CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21524

21524 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-41748	Reflected XSS vulnerability in pxc_Dot1xCfg.php — FL SWITCH 2005	7.1	High	2025-12-09
CVE-2025-41749	Reflected XSS vulnerability in port_util.php — FL SWITCH 2005	7.1	High	2025-12-09
CVE-2025-41750	Reflected XSS vulnerability in pxc_PortCfg.php — FL SWITCH 2005	7.1	High	2025-12-09
CVE-2025-41751	Reflected XSS vulnerability in pxc_portCntr.php — FL SWITCH 2005	7.1	High	2025-12-09
CVE-2025-41752	Reflected XSS vulnerability in pxc_portSfp.php — FL SWITCH 2005	7.1	High	2025-12-09
CVE-2025-14284	Tiptap Editor 安全漏洞 — @tiptap/extension-link	6.1	Medium	2025-12-09
CVE-2025-13604	Login Security, FireWall, Malware removal by CleanTalk <= 2.168 - Unauthenticated Stored Cross-Site Scripting via Page URL — Login Security, FireWall, Malware removal by CleanTalk	7.2	High	2025-12-09
CVE-2025-66470	NiceGUI Stored/Reflected XSS in ui.interactive_image via unsanitized SVG content — nicegui	6.1	Medium	2025-12-09
CVE-2025-66469	NiceGUI Reflected XSS in ui.add_css, ui.add_scss, and ui.add_sass via Style Injection — nicegui	6.1	Medium	2025-12-08
CVE-2025-12635	IBM WebSphere Application Server and WebSphere Application Server Liberty Cross-Site Scripting — WebSphere Application Server	5.4	Medium	2025-12-08
CVE-2025-42620	CSRF vulnerability in CIRCL Vulnerability-Lookup — Vulnerability-Lookup	5.4^AI	Medium^AI	2025-12-08
CVE-2025-14244	GreenCMS Menu Management CustomController.class.php cross site scripting — GreenCMS	2.4	Low	2025-12-08
CVE-2025-14228	Yealink SIP-T21P E2 Local Directory cross site scripting — SIP-T21P E2	3.5	Low	2025-12-08
CVE-2025-12956	Reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x — ENOVIA Collaborative Industry Innovator	8.7	High	2025-12-08
CVE-2025-14221	SourceCodester Online Banking System page cross site scripting — Online Banking System	3.5	Low	2025-12-08
CVE-2025-14205	code-projects Chamber of Commerce Membership Management System Your Info membership_profile.php cross site scripting — Chamber of Commerce Membership Management System	2.4	Low	2025-12-07
CVE-2025-14201	alokjaiswal Hotel-Management-services-using-MYSQL-and-php dishsub.php cross site scripting — Hotel-Management-services-using-MYSQL-and-php	2.4	Low	2025-12-07
CVE-2025-14200	alokjaiswal Hotel-Management-services-using-MYSQL-and-php Request Pending usersub.php cross site scripting — Hotel-Management-services-using-MYSQL-and-php	3.5	Low	2025-12-07
CVE-2025-14194	code-projects Employee Profile Management System view_personnel.php cross site scripting — Employee Profile Management System	3.5	Low	2025-12-07
CVE-2025-12499	Rich Shortcodes for Google Reviews <= 6.8 - Unauthenticated Stored Cross-Site Scripting via Google Review — Rich Showcase for Google Reviews	7.2	High	2025-12-06
CVE-2025-13894	CSV Sumotto <= 1.0 - Reflected Cross-Site Scripting — CSV Sumotto	6.1	Medium	2025-12-06
CVE-2025-13857	Yet Another WebClap for WordPress <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — Yet Another WebClap for WordPress	6.4	Medium	2025-12-06
CVE-2025-13856	Extra Post Images <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — Extra Post Images	6.4	Medium	2025-12-06
CVE-2025-13863	RevInsite <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — RevInsite	6.4	Medium	2025-12-06
CVE-2025-12717	List Attachments Shortcode <= 0.4.1a - Authenticated (Author+) Stored Cross-Site Scripting via list-attachments Shortcode — List Attachments Shortcode	6.4	Medium	2025-12-06
CVE-2025-13907	CSS3 Buttons <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — CSS3 Buttons	6.4	Medium	2025-12-06
CVE-2025-12715	Canadian Nutrition Facts Label <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Nutrition Label Custom Post Type — Canadian Nutrition Facts Label	6.4	Medium	2025-12-06
CVE-2025-13656	Cute News Ticker <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'color' Shortcode Attribute — Cute News Ticker	6.4	Medium	2025-12-06
CVE-2025-13899	TR Timthumb <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — TR Timthumb	6.4	Medium	2025-12-06
CVE-2025-13308	Application Passwords <= 0.1.3 - Reflected Cross-Site Scripting via reject_url — Application Passwords	5.4	Medium	2025-12-06

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21524 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21524