Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21524

21524 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-40587 Siemens Polarion 跨站脚本漏洞 — Polarion V2404 7.6 High2026-02-10
CVE-2026-1922 The Events Calendar Shortcode & Block <= 3.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — The Events Calendar Shortcode & Block 6.4 Medium2026-02-10
CVE-2026-1866 Name Directory <= 1.32.0 - Unauthenticated Stored Cross-Site Scripting via Double HTML-Entity Encoding in Submission Form — Name Directory 7.2 High2026-02-10
CVE-2026-2099 Flowring|AgentFlow - Stored Cross-Site Scripting — AgentFlow 5.4 Medium2026-02-10
CVE-2026-2098 Flowring|AgentFlow - Reflected Cross-site Scripting — AgentFlow 6.1 Medium2026-02-10
CVE-2026-0996 Fluent Forms <= 6.1.14 - Authenticated (Subscriber+) Stored Cross-Site Scripting via AI Form Builder Module — Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder 6.4 Medium2026-02-10
CVE-2026-24325 Cross Site Scripting (XSS) vulnerability in SAP BusinessObjects Enterprise (Central Management Console) — SAP BusinessObjects Enterprise (Central Management Console) 4.8 Medium2026-02-10
CVE-2026-0505 Multiple vulnerabilities in BSP Applications of SAP Document Management System — SAP Document Management System 6.1 Medium2026-02-10
CVE-2026-25496 Craft has a stored XSS in Number Prefix & Suffix Fields — cms 5.4AIMediumAI2026-02-09
CVE-2026-25491 Craft has a Stored XSS in Entry Types Name — cms 5.4AIMediumAI2026-02-09
CVE-2026-25230 FileRise affected by HTML Injection using color property in file tags — FileRise 4.6 Medium2026-02-09
CVE-2026-1960 Stored Cross-Site Scripting (XSS) vulnerability in Loggro Pymes — Loggro Pymes 5.4AIMediumAI2026-02-09
CVE-2026-1959 Stored Cross-Site Scripting (XSS) vulnerability in Loggro Pymes — Loggro Pymes 5.4AIMediumAI2026-02-09
CVE-2026-25847 JetBrains PyCharm 跨站脚本漏洞 — PyCharm 8.2 High2026-02-09
CVE-2026-2224 code-projects Online Reviewer System btn_functions.php cross site scripting — Online Reviewer System 3.5 Low2026-02-09
CVE-2025-7799 Reflected XSS in Zirve Information Technologies' e-Taxpayer Accounting Website — e-Taxpayer Accounting Website 8.6 High2026-02-09
CVE-2026-2222 code-projects Online Reviewer System btn_functions.php cross site scripting — Online Reviewer System 2.4 Low2026-02-09
CVE-2026-2214 code-projects for Plugin AdminAddAlbum.php cross site scripting — for Plugin 2.4 Low2026-02-09
CVE-2026-2201 ZeroWdd studentmanager LeaveController.java addLeave cross site scripting — studentmanager 2.4 Low2026-02-09
CVE-2026-2200 heyewei JFinalCMS API Endpoint save cross site scripting — JFinalCMS 2.4 Low2026-02-09
CVE-2026-2160 SourceCodester Simple Responsive Tourism Website Master.php cross site scripting — Simple Responsive Tourism Website 4.3 Medium2026-02-08
CVE-2026-2159 SourceCodester Simple Responsive Tourism Website Registration Master.php cross site scripting — Simple Responsive Tourism Website 4.3 Medium2026-02-08
CVE-2026-2156 code-projects Online Student Management System Announcement Management index.php cross site scripting — Online Student Management System 2.4 Low2026-02-08
CVE-2026-2154 SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System Patient Registration registration.php cross site scripting — Patients Waiting Area Queue Management System 4.3 Medium2026-02-08
CVE-2026-2150 SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System checkin.php cross site scripting — Patients Waiting Area Queue Management System 4.3 Medium2026-02-08
CVE-2026-2149 SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System appointments.php cross site scripting — Patients Waiting Area Queue Management System 4.3 Medium2026-02-08
CVE-2026-2145 cym1102 nginxWebUI Web Management check cross site scripting — nginxWebUI 3.5 Low2026-02-08
CVE-2026-1573 OMIGO <= 3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — OMIGO 6.4 Medium2026-02-07
CVE-2026-1611 Wikiloops Track Player <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Wikiloops Track Player 6.4 Medium2026-02-07
CVE-2026-1613 Wonka Slide <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Wonka Slide 6.4 Medium2026-02-07

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21524 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.