Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21489

21489 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-4852 Image Source Control Lite – Show Image Credits and Captions <= 3.9.1 - Authenticated (Author+) Stored Cross-Site Scripting via 'Image Source' Field — Image Source Control Lite – Show Image Credits and Captions 6.4 Medium2026-04-20
CVE-2026-23753 GFI HelpDesk < 4.99.9 Stored XSS via charset Parameter — HelpDesk 4.8 Medium2026-04-20
CVE-2026-23752 GFI HelpDesk < 4.99.9 Stored XSS via companyname Parameter — HelpDesk 4.8 Medium2026-04-20
CVE-2026-23756 GFI HelpDesk < 4.99.9 Stored XSS via Troubleshooter Step Subject — HelpDesk 5.4 Medium2026-04-20
CVE-2026-23758 GFI HelpDesk < 4.99.9 Stored XSS via editsubject Parameter — HelpDesk 5.4AIMediumAI2026-04-20
CVE-2026-23757 GFI HelpDesk < 4.99.10 Stored XSS via Reports Module — HelpDesk 5.4 Medium2026-04-20
CVE-2026-6651 erponline.xyz ERP Online Inventory Edit Item cross site scripting — ERP Online 2.4 Low2026-04-20
CVE-2026-34429 Vvveb < 1.0.8.1 Stored XSS via Media Upload and Rename — Vvveb 5.4 Medium2026-04-20
CVE-2026-6648 Qibo CMS Internal Message cross site scripting — CMS 3.5 Low2026-04-20
CVE-2026-6633 Yifang CMS Extended Management L_rbac_admin.php store cross site scripting — CMS 3.5 Low2026-04-20
CVE-2026-6624 BichitroGan ISP Billing Software Pool List add cross site scripting — ISP Billing Software 2.4 Low2026-04-20
CVE-2026-6623 BichitroGan ISP Billing Software Profile users-view cross site scripting — ISP Billing Software 2.4 Low2026-04-20
CVE-2026-6622 BichitroGan ISP Billing Software Customer edit cross site scripting — ISP Billing Software 2.4 Low2026-04-20
CVE-2026-6619 langgenius dify ImagePreview image-preview.tsx openInNewTab cross site scripting — dify 3.5 Low2026-04-20
CVE-2026-32963 Silex SD-330AC和Silex AMC Manager 安全漏洞 — SD-330AC 6.1AIMediumAI2026-04-20
CVE-2026-6600 langflow-ai langflow Frontend React Component Rendering edit-message.tsx cross site scripting — langflow 3.5 Low2026-04-20
CVE-2026-6593 ComfyUI View Endpoint server.py cross site scripting — ComfyUI 3.5 Low2026-04-20
CVE-2026-6592 ComfyUI userdata Endpoint user_manager.py getuserdata cross site scripting — ComfyUI 3.5 Low2026-04-20
CVE-2026-6559 Wavlink WL-WN579A3 login.cgi sub_401F80 cross site scripting — WL-WN579A3 4.3 Medium2026-04-19
CVE-2026-0868 EMC Scheduling Manager <= 4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via calendly Shortcode — EMC – Easily Embed Calendly Scheduling 6.4 Medium2026-04-19
CVE-2026-2986 Contextual Related Posts <= 4.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'other_attributes' — Contextual Related Posts 6.4 Medium2026-04-18
CVE-2026-2505 Categories Images <= 3.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'z_taxonomy_image' Shortcode — Categories Images 5.4 Medium2026-04-18
CVE-2026-0894 Content Blocks (Custom Post Widget) <= 3.3.9 - Authenticated (Author+) Stored Cross-Site Scripting via content_block Shortcode — Content Blocks (Custom Post Widget) 6.4 Medium2026-04-18
CVE-2026-6048 Flipbox Addon for Elementor <= 2.1.1 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Attributes — Flipbox Addon for Elementor 6.4 Medium2026-04-18
CVE-2026-4801 Page Builder Gutenberg Blocks <= 3.1.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via External iCal Feed Data — Page Builder Gutenberg Blocks – CoBlocks 6.4 Medium2026-04-18
CVE-2026-1559 Youzify <= 1.3.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'checkin_place_id' Parameter — Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress 6.4 Medium2026-04-18
CVE-2026-1838 Hostel <= 1.1.6 - Reflected Cross-Site Scripting via 'shortcode_id' Parameter — Hostel 6.1 Medium2026-04-18
CVE-2026-40487 Postiz Has Unrestricted File Upload via MIME Type Spoofing that Leads to Stored XSS — postiz-app 8.9 High2026-04-18
CVE-2026-40593 ChurchCRM: Stored XSS in UserEditor.php via Login Name Field — CRM 4.8 Medium2026-04-18
CVE-2026-40483 ChurchCRM: Stored XSS in PledgeEditor.php via Donation Comment Field — CRM 5.4 Medium2026-04-17

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21489 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.