Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21524

21524 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2019-25316 GOautodial 4.0 - 'CreateEvent' Persistent Cross-Site Scripting — GOautodial 6.4 Medium2026-02-11
CVE-2019-25311 thesystem Persistent XSS — thesystem 6.4 Medium2026-02-11
CVE-2019-25312 InoERP 0.7.2 - Persistent Cross-Site Scripting — InoERP 5.4 Medium2026-02-11
CVE-2018-25157 Phraseanet 4.0.3 Stored XSS via Document Upload — Phraseanet DAM Open Source 6.4 Medium2026-02-11
CVE-2026-2344 Stored XSS on Plunet BusinessManager — Plunet BusinessManager 8.8AIHighAI2026-02-11
CVE-2025-8668 Reflected XSS in E-Kalite Software Hardware Engineering's Turboard — Turboard 9.4 Critical2026-02-11
CVE-2026-2337 Refleccted XSS on Plunet BusinessManager — Plunet BusinessManager 9.6AICriticalAI2026-02-11
CVE-2025-14560 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLab 7.3 High2026-02-11
CVE-2026-0595 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLab 7.3 High2026-02-11
CVE-2025-13650 REFLECTED CROSS-SITE SCRIPTING (XSS) ON MICROCOM'S ZEUSWEB — ZeusWeb 6.1AIMediumAI2026-02-11
CVE-2025-13649 REFLECTED CROSS-SITE SCRIPTING (XSS) ON MICROCOM'S ZEUSWEB — ZeusWeb 5.4AIMediumAI2026-02-11
CVE-2025-13648 STORED CROSS-SITE SCRIPTING (XSS) ON MICROCOM'S ZEUSWEB — ZeusWeb 5.4AIMediumAI2026-02-11
CVE-2026-0815 Category Image <= 2.0 - Authenticated (Editor+) Stored Cross-Site Scripting via 'tag-image' Parameter — Category Image 4.4 Medium2026-02-11
CVE-2026-1827 IDE Micro code-editor <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Shortcode Attribute — IDE Micro code-editor 6.4 Medium2026-02-11
CVE-2026-1826 OpenPOS Lite <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — OpenPOS Lite – Point of Sale for WooCommerce 6.4 Medium2026-02-11
CVE-2026-1809 HTML Shortcodes <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — HTML Shortcodes 6.4 Medium2026-02-11
CVE-2026-0724 WPlyr Media Block <= 1.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via '_wplyr_accent_color' Parameter — WPlyr Media Block 4.4 Medium2026-02-11
CVE-2026-1804 WDES Responsive Popup <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'attr' Shortcode Attribute — WDES Responsive Popup 6.4 Medium2026-02-11
CVE-2026-1821 Microtango <= 0.9.29 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — Microtango 6.4 Medium2026-02-11
CVE-2026-1853 BuddyHolis ListSearch <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'placeholder' Shortcode Attribute — BuddyHolis ListSearch 6.4 Medium2026-02-11
CVE-2026-1885 Slideshow Wp <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sswp-slide' Shortcode 'sswpid' Attribute — Slideshow Wp 6.4 Medium2026-02-11
CVE-2025-15440 iONE360 configurator <= 2.0.57 - Unauthenticated Stored Cross-Site Scripting via Contact Form Parameters — iONE360 configurator 7.2 High2026-02-11
CVE-2025-10913 XSS in saastech.io's TemizlikYolda — TemizlikYolda 8.3 High2026-02-11
CVE-2026-1893 Orbisius Random Name Generator <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'btn_label' Shortcode Attribute — Orbisius Random Name Generator 6.4 Medium2026-02-11
CVE-2026-1231 Beaver Builder Page Builder – Drag and Drop Website Builder <= 2.10.0.5 - Authenticated (Custom+) Missing Authorization to Stored Cross-Site Scripting via Global Settings — Beaver Builder Page Builder – Drag and Drop Website Builder 6.4 Medium2026-02-11
CVE-2026-1571 Reflected XSS Vulnerability on TP-Link Archer C60 — Archer C60 v3 6.1AIMediumAI2026-02-11
CVE-2026-21529 Azure HDInsight Spoofing Vulnerability — Azure HDInsight 5.7 Medium2026-02-10
CVE-2026-24045 Docmost Affected by Stored XSS in Public Share Page — docmost 7.3 High2026-02-10
CVE-2025-52436 Fortinet FortiSandbox 跨站脚本漏洞 — FortiSandbox 7.9 High2026-02-10
CVE-2025-11004 Reflected XSS vulnerability in Simplicity Device Manager tool — Simplicity Device Manager 6.3AIMediumAI2026-02-10

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21524 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.