CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21524

21524 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-25486	Craft Commerce has Stored XSS in Shipping Methods Name Field Leading to Potential Privilege Escalation — commerce	4.8^AI	Medium^AI	2026-02-03
CVE-2026-25485	Craft Commerce has Stored XSS in Shipping Categories (Name & Description) Fields Leading to Potential Privilege Escalation — commerce	4.8^AI	Medium^AI	2026-02-03
CVE-2026-25484	Craft Commerce has Stored XSS in Product Type Name — commerce	5.4^AI	Medium^AI	2026-02-03
CVE-2026-25483	Craft Commerce has Stored XSS via Order Status Message with potential database exfiltration — commerce	5.4^AI	Medium^AI	2026-02-03
CVE-2026-25482	Craft Commerce has Stored DOM XSS in Order Status Name (Reflects in "Recent Orders" Dashboard Widget) — commerce	5.4^AI	Medium^AI	2026-02-03
CVE-2026-24665	Open eClass is Vulnerable to Stored Cross-Site Scripting (XSS) via Student Assignment Upload — openeclass	8.7	High	2026-02-03
CVE-2026-24674	Open eClass is Vulnerable to Reflected Cross-Site Scripting (XSS) in Multiple Endpoints — openeclass	4.7	Medium	2026-02-03
CVE-2026-24672	Open eClass is Vulnerable to Stored Cross-Site Scripting (XSS) in User Profile Fields — openeclass	7.3	High	2026-02-03
CVE-2026-24671	Open eClass is Vulnerable to Stored Cross-Site Scripting (XSS) in Multiple High-Privilege User Fields — openeclass	6.1	Medium	2026-02-03
CVE-2020-37111	60CycleCMS 2.5.2 - 'news.php' Cross-site Scripting (XSS) Vulnerability — 60CycleCMS	6.1	Medium	2026-02-03
CVE-2020-37103	DotNetNuke 9.5 - Persistent Cross-Site Scripting — DotNetNuke	6.4	Medium	2026-02-03
CVE-2019-25265	Online Inventory Manager 3.2 - Persistent Cross-Site Scripting — Online Inventory Manager	6.4	Medium	2026-02-03
CVE-2019-25263	Zendesk App SweetHawk Survey 1.6 - Persistent Cross-Site Scripting — Zendesk App SweetHawk Survey	6.4	Medium	2026-02-03
CVE-2019-25264	Snipe-IT Open Source Asset Management 4.7.5 - Persistent Cross-Site Scripting — IT Open Source Asset Management	6.4	Medium	2026-02-03
CVE-2026-23794	Apache Syncope: Reflected XSS on Enduser Login — Apache Syncope	6.1^AI	Medium^AI	2026-02-03
CVE-2026-24988	WordPress The Events Calendar Shortcode & Block plugin <= 3.1.1 - Cross Site Scripting (XSS) vulnerability — The Events Calendar Shortcode & Block	6.5	Medium	2026-02-03
CVE-2026-24958	WordPress JetElements For Elementor plugin <= 2.7.12.2 - Cross Site Scripting (XSS) vulnerability — JetElements For Elementor	6.5	Medium	2026-02-03
CVE-2026-24952	WordPress Seriously Simple Podcasting plugin <= 3.14.1 - Cross Site Scripting (XSS) vulnerability — Seriously Simple Podcasting	6.5	Medium	2026-02-03
CVE-2026-24938	WordPress Better Search plugin <= 4.2.1 - Cross Site Scripting (XSS) vulnerability — Better Search	5.9	Medium	2026-02-03
CVE-2025-7760	Reflected XSS in Ofisimo's Association Web Package Flora — Association Web Package Flora	7.6	High	2026-02-03
CVE-2025-6397	XSS in Ankara Hosting's web site — Website Software	8.6	High	2026-02-03
CVE-2025-67855	Mooodle: mooodle: information disclosure and script execution via reflected cross-site scripting	5.4	Medium	2026-02-03
CVE-2025-67850	Moodle: moodle: cross-site scripting vulnerability via inadequate input filtering in formula editor	7.3	High	2026-02-03
CVE-2025-67849	Moodle: moodle: cross-site scripting (xss) via improper sanitization of ai prompt responses	7.3	High	2026-02-03
CVE-2025-59902	HTML injection in NICE Chat — NICE Chat	6.1^AI	Medium^AI	2026-02-03
CVE-2025-41065	Stored Cross-Site Scripting (XSS) in LUNA from Luna Imaging — LUNA	5.4^AI	Medium^AI	2026-02-03
CVE-2025-8461	Reflected XSS in Seres Software's syWEB — syWEB	7.6	High	2026-02-03
CVE-2025-8456	Reflected XSS in Kod8 Software's Kod8 Individual and SME Website — Kod8 Individual and SME Website	7.6	High	2026-02-03
CVE-2026-1592	Stored XSS via Create New Layer Field found in Foxit PDF Editor Cloud — pdfonline.foxit.com	6.3	Medium	2026-02-03
CVE-2026-1591	Stored XSS via Attachments Feature in https://pdfonline.foxit.com/ — pdfonline.foxit.com	6.3	Medium	2026-02-03

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21524 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21524