Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21520

21520 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-0540 DOMPurify XSS via Missing Rawtext Elements in SAFE_FOR_XML — DOMPurify 6.1 Medium2026-03-03
CVE-2025-15599 DOMPurify XSS via Textarea Rawtext Bypass in SAFE_FOR_XML — DOMPurify 6.1 Medium2026-03-03
CVE-2026-3343 WatchGuard Firebox Reflected Cross-Site-Scripting (XSS) Vulnerability in Fireware Web UI — Fireware OS 6.1AIMediumAI2026-03-03
CVE-2026-2568 WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms <= 1.1.5 - Unauthenticated Stored Cross-Site Scripting — WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms 7.2 High2026-03-03
CVE-2026-3455 mailparser 安全漏洞 — mailparser 6.1 Medium2026-03-03
CVE-2026-2583 Blocksy <= 2.1.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via `blocksy_meta` Fields — Blocksy 6.4 Medium2026-03-02
CVE-2026-28401 NocoDB: Stored Cross-Site Scripting via Rich Text Cells — nocodb 5.4AIMediumAI2026-03-02
CVE-2026-28398 NocoDB: Stored Cross-Site Scripting via Comments and Rich Text Cells — nocodb 5.4AIMediumAI2026-03-02
CVE-2026-28397 NocoDB: Stored Cross-Site Scripting via Comments — nocodb 5.4AIMediumAI2026-03-02
CVE-2026-28359 NocoDB: Stored Cross-Site Scripting via Rich Text Field — nocodb 5.4AIMediumAI2026-03-02
CVE-2026-28357 NocoDB: Stored Cross-Site Scripting via Formula Cell — nocodb 5.4AIMediumAI2026-03-02
CVE-2025-52563 Chamilo: Reflected XSS via page parameter — chamilo-lms 6.1AIMediumAI2026-03-02
CVE-2025-52475 Chamilo: Reflected XSS via keyword_inactive parameter — chamilo-lms 6.1AIMediumAI2026-03-02
CVE-2025-52476 Chamilo: Reflected XSS via keyword_active parameter — chamilo-lms 6.1AIMediumAI2026-03-02
CVE-2025-52470 Chamilo: Stored Cross-Site Scripting (XSS) via Session Category Name — chamilo-lms 4.8 Medium2026-03-02
CVE-2025-52468 Chamilo: Stored XSS Vulnerability via CSV User Import — chamilo-lms 8.8 High2026-03-02
CVE-2025-52482 Chamilo: Stored XSS in glossary function via /main/glossary/index.php trigger in /main/tracking/course_log_resources.php — chamilo-lms 8.3 High2026-03-02
CVE-2025-50186 Chamilo: Stored XSS via Malicious CSV Filename in user_import.php — chamilo-lms 4.8 Medium2026-03-02
CVE-2026-3412 itsourcecode University Management System att_single_view.php cross site scripting — University Management System 4.3 Medium2026-03-02
CVE-2026-3403 PHPGurukul Student Record Management System edit-subject.php cross site scripting — Student Record Management System 2.4 Low2026-03-02
CVE-2026-3402 PHPGurukul Student Record Management System edit-course.php cross site scripting — Student Record Management System 2.4 Low2026-03-02
CVE-2026-28561 wpForo Forum 2.4.14 Stored XSS via Unescaped Forum Description in Templates — wpForo Forum 5.5 Medium2026-02-28
CVE-2026-28560 wpForo Forum 2.4.14 Stored XSS via Unsafe JSON Encoding in Inline Script — wpForo Forum 5.5 Medium2026-02-28
CVE-2026-28558 wpForo Forum 2.4.14 Stored XSS via SVG Avatar File Upload — wpForo Forum 6.4 Medium2026-02-28
CVE-2026-3010 TimePictra Stored Cross-Site Scripting — TimePictra 6.1 -2026-02-28
CVE-2026-28426 Statamic vulnerable to privilege escalation via stored cross-site scripting — cms 8.7 High2026-02-27
CVE-2026-28355 "PWA" Canarytoken Vulnerable to Stored Self Cross-Site Scripting — canarytokens 6.1 -2026-02-27
CVE-2026-28338 PMD Designer has Stored XSS in VBHTMLRenderer and YAHTMLRenderer via unescaped violation messages — pmd 6.8 Medium2026-02-27
CVE-2026-28272 Kiteworks Email Protection Gateway has a Cross-site Scripting vulnerability — security-advisories 8.1 High2026-02-27
CVE-2026-26997 ClipBucket v5 has Stored XSS via Collection name — clipbucket-v5 5.4 -2026-02-27

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21520 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.