Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21524

21524 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-13896 Social Feed Gallery Portfolio <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute — Social Feed Gallery Portfolio 6.4 Medium2025-12-06
CVE-2025-13898 Ultra Skype Button <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'btn_id' Shortcode Attribute — Ultra Skype Button 6.4 Medium2025-12-06
CVE-2025-13137 Live Sales Notification for Woocommerce – Woomotiv <= 3.6.3 - Reflected Cross-Site Scripting — Live Sales Notification for Woocommerce – Woomotiv 6.1 Medium2025-12-06
CVE-2025-13626 myLCO <= 0.8.1 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] — myLCO 6.1 Medium2025-12-06
CVE-2025-11263 Link Whisper Free <= 0.8.8 - Reflected Cross-Site Scripting — Link Whisper Free 6.1 Medium2025-12-06
CVE-2025-12510 Widgets for Google Reviews <= 13.2.4 - Unauthenticated Stored Cross-Site Scripting via Google Reviews — Widgets for Google Reviews 7.2 High2025-12-06
CVE-2025-66562 TUUI vulnerable to Remote Code Execution (RCE) via XSS in Markdown ECharts Rendering — tuui 9.6 -2025-12-05
CVE-2025-66554 Nextcloud Contacts vulnerable to Stored XSS in contacts app via organisation and title field — security-advisories 3.5 Low2025-12-05
CVE-2025-66514 Nextcloud Mail stored HTML injection in subject text — security-advisories 3.5 Low2025-12-05
CVE-2025-34265 Advantech WISE-DeviceOn Server < 5.4 Authenticated Stored XSS via rule-engines — WISE-DeviceOn Server 5.4 -2025-12-05
CVE-2025-34263 Advantech WISE-DeviceOn Server < 5.4 Authenticated Stored XSS via plugin-config/dashboards/menus — WISE-DeviceOn Server 5.4 -2025-12-05
CVE-2025-34266 Advantech WISE-DeviceOn Server < 5.4 Authenticated Stored XSS via plugin-config/addins/menus — WISE-DeviceOn Server 5.4 -2025-12-05
CVE-2025-34264 Advantech WISE-DeviceOn Server < 5.4 Authenticated Stored XSS via dog/{agentId} — WISE-DeviceOn Server 5.4 -2025-12-05
CVE-2025-34262 Advantech WISE-DeviceOn Server < 5.4 Authenticated Stored XSS via devices/name/{agent_id} — WISE-DeviceOn Server 5.4 -2025-12-05
CVE-2025-34258 Advantech WISE-DeviceOn Server < 5.4 Authenticated Stored XSS via devicemap/plan — WISE-DeviceOn Server 5.4 -2025-12-05
CVE-2025-34259 Advantech WISE-DeviceOn Server < 5.4 Authenticated Stored XSS via devicemap/building — WISE-DeviceOn Server 5.4 -2025-12-05
CVE-2025-34261 Advantech WISE-DeviceOn Server < 5.4 Authenticated Stored XSS via devicegroups/ — WISE-DeviceOn Server 5.4 -2025-12-05
CVE-2025-34260 Advantech WISE-DeviceOn Server < 5.4 Authenticated Stored XSS via action/schedule — WISE-DeviceOn Server 5.4 -2025-12-05
CVE-2025-34257 Advantech WISE-DeviceOn Server < 5.4 Authenticated Stored XSS via action/defined — WISE-DeviceOn Server 5.4 -2025-12-05
CVE-2025-13682 Trail Manager <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting — Trail Manager 4.4 Medium2025-12-05
CVE-2025-13614 Cool Tag Cloud <= 2.29 - Authenticated (Contributor+) Stored Cross-Site Scripting — Cool Tag Cloud 8.1 High2025-12-05
CVE-2025-13678 Thai Lottery Widget <= 2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — Thai Lottery Widget 6.4 Medium2025-12-05
CVE-2025-13739 CryptX <= 4.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting — CryptX 6.4 Medium2025-12-05
CVE-2025-13515 Nouri.sh Newsletter <= 1.0.1.3 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] — Nouri.sh Newsletter 6.1 Medium2025-12-05
CVE-2025-12186 Weekly Planner <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting — Weekly Planner 4.4 Medium2025-12-05
CVE-2025-13860 Easy Jump Links Menus <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — Easy Jump Links Menus 6.4 Medium2025-12-05
CVE-2025-12191 PDF Catalog for WooCommerce <= 1.1.18 - Authenticated (Subscriber+) Stored Cross-Site Scripting — PDF Catalog for WooCommerce 5.4 Medium2025-12-05
CVE-2025-13623 Twitscription <= 0.1.1 - Reflected Cross-Site Scripting via admin.php PATH_INFO — Twitscription 6.1 Medium2025-12-05
CVE-2025-13622 Jabbernotification <= 0.99-RC2 - Reflected Cross-Site Scripting via admin.php PATH_INFO — Jabbernotification 6.1 Medium2025-12-05
CVE-2025-13625 WP-SOS-Donate Donation Sidebar Plugin <= 0.9.2 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] — WP-SOS-Donate Donation Sidebar Plugin 6.1 Medium2025-12-05

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21524 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.