Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21524

21524 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-22881 Cybozu Garoon 跨站脚本漏洞 — Cybozu Garoon 6.1AIMediumAI2026-02-02
CVE-2026-20711 Cybozu Garoon 跨站脚本漏洞 — Cybozu Garoon 6.1AIMediumAI2026-02-02
CVE-2026-1744 D-Link DSL-6641K sp_pppoe_user.js doSubmitPPP cross site scripting — DSL-6641K 2.4 Low2026-02-02
CVE-2023-54343 QWE DL 2.0.1 Persistent XSS Vulnerability via Path Parameter — QWE DL 6.4 Medium2026-02-01
CVE-2022-50952 Banco Guayaquil 8.0.0 Mobile iOS Cross-Site Scripting via Profile Name Input — Banco Guayaquil 6.4 Medium2026-02-01
CVE-2022-50951 WiFi File Transfer 1.0.8 Persistent XSS via Web Server Input Validation — WiFi File Transfer 6.4 Medium2026-02-01
CVE-2022-50941 BootCommerce 3.2.1 Persistent Cross-Site Scripting via Order Checkout — BootCommerce 6.4 Medium2026-02-01
CVE-2022-50942 Incinga Web 2.8.2 Client-Side Cross-Site Scripting via EventListener — Incinga Web 5.4 Medium2026-02-01
CVE-2022-50940 Knap Advanced PHP Login 3.1.3 Persistent Cross-Site Scripting via Name Parameter — Knap Advanced PHP Login 6.4 Medium2026-02-01
CVE-2022-50797 Stripe Green Downloads Wordpress Plugin 2.03 Persistent XSS via Settings — Stripe Green Downloads 6.4 Medium2026-02-01
CVE-2021-47920 WebMO Job Manager 20.0 Cross-Site Scripting via Search Parameters — WebMO Job Manager 5.4 Medium2026-02-01
CVE-2021-47919 Simple CMS 2.1 Non-Persistent Cross-Site Scripting via Preview Parameter — Simple CMS 6.4 Medium2026-02-01
CVE-2021-47917 Simple CMS 2.1 Persistent Cross-Site Scripting via User Input Parameters — Simple CMS 6.4 Medium2026-02-01
CVE-2021-47914 PHP Melody 3.0 Persistent XSS Vulnerability via Edit Video Parameter — PHP Melody 6.4 Medium2026-02-01
CVE-2021-47913 PHP Melody 3.0 Persistent Cross-Site Scripting via Video Editor — PHP Melody 6.4 Medium2026-02-01
CVE-2021-47912 PHP Melody 3.0 Non-Persistent Cross-Site Scripting via Multiple Parameters — PHP Melody 6.4 Medium2026-02-01
CVE-2021-47911 Affiliate Pro 1.7 Reflected Cross-Site Scripting via Index Module — Affiliate Pro 5.4 Medium2026-02-01
CVE-2021-47908 Ultimate POS 4.4 Persistent Cross-Site Scripting via Product Name — Unknown 6.4 Medium2026-02-01
CVE-2021-47856 Easy Cart Shopping Cart 2021 Cross-Site Scripting via Search Parameter — Easy Cart Shopping Cart 6.4 Medium2026-02-01
CVE-2021-47885 Payment Terminal Multiple Versions Non-Persistent Cross-Site Scripting — PayPal PRO Payment Terminal 6.4 Medium2026-02-01
CVE-2025-14554 Sell BTC - Cryptocurrency Selling Calculator <= 1.5 - Unauthenticated Stored Cross-Site Scripting via 'orderform_data' AJAX Action — Sell BTC – Cryptocurrency Selling Calculator 7.2 High2026-01-31
CVE-2026-25156 HotCRP vulnerable to stored XSS via comment attachments — hotcrp 7.3 High2026-01-30
CVE-2020-37044 OpenCTI 3.3.1 - Cross Site Scripting — OpenCTI 5.4 Medium2026-01-30
CVE-2026-25154 LocalSend has Stored XSS in Web Share Interface via Filename — localsend 6.1 Medium2026-01-30
CVE-2026-1705 D-Link DSL-6641K Web ad_virtual_server_vdsl cross site scripting — DSL-6641K 2.4 Low2026-01-30
CVE-2026-1700 projectworlds House Rental and Property Listing sms.php cross site scripting — House Rental and Property Listing 3.5 Low2026-01-30
CVE-2020-37022 OpenZ ERP 3.6.60 - Persistent Cross-Site Scripting — OpenZ ERP 6.4 Medium2026-01-30
CVE-2020-37019 Orchard Core RC1 - Persistent Cross-Site Scripting — Orchard Core 6.4 Medium2026-01-30
CVE-2020-37014 Tryton 5.4 - Persistent Cross-Site Scripting — Tryton 6.4 Medium2026-01-30
CVE-2020-36996 PHPFusion 9.03.50 - Persistent Cross-Site Scripting — PHPFusion 6.4 Medium2026-01-30

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21524 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.