CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21521

21521 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-2932	YiFang CMS Extended Management D_adPosition.php update cross site scripting — CMS	2.4	Low	2026-02-22
CVE-2026-2897	funadmin Backend index.html cross site scripting — funadmin	2.4	Low	2026-02-22
CVE-2026-27469	Isso: Stored XSS via comment website field — isso	6.1	Medium	2026-02-21
CVE-2026-27210	Pannellum has a XSS vulnerability in hot spot attributes — pannellum	6.1^AI	Medium^AI	2026-02-21
CVE-2026-27196	Statamic affected by privilege escalation via stored Cross-site Scripting — cms	8.1	High	2026-02-21
CVE-2026-27169	OpenSift: Persistent XSS Chat Tool Rendering — OpenSift	8.9	High	2026-02-20
CVE-2026-27147	GetSimple CMS: Stored Cross-Site Scripting (XSS) via SVG File Upload (Authenticated) — GetSimpleCMS-CE	5.4^AI	Medium^AI	2026-02-20
CVE-2019-25454	phpMoAdmin 1.1.5 Stored Cross-Site Scripting via collection Parameter — phpMoAdmin	6.1	Medium	2026-02-20
CVE-2019-25453	phpMoAdmin 1.1.5 Reflected Cross-Site Scripting via moadmin.php — phpMoAdmin	6.1	Medium	2026-02-20
CVE-2019-25449	OrientDB 3.0.17 Reflected Cross-Site Scripting via document endpoint — OrientDB	6.1	Medium	2026-02-20
CVE-2019-25448	OrientDB 3.0.17 Stored Cross-Site Scripting via User Creation — OrientDB	6.4	Medium	2026-02-20
CVE-2026-27122	Svelte SSR does not validate dynamic element tag names in `<svelte:element>` — svelte	6.1	-	2026-02-20
CVE-2026-27121	Svelte affected by cross-site scripting via spread attributes in Svelte SSR — svelte	6.1	-	2026-02-20
CVE-2026-27119	Svelte affected by XSS in SSR `<option>` element — svelte	6.1	-	2026-02-20
CVE-2026-27020	Photobooth has a XSS vulnerability in user input — photobooth	6.1^AI	Medium^AI	2026-02-20
CVE-2025-62326	HCL Digital Experience is susceptible to stored cross-site scripting (XSS) — Digital Experience	6.1	Medium	2026-02-20
CVE-2026-2472	Stored Cross-Site Scripting (XSS) in Vertex AI Python SDK Visualization — Vertex AI SDK for Python	6.1^AI	Medium^AI	2026-02-20
CVE-2019-25445	Fiverr Clone Script 1.2.2 Cross-Site Scripting via search-results.php — Fiverr Clone Script	6.1	Medium	2026-02-20
CVE-2026-27506	SVXportal <= 2.5 Profile Update Stored XSS — SVXportal	6.1	Medium	2026-02-20
CVE-2026-27505	SVXportal <= 2.5 admin/user_action.php Stored XSS — SVXportal	6.1	Medium	2026-02-20
CVE-2026-27504	SVXportal <= 2.5 radiomobile_front.php stationid Reflected XSS — SVXportal	6.1	Medium	2026-02-20
CVE-2026-27503	SVXportal <= 2.5 admin/log.php Search Reflected XSS — SVXportal	6.1	Medium	2026-02-20
CVE-2026-27502	SVXportal <= 2.5 log.php Search Reflected XSS — SVXportal	6.1	Medium	2026-02-20
CVE-2025-15583	detronetdip E-commerce function.php get_safe_value cross site scripting — E-commerce	3.5	Low	2026-02-20
CVE-2026-24955	WordPress Whizz Plugins plugin <= 1.9 - Reflected Cross Site Scripting (XSS) vulnerability — Whizz Plugins	7.1	High	2026-02-20
CVE-2026-27072	WordPress PixelYourSite – Your smart PIXEL (TAG) Manager plugin <= 11.2.0.1 - Cross Site Scripting (XSS) vulnerability — PixelYourSite – Your smart PIXEL (TAG) Manager	7.1	High	2026-02-20
CVE-2026-24948	WordPress Reflector plugin <= 1.2.2 - Reflected Cross Site Scripting (XSS) vulnerability — Reflector	7.1	High	2026-02-20
CVE-2026-24949	WordPress PhotoMe theme <= 5.7.1 - Cross Site Scripting (XSS) vulnerability — PhotoMe	7.1	High	2026-02-20
CVE-2026-24943	WordPress Grand Conference theme <= 5.3.4 - Reflected Cross Site Scripting (XSS) vulnerability — Grand Conference	7.1	High	2026-02-20
CVE-2026-22357	WordPress Link Whisper Free plugin <= 0.9.2 - Cross Site Scripting (XSS) vulnerability — Link Whisper Free	7.1	High	2026-02-20

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21521 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21521