Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21506

21506 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-5231 WP Statistics <= 14.16.4 - Unauthenticated Stored Cross-Site Scripting via 'utm_source' Parameter — WP Statistics – Simple, privacy-friendly Google Analytics alternative 7.2 High2026-04-17
CVE-2026-5162 Royal Addons for Elementor <= 1.7.1056 - Authenticated (Contributor+) Stored Cross-Site Scripting via Instagram Feed Widget — Royal Addons for Elementor – Addons and Templates Kit for Elementor 6.4 Medium2026-04-17
CVE-2026-40262 Note Mark has Stored XSS via Unrestricted Asset Upload — note-mark 8.7 High2026-04-16
CVE-2026-40922 SiYuan: Incomplete sanitization of bazaar README allows stored XSS via iframe srcdoc (incomplete fix for CVE-2026-33066) — siyuan 5.4AIMediumAI2026-04-16
CVE-2026-40322 SiYuan: Mermaid `javascript:` Link Injection Leads to Stored XSS and Electron RCE — siyuan 9.1 Critical2026-04-16
CVE-2026-2840 Email Encoder – Protect Email Addresses and Phone Numbers <= 2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via eeb_mailto Shortcode — Email Encoder – Protect Email Addresses and Phone Numbers 6.4 Medium2026-04-16
CVE-2026-3369 Better Find and Replace – AI-Powered Suggestions <= 1.7.9 - Authenticated (Author+) Stored Cross-Site Scripting via Uploaded Image Title — Better Find and Replace – AI-Powered Suggestions 5.4 Medium2026-04-16
CVE-2025-6024 Cross-Site Scripting via Authentication Endpoint in Multiple WSO2 Products Allows Redirection to Malicious Websites — WSO2 API Manager 6.1 Medium2026-04-16
CVE-2024-10242 Reflected Cross-Site Scripting via Authentication Endpoint in WSO2 API Manager Allows UI Modification and Redirection — WSO2 API Manager 6.1 Medium2026-04-16
CVE-2024-4867 Cross-Site Scripting via Developer Portal in WSO2 API Manager Enables UI Modification and Information Retrieval — WSO2 API Manager 5.4 Medium2026-04-16
CVE-2026-3876 Prismatic <= 3.7.3 - Unauthenticated Stored Cross-Site Scripting via 'prismatic_encoded' Pseudo-Shortcode — Prismatic 7.2 High2026-04-16
CVE-2026-3355 Customer Reviews for WooCommerce <= 5.101.0 - Reflected Cross-Site Scripting via 'crsearch' — Customer Reviews for WooCommerce 6.1 Medium2026-04-16
CVE-2026-3875 BetterDocs <= 4.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — BetterDocs – Knowledge Base Docs & FAQ Solution for Elementor & Block Editor 6.4 Medium2026-04-16
CVE-2025-13364 WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters <= 4.8.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'put_wpgm' Shortcode — WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters 6.4 Medium2026-04-16
CVE-2026-3995 OPEN-BRAIN <= 0.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'API Key' Setting — OPEN-BRAIN 4.4 Medium2026-04-16
CVE-2026-1572 Livemesh Addons by Elementor <= 9.0 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via Plugin Settings — Livemesh Addons by Elementor 6.4 Medium2026-04-16
CVE-2026-3551 Custom New User Notification <= 1.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'User Mail Subject' Setting — Custom New User Notification 4.4 Medium2026-04-16
CVE-2026-5070 Vantage <= 1.20.32 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gallery Block Text Content — Vantage 6.4 Medium2026-04-16
CVE-2026-3878 WP Docs <= 2.2.9 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'wpdocs_options[icon_size]' — WP Docs 6.4 Medium2026-04-16
CVE-2026-4032 CodeColorer <= 0.10.1 - Unauthenticated Stored Cross-Site Scripting via 'class' attribute in 'cc' Comment Shortcode — CodeColorer 6.1 Medium2026-04-16
CVE-2026-3885 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via su_box Shortcode — WP Shortcodes Plugin — Shortcodes Ultimate 6.4 Medium2026-04-16
CVE-2026-3299 WP YouTube Lyte <= 1.7.29 - Authenticated (Contributor+) Stored Cross-Site Scripting via lyte Shortcode — WP YouTube Lyte 6.4 Medium2026-04-16
CVE-2026-40179 Prometheus: Stored XSS via metric names and label values in web UI tooltips and metrics explorer — prometheus 6.1 -2026-04-15
CVE-2026-1711 Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-Site Scripting vulnerability in a user interface component. Requires a high privileged user with a developer role. — Pega Infinity 4.8 -2026-04-15
CVE-2026-40186 ApostropheCMS: sanitize-html allowedTags Bypass via Entity-Decoded Text in nonTextTags Elements — apostrophe 6.1 Medium2026-04-15
CVE-2026-35569 ApostropheCMS: Stored XSS in SEO Fields Leads to Authenticated API Data Exposure in ApostropheCMS — apostrophe 8.7 High2026-04-15
CVE-2026-33889 ApostropheCMS: Stored XSS via CSS Custom Property Injection in `@apostrophecms/color-field` Escaping Style Tag Context — apostrophe 5.4 Medium2026-04-15
CVE-2026-20059 Cisco Unity Connection Reflected Cross-Site Scripting Vulnerability — Cisco Unity Connection 6.1 Medium2026-04-15
CVE-2026-20132 Cisco Identity Services Engine Multiple Cross-Site Scripting Vulnerabilities — Cisco Identity Services Engine Software 4.8 Medium2026-04-15
CVE-2026-6370 WordPress Mini Ajax Cart for WooCommerce plugin <= 1.3.4 - Cross Site Scripting (XSS) vulnerability — Mini Ajax Cart for WooCommerce 5.9 Medium2026-04-15

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21506 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.