Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21524

21524 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2020-36998 forma.lms The E-Learning Suite 2.3.0.2 - Persistent Cross-Site Scripting — E-Learning Suite 6.4 Medium2026-01-30
CVE-2020-37003 Sellacious eCommerce 4.6 - Persistent Cross-Site Scripting — Sellacious eCommerce 6.4 Medium2026-01-30
CVE-2020-36966 Dolibarr 11.0.3 - 'ldap.php' - Persistent Cross-Site Scripting — Dolibarr 6.4 Medium2026-01-30
CVE-2026-24855 ChurchCRM has Stored Cross-Site Scripting (XSS) in Create Events in Church Calendar, Leading to Account Takeover — CRM 5.4AIMediumAI2026-01-30
CVE-2025-9226 Stored XSS — ManageEngine OpManager 4.6 Medium2026-01-30
CVE-2026-1598 Bdtask Bhojon All-In-One Restaurant Management System User Information profile cross site scripting — Bhojon All-In-One Restaurant Management System 3.5 Low2026-01-29
CVE-2025-7713 Reflected XSS in Global Medya's PHP CMS — Content Management System (CMS) 7.5 High2026-01-29
CVE-2020-37018 GOautodial 4.0 - Persistent Cross-Site Scripting — GOautodial 6.4 Medium2026-01-29
CVE-2026-1469 Stored Cross-Site Scripting (XSS) in RLE NOVA's PlanManager — PlanManager 5.4AIMediumAI2026-01-29
CVE-2026-24769 NocoDB Vulnerable to Stored Cross-Site Scripting via SVG upload — nocodb 5.4AIMediumAI2026-01-28
CVE-2025-13983 Tagify - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-121 — Tagify 6.1AIMediumAI2026-01-28
CVE-2025-13981 AI (Artificial Intelligence) - Moderately critical - Cross-Site Scripting - SA-CONTRIB-2025-119 — AI (Artificial Intelligence) 6.1AIMediumAI2026-01-28
CVE-2026-0749 Cross-Site Scripting Vulnerability in Drupal Form Builder Module — Drupal 6.1AIMediumAI2026-01-28
CVE-2025-67723 Discourse vulnerable to stored Cross-site Scripting via Katex in discourse-math plugin — discourse 4.6 Medium2026-01-28
CVE-2026-1520 rethinkdb Secondary Index cross site scripting — rethinkdb 2.4 Low2026-01-28
CVE-2020-36993 LimeSurvey <= 4.3.10 - 'Survey Menu' Persistent Cross-Site Scripting — LimeSurvey 5.4 Medium2026-01-28
CVE-2020-36988 PDW File Browser <= v1.3 - Cross-Site Scripting (XSS) — PDW File Browser 5.4 Medium2026-01-28
CVE-2025-14865 Passster – Password Protect Pages and Content <= 4.2.24 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Passster – Password Protect Pages and Content 6.4 Medium2026-01-28
CVE-2025-59900 Authenticated Cross-Site Scripting (XSS) vulnerability in Sync Breeze Enterprise Server — Sync Breeze Enterprise Server 5.4AIMediumAI2026-01-28
CVE-2025-59899 Authenticated Cross-Site Scripting (XSS) vulnerability in Sync Breeze Enterprise Server — Sync Breeze Enterprise Server 5.4AIMediumAI2026-01-28
CVE-2025-59898 Authenticated Cross-Site Scripting (XSS) vulnerability in Sync Breeze Enterprise Server — Sync Breeze Enterprise Server 5.4AIMediumAI2026-01-28
CVE-2025-59897 Authenticated Cross-Site Scripting (XSS) vulnerability in Sync Breeze Enterprise Server — Sync Breeze Enterprise Server 5.4AIMediumAI2026-01-28
CVE-2025-59896 Authenticated Cross-Site Scripting (XSS) vulnerability in Sync Breeze Enterprise Server — Sync Breeze Enterprise Server 5.4AIMediumAI2026-01-28
CVE-2026-0483 Stored Cross-Site Scripting (XSS) vulnerability in LiveHelperChat — LiveHelperChat 5.4AIMediumAI2026-01-28
CVE-2026-1399 WP Google Ad Manager Plugin <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Admin Settings — WP Google Ad Manager Plugin 4.4 Medium2026-01-28
CVE-2025-14283 BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library <= 2.2.14 - Authenticated (Contributor+) Stored Cross-Site Scripting — BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library 6.4 Medium2026-01-28
CVE-2025-14063 SEO Links Interlinking <= 1.7.9.9.1 - Reflected Cross-Site Scripting via 'google_error' Parameter — SEO Links Interlinking 6.1 Medium2026-01-28
CVE-2026-1391 Vzaar Media Management <= 1.2 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] — Vzaar Media Management 5.3 Medium2026-01-28
CVE-2026-1053 Ivory Search <= 5.5.13 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'menu_gcse' and 'nothing_found_text' Parameters — Ivory Search – WordPress Search Plugin 4.4 Medium2026-01-28
CVE-2026-1381 Order Minimum/Maximum Amount Limits for WooCommerce <= 4.6.8 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via Hide Add to Cart Content Fields — Order Minimum/Maximum Amount Limits for WooCommerce 4.4 Medium2026-01-28

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21524 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.