Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21520

21520 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-27756 SODOLA SL902-SWTGW124AS <= 200.1.20 Reflected XSS in Management Interface — SODOLA SL902-SWTGW124AS 6.1 Medium2026-02-27
CVE-2026-3327 Authenticated DatoCMS Web Previews Plugin Iframe Injection — Web Previews 3.5 -2026-02-27
CVE-2025-11950 Reflected XSS in Knowhy's EduAsist — EduAsist 6.3 Medium2026-02-27
CVE-2026-24351 Stored XSS in PluXml CMS — PluXml CMS 4.8 -2026-02-27
CVE-2026-24350 Stored XSS in PluXml CMS — PluXml CMS 5.4 -2026-02-27
CVE-2026-1434 Reflected XSS in Omega-PSIR — Omega-PSIR 6.1 -2026-02-27
CVE-2025-14142 Electric Enquiries <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'button' Shortcode Attribute — Electric Enquiries 6.4 Medium2026-02-27
CVE-2026-2362 WP Accessibility <= 2.3.1 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via 'alt' Attribute — WP Accessibility 6.4 Medium2026-02-27
CVE-2026-2383 Simple Download Monitor <= 4.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Field — Simple Download Monitor 6.4 Medium2026-02-27
CVE-2025-14149 Xpro Addons — 140+ Widgets for Elementor <= 1.4.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Scroller Widget box link — Xpro Addons — 140+ Widgets for Elementor 6.4 Medium2026-02-27
CVE-2025-14040 Automotive Car Dealership Business WordPress Theme <= 13.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Call to Action Fields — Automotive Car Dealership Business WordPress Theme 6.4 Medium2026-02-27
CVE-2026-3302 SourceCodester Doctor Appointment System Sign Up register.php cross site scripting — Doctor Appointment System 4.3 Medium2026-02-27
CVE-2026-28280 `osctrl-admin` has Stored Cross-Site Scripting (XSS) in On-Demand Query List — osctrl 6.1 Medium2026-02-26
CVE-2026-28274 Initiative Vulnerable to Token Theft via Stored XSS in Document Uploads — initiative 8.7 High2026-02-26
CVE-2026-27154 Discourse has XSS when editing a malicious post — discourse 5.4AIMediumAI2026-02-26
CVE-2026-2680 Multiple vulnerabilities in A3factura software — A3factura 6.1AIMediumAI2026-02-26
CVE-2026-2679 Multiple vulnerabilities in A3factura software — A3factura 6.1AIMediumAI2026-02-26
CVE-2026-2678 Multiple vulnerabilities in A3factura software — A3factura 6.1AIMediumAI2026-02-26
CVE-2026-2677 Multiple vulnerabilities in A3factura software — A3factura 6.1AIMediumAI2026-02-26
CVE-2025-14343 Reflected XSS in Dokuzsoft Technology's E-Commerce Product — E-Commerce Product 7.6 High2026-02-26
CVE-2025-64999 Cross-site scripting in HTML logs of Synthetic Monitoring test services — Checkmk 6.1AIMediumAI2026-02-26
CVE-2026-28083 WordPress Flatsome theme <= 3.20.5 - Cross Site Scripting (XSS) vulnerability — Flatsome 6.5 Medium2026-02-26
CVE-2026-1696 Missing security HTTP headers — PcVue 6.5AIMediumAI2026-02-26
CVE-2026-1695 XSS vulnerability upon unsuccessful authentication — PcVue 6.1AIMediumAI2026-02-26
CVE-2026-27974 Audiobooksheld VUlnerable to Stored XSS in WrappingMarquee.js via Audiobook Metadata (Mobile App Audio Player) — audiobookshelf-app 4.8 Medium2026-02-26
CVE-2026-27963 Audiobookshelf has Stored XSS in Tooltip.vue via Audiobook Metadata — audiobookshelf 4.8 Medium2026-02-26
CVE-2026-27973 Audiobookshelf has Stored XSS in ItemSearchCard.vue via Audiobook Metadata (Search Results on Mobile App) — audiobookshelf 4.0 Medium2026-02-26
CVE-2026-27970 Angular i18n vulnerable to Cross-Site Scripting (XSS) — angular 6.1AIMediumAI2026-02-26
CVE-2026-27948 Copyparty vulnerable to eflected cross-site scripting via setck parameter — copyparty 5.4 Medium2026-02-26
CVE-2026-2499 Custom Logo <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via Logo Path Setting — Custom Logo 4.4 Medium2026-02-26

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21520 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.