Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21520

21520 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-2498 WP Social Meta <= 1.0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings — WP Social Meta 4.4 Medium2026-02-26
CVE-2026-2489 TP2WP Importer <= 1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Watched domains' Textarea — TP2WP Importer 4.4 Medium2026-02-26
CVE-2026-2029 Livemesh Addons for Beaver Builder <= 3.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' and 'value' Shortcode Attributes — Livemesh Addons for Beaver Builder 6.4 Medium2026-02-26
CVE-2026-2506 EM Cost Calculator <= 2.3.1 - Unauthenticated Stored Cross-Site Scripting via 'customer_name' — EM Cost Calculator 6.1 Medium2026-02-26
CVE-2026-27902 Svelte Vulnerable to XSS via HTML Comment Injection in SSR Error Boundary Hydration Markers — svelte 6.1AIMediumAI2026-02-26
CVE-2026-27901 Svelte vulnerable to XSS during SSR with contenteditable `bind:innerText` and `bind:textContent` — svelte 6.1AIMediumAI2026-02-26
CVE-2026-27616 Vikunja Vulnerable to Stored Cross-Site Scripting (XSS) via Unsanitized SVG Attachment Upload Leading to Token Exposure — vikunja 7.3 High2026-02-25
CVE-2026-27116 Vikunja has Reflected HTML Injection via filter Parameter in Projects Module — vikunja 6.1 Medium2026-02-25
CVE-2026-0752 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLab 8.0 High2026-02-25
CVE-2026-25736 Rucio WebUI has a Stored Cross-site Scripting (XSS) Vulnerability in its Custom RSE Attribute — rucio 6.1 Medium2026-02-25
CVE-2026-25735 Rucio WebUI has a Stored Cross-site Scripting (XSS) vulnerability its Identity Name — rucio 6.1 Medium2026-02-25
CVE-2026-25734 Rucio WebUI has Stored Cross-site Scripting (XSS) in RSE Metadata — rucio 6.1 Medium2026-02-25
CVE-2026-22720 VMware Aria Operations stored cross-site scripting vulnerability — VMware Aria Operations 8.0 High2026-02-25
CVE-2026-25733 Rucio WebUI Vulnerable to Stored Cross-site Scripting (XSS) through Custom Rule Function — rucio 7.3 High2026-02-25
CVE-2026-25136 Rucio WebUI has a Reflected Cross-site Scripting Vulnerability — rucio 8.1 High2026-02-25
CVE-2026-25743 OpenEMR has Stored XSS in Questionnaire answers — openemr 5.4AIMediumAI2026-02-25
CVE-2026-20091 Cisco UCS Manager and FXOS Software Stored Cross-Site Scripting Vulnerability — Cisco Firepower Extensible Operating System (FXOS) 4.8 Medium2026-02-25
CVE-2026-2367 Secure Copy Content Protection and Content Locking <= 5.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attribute — Secure Copy Content Protection and Content Locking 6.4 Medium2026-02-25
CVE-2026-3171 SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System queue.php cross site scripting — Patients Waiting Area Queue Management System 3.5 Low2026-02-25
CVE-2026-3170 SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System patient-search.php cross site scripting — Patients Waiting Area Queue Management System 2.4 Low2026-02-25
CVE-2026-1614 Rise Blocks – A Complete Gutenberg Page Builder <= 3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Site Identity Block Attributes — Rise Blocks – A Complete Gutenberg Page Builder 6.4 Medium2026-02-25
CVE-2026-27645 changedetection.io Vulnerable to Reflected XSS in RSS Single Watch Error Response — changedetection.io 6.1 Medium2026-02-25
CVE-2026-27627 Karakeep's Reddit plugin content bypasses DOMPurify sanitization, enabling stored XSS — karakeep 8.2 High2026-02-25
CVE-2026-27639 Mercator vulnerable to stored XSS via unescaped Blade directives in display templates — mercator 5.4AIMediumAI2026-02-25
CVE-2026-27746 SPIP jeux < 4.1.1 Reflected XSS via index Parameters — jeux 6.1 Medium2026-02-25
CVE-2026-27612 Repostat Vulnerable to Reflected Cross-Site Scripting (XSS) via repo prop in RepoCard — repostat 6.1 Medium2026-02-25
CVE-2026-27621 TypiCMS Core has Stored Cross-Site Scripting (XSS) via SVG File Upload — Core 5.4AIMediumAI2026-02-25
CVE-2026-27614 Bugsink is vulnerable to Stored XSS via Pygments fallback in stacktrace rendering — bugsink 9.3 Critical2026-02-25
CVE-2026-27822 Rust has Critical Stored XSS in Preview Modal, leading to Administrative Account Takeover — rustfs 9.1 Critical2026-02-25
CVE-2025-69231 OpenEMR has a Stored XSS in GAD-7 Form that Enables Session Hijacking and Privilege Escalation — openemr 8.7 High2026-02-25

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21520 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.