Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21521

21521 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-68037 WordPress Export Media URLs plugin <= 2.2 - Reflected Cross Site Scripting (XSS) vulnerability — Export Media URLs 6.1AIMediumAI2026-02-20
CVE-2025-68031 WordPress افزونه پیامک حرفه ای فراز اس ام اس plugin <= 2.7.3 - Reflected Cross Site Scripting (XSS) vulnerability — افزونه پیامک حرفه ای فراز اس ام اس 7.1 High2026-02-20
CVE-2025-67984 WordPress NPS computy plugin <= 2.8.2 - Cross Site Scripting (XSS) vulnerability — NPS computy 7.1 High2026-02-20
CVE-2025-67990 WordPress GMap Targeting plugin <= 1.1.7 - Cross Site Scripting (XSS) vulnerability — GMap Targeting 7.1 High2026-02-20
CVE-2025-67991 WordPress User Extra Fields plugin <= 16.8 - Cross Site Scripting (XSS) vulnerability — User Extra Fields 7.1 High2026-02-20
CVE-2025-67978 WordPress Educare plugin <= 1.6.1 - Cross Site Scripting (XSS) vulnerability — Educare 7.1 High2026-02-20
CVE-2025-67972 WordPress Prague plugin <= 2.2.8 - Cross Site Scripting (XSS) vulnerability — Prague 7.1 High2026-02-20
CVE-2025-67971 WordPress FluentCart plugin < 1.3.0 - Cross Site Scripting (XSS) vulnerability — FluentCart 7.1 High2026-02-20
CVE-2025-60183 WordPress Silencesoft RSS Reader Plugin <= 0.6 - Cross Site Scripting (XSS) Vulnerability — Silencesoft RSS Reader 5.9 Medium2026-02-20
CVE-2025-53233 WordPress Storyform plugin <= 0.6.14 - Cross Site Scripting (XSS) Vulnerability — Storyform 7.1 High2026-02-20
CVE-2025-53237 WordPress WP Wizard Cloak Plugin <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability — WP Wizard Cloak 7.1 High2026-02-20
CVE-2025-53228 WordPress bbpress Simple Advert Units Plugin <= 0.41 - Cross Site Scripting (XSS) Vulnerability — bbpress Simple Advert Units 7.1 High2026-02-20
CVE-2025-53231 WordPress Easy Taxonomy Images plugin <= 1.0.1 - Cross Site Scripting (XSS) Vulnerability — Easy Taxonomy Images 7.1 High2026-02-20
CVE-2024-56208 WordPress NewsMash theme <= 1.0.71 - Cross Site Scripting (XSS) vulnerability — NewsMash 6.5 Medium2026-02-20
CVE-2024-52387 WordPress Master Addons plugin <= 2.0.9.9.4 - Cross Site Scripting (XSS) vulnerability — Master Addons for Elementor 5.9 Medium2026-02-20
CVE-2024-51915 WordPress LiteSpeed Cache plugin <= 6.5.2 - Cross Site Scripting (XSS) vulnerability — LiteSpeed Cache 6.5 Medium2026-02-20
CVE-2024-50452 WordPress Nexter Blocks plugin <= 3.3.3 - Cross Site Scripting (XSS) vulnerability — Nexter Blocks 6.5 Medium2026-02-20
CVE-2024-50555 WordPress Elementor Website Builder plugin <= 3.29.0 - Cross Site Scripting (XSS) vulnerability — Elementor Website Builder 6.5 Medium2026-02-20
CVE-2026-2486 Master Addons For Elementor <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ma_el_bh_table_btn_text' — Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits 6.4 Medium2026-02-20
CVE-2026-26370 WordPress plugin Survey Maker 跨站脚本漏洞 — Survey Maker 6.1AIMediumAI2026-02-20
CVE-2026-2825 rachelos WeRSS we-mp-rss Article fix.py fix_html cross site scripting — WeRSS we-mp-rss 3.5 Low2026-02-20
CVE-2026-26993 Flare has XSS vulnerability in Raw File Preview — Flare 4.6 Medium2026-02-20
CVE-2026-26992 LibreNMS has Stored Cross-Site Scripting via unsanitized /port-groups name — librenms 4.8 -2026-02-20
CVE-2026-2384 Quiz Maker <= 6.7.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Quiz Maker 6.4 Medium2026-02-20
CVE-2026-26991 LibreNMS vulnerable to Stored Cross-site Scripting through unsanitized /device-groups name — librenms 4.8 -2026-02-20
CVE-2026-27016 LibreNMS has Stored XSS in Custom OID - unit parameter missing strip_tags() — librenms 5.4 Medium2026-02-20
CVE-2026-26989 LibreNMS has Stored XSS in Alert Rule — librenms 4.3 Medium2026-02-20
CVE-2026-26987 LibreNMS affected by reflected XSS via email field — librenms 6.1 -2026-02-20
CVE-2026-27009 OpenClaw affected by Stored XSS in Control UI via unsanitized assistant name/avatar in inline script injection — openclaw 5.8 Medium2026-02-19
CVE-2025-9208 Stored-XSS vulnerability discovered in OpenText WSM Management Server. — Web Site Management Server 6.1AIMediumAI2026-02-19

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21521 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.