Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21524

21524 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-0557 WP Data Access <= 5.5.63 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpda_app' Shortcode — WP Data Access – App Builder for Tables, Forms, Charts, Maps & Dashboards 6.4 Medium2026-02-14
CVE-2026-1795 Address Bar Ads <= 1.0.0 - Reflected Cross-Site Scripting — Address Bar Ads 6.1 Medium2026-02-14
CVE-2026-1903 Ravelry Designs Widget <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sb_ravelry_designs' Shortcode 'layout' Attribute — Ravelry Designs Widget 6.4 Medium2026-02-14
CVE-2026-1939 Percent to Infograph <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — Percent to Infograph 6.4 Medium2026-02-14
CVE-2026-1792 Geo Widet <= 1.0 - Reflected Cross-Site Scripting — Geo Widget 6.1 Medium2026-02-14
CVE-2026-1901 QuestionPro Surveys <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — QuestionPro Surveys 6.4 Medium2026-02-14
CVE-2026-0751 Payment Page | Payment Form for Stripe <= 1.4.6 - Authenticated (Author+) Stored Cross-Site Scripting via 'pricing_plan_select_text_font_family' Parameter — Payment Page | Payment Form for Stripe 6.4 Medium2026-02-14
CVE-2026-1796 StyleBidet <= 1.0.0 - Reflected Cross-Site Scripting — StyleBidet 6.1 Medium2026-02-14
CVE-2026-1912 Citations tools <= 0.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'code' Shortcode Attribute — Citations tools 6.4 Medium2026-02-14
CVE-2026-1164 Easy Voice Mail <= 1.2.5 - Unauthenticated Stored Cross-Site Scripting via 'message' — Easy Voice Mail 6.1 Medium2026-02-14
CVE-2026-1904 Simple Wp colorfull Accordion <= 1.0 - Authenticated (Contributor+) Cross-Site Scripting via 'title' Shortcode Attribute — Simple Wp colorfull Accordion 6.4 Medium2026-02-14
CVE-2026-1754 personal-authors-category <= 0.3 - Reflected Cross-Site Scripting — personal-authors-category 6.1 Medium2026-02-14
CVE-2026-2027 AMP Enhancer <= 1.0.49 - Authenticated (Administrator+) Stored Cross-Site Scripting via AMP Custom CSS Setting — AMP Enhancer – Compatibility Layer for Official AMP Plugin 4.4 Medium2026-02-14
CVE-2026-1841 PixelYourSite <= 11.2.0 - Unauthenticated Stored Cross-Site Scripting — PixelYourSite – Your smart PIXEL (TAG) & API Manager 7.2 High2026-02-13
CVE-2026-1844 PixelYourSite PRO <= 12.4.0.2 - Unauthenticated Stored Cross-Site Scripting — PixelYourSite Pro – Your smart PIXEL (TAG) Manager 7.2 High2026-02-13
CVE-2026-26226 beautiful-mermaid < 0.1.3 SVG Attribute Injection — beautiful-mermaid 6.1AIMediumAI2026-02-13
CVE-2026-1578 HP App – Potential Cross-Site Scripting — HP App 6.1AIMediumAI2026-02-13
CVE-2026-26188 Solspace Freeform plugin affected by Stored Cross-Site Scripting (XSS) in Freeform Craft Plugin CP UI (builder/integrations) — craft-freeform 5.4AIMediumAI2026-02-12
CVE-2019-25324 RICOH Web Image Monitor 1.09 - HTML Injection — RICOH Web Image Monitor 6.1 Medium2026-02-12
CVE-2019-25323 Heatmiser Netmonitor 3.03 - HTML Injection — Heatmiser Netmonitor 6.1 Medium2026-02-12
CVE-2026-1320 Secure Copy Content Protection and Content Locking <= 4.9.8 - Unauthenticated Stored Cross-Site Scripting via X-Forwarded-For Header — Secure Copy Content Protection and Content Locking 7.2 High2026-02-12
CVE-2025-13002 XSS in Farktor Software's E-Commerce Package — E-Commerce Package 8.2 High2026-02-12
CVE-2026-1316 Customer Reviews for WooCommerce <= 5.97.0 - Unauthenticated Stored Cross-Site Scripting via media[].href Parameter — Customer Reviews for WooCommerce 7.2 High2026-02-12
CVE-2026-2276 Reflected Cross-Site Scripting in the Wix web application — web application 5.4AIMediumAI2026-02-12
CVE-2026-26023 Client‑side DOM XSS in the web chat app of Dify when using echarts — dify 6.1AIMediumAI2026-02-11
CVE-2020-37153 ASTPP VoIP 4.0.1 - Remote Code Execution — ASTPP 9.8 Critical2026-02-11
CVE-2026-25759 Statmatic affected by privilege escalation via stored cross-site scripting — cms 8.7 High2026-02-11
CVE-2026-25868 MiniGal Nano <= 0.3.5 Reflected XSS via dir Parameter — MiniGal Nano 6.1AIMediumAI2026-02-11
CVE-2019-25317 Kimai 2- persistent cross-site scripting (XSS) — Kimai 6.4 Medium2026-02-11
CVE-2019-25315 WP Server Log Viewer 1.0 - 'logfile' Persistent Cross-Site Scripting — WP Server Log Viewer 6.4 Medium2026-02-11

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21524 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.