical2026-03-03
CVE-2026-25590 GLPI Inventory Plugin has Reflected XSS in task jobs — glpi-inventory-plugin 4.5 Medium2026-03-03
CVE-2026-24415 OpenSTAManager affected by reflected XSS in modifica_iva.php via righe parameter — openstamanager 6.1AIMediumAI2026-03-03
CVE-2026-21866 Dify - Stored XSS in chat — dify 5.4AIMediumAI2026-03-03

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21520 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.