Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21506

21506 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-24906 October CMS has Stored XSS in its Backend Editor Markup Classes — october 8.2 -2026-04-14
CVE-2026-32196 Windows Admin Center Spoofing Vulnerability — Windows Admin Center 6.1 Medium2026-04-14
CVE-2026-20945 Microsoft SharePoint Server Spoofing Vulnerability — Microsoft SharePoint Enterprise Server 2016 4.6 Medium2026-04-14
CVE-2025-61886 Fortinet FortiSandbox 跨站脚本漏洞 — FortiSandbox PaaS 4.9 Medium2026-04-14
CVE-2026-39812 Fortinet FortiSandbox 跨站脚本漏洞 — FortiSandbox 4.3 Medium2026-04-14
CVE-2026-22154 Fortinet FortiSOAR PaaS和Fortinet FortiSOAR on-premise 跨站脚本漏洞 — FortiSOAR PaaS 4.4 Medium2026-04-14
CVE-2026-37980 Org.keycloak.forms.login: keycloak: keycloak: arbitrary code execution via stored cross-site scripting (xss) in organization selection login page — Red Hat Build of Keycloak 6.9 Medium2026-04-14
CVE-2026-4914 Ivanti Neurons for ITSM 跨站脚本漏洞 — Neurons for ITSM (On-Premise) 5.4 Medium2026-04-14
CVE-2026-4344 Stored Cross-Site Scripting (XSS) Vulnerability in Assembly Component Name — Fusion 7.1 High2026-04-14
CVE-2026-4345 Stored Cross-Site Scripting (XSS) Vulnerability in Design Name — Fusion 7.1 High2026-04-14
CVE-2026-4369 Stored Cross-Site Scripting (XSS) Vulnerability in Assembly Variant Name — Fusion 7.1 High2026-04-14
CVE-2026-4479 WholeSale Products Dynamic Pricing Management WooCommerce <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings — WholeSale Products Dynamic Pricing Management WooCommerce 4.4 Medium2026-04-14
CVE-2026-4059 ShopLentor <= 3.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'button_text' Shortcode Attribute — ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin 6.4 Medium2026-04-14
CVE-2026-1607 Surbma | Booking.com <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Surbma | Booking.com Shortcode 6.4 Medium2026-04-14
CVE-2026-4388 Form Maker by 10Web <= 1.15.40 - Unauthenticated Stored Cross-Site Scripting via Matrix Field Text Box — Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder 7.2 High2026-04-14
CVE-2026-39426 MaxKB: Stored XSS via Unsanitized iframe_render Parsing — MaxKB 5.4 -2026-04-14
CVE-2026-39423 Stored XSS via Eval Injection in EchartsRander Component — MaxKB 5.4 -2026-04-14
CVE-2026-39422 MaxKB has Stored XSS via ChatHeadersMiddleware — MaxKB 5.4 -2026-04-14
CVE-2026-27683 Reflected cross site scripting vulnerability in SAP BusinessObjects Business Intelligence Platform — SAP BusinessObjects Business Intelligence Platform 4.1 Medium2026-04-14
CVE-2026-0512 Cross-Site Scripting (XSS) vulnerability in SAP Supplier Relationship Management (SICF Handler in SRM Catalog) — SAP Supplier Relationship Management (SICF Handler in SRM Catalog) 6.1 Medium2026-04-14
CVE-2026-6218 aandrew-me ytDownloader Error Details Panel createTextNode cross site scripting — ytDownloader 4.3 Medium2026-04-13
CVE-2026-6216 DbGate SVG Icon String FontIcon.svelte cross site scripting — DbGate 3.5 Low2026-04-13
CVE-2026-40038 Pachno 1.0.6 Stored Cross-Site Scripting via Multiple Parameters — Pachno 7.2 High2026-04-13
CVE-2026-23891 Decidim has a Cross-site scripting (XSS) vulnerability via user name field — decidim 8.0 -2026-04-13
CVE-2026-30812 Stored Cross-Site Scripting in Event Comments via Filter Bypass — Pandora FMS 6.1 -2026-04-13
CVE-2026-6184 code-projects Simple Content Management System welcome.php cross site scripting — Simple Content Management System 2.4 Low2026-04-13
CVE-2026-2728 LibreNMS 安全漏洞 — librenms 4.8 -2026-04-13
CVE-2025-15632 1Panel-dev MaxKB MdPreview chat.ts cross site scripting — MaxKB 3.5 Low2026-04-13
CVE-2026-35565 Apache Storm UI: Stored Cross-Site Scripting (XSS) via Unsanitized Topology Metadata in Storm UI — Apache Storm UI 5.4 -2026-04-13
CVE-2026-6162 PHPGurukul Company Visitor Management System bwdates-reports-details.php cross site scripting — Company Visitor Management System 3.5 Low2026-04-13

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21506 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.