Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21524

21524 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-12368 Sermon Manager <= 2.30.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Sermon Manager 6.4 Medium2025-12-05
CVE-2025-12163 Omnipress <= 1.6.5 - Authenticated (Author+) Stored Cross-Site Scripting — Omnipress 6.4 Medium2025-12-05
CVE-2025-12124 FitVids for WordPress <= 4.0.1 - Authenticated (Admin+) Stored Cross-Site Scripting — FitVids for WordPress 4.4 Medium2025-12-05
CVE-2025-13512 CoSign Single Signon <= 0.3.1 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] — CoSign Single Signon 6.1 Medium2025-12-05
CVE-2025-12417 SurveyFunnel – Survey Plugin for WordPress <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — SurveyFunnel – Survey Plugin for WordPress 6.4 Medium2025-12-05
CVE-2025-12804 Booking Calendar <= 10.14.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via bookingcalendar Shortcode — Booking Calendar 6.4 Medium2025-12-05
CVE-2025-66563 Monkeytype vulnerable to stored XSS in approve quotes page — monkeytype 6.1AIMediumAI2025-12-04
CVE-2025-66561 SysReptor Vulnerable to an Authenticated Stored Cross-Site Scripting (XSS) — sysreptor 7.3 High2025-12-04
CVE-2025-6946 WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in IPS Configuration — Fireware OS 4.8AIMediumAI2025-12-04
CVE-2025-13939 WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Gateway Wireless Controller — Fireware OS 5.4AIMediumAI2025-12-04
CVE-2025-13938 WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Autotask Technology Integration Configuration — Fireware OS 5.4AIMediumAI2025-12-04
CVE-2025-13937 WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in ConnectWise Technology Integration Configuration — Fireware OS 5.4AIMediumAI2025-12-04
CVE-2025-13936 WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Tigerpaw Technology Integration Configuration — Fireware OS 4.8AIMediumAI2025-12-04
CVE-2025-65959 Open WebUI vulnerable to Stored DOM XSS via Note 'Download PDF' — open-webui 8.7 High2025-12-04
CVE-2025-66574 TranzAxis 3.2.41.10.26 - Stored Cross-Site Scripting (XSS) — TranzAxis 5.4AIMediumAI2025-12-04
CVE-2023-53735 WEBIGniter 28.7.23 Cross-Site Scripting (XSS) in User Creation Process — WEBIGniter 6.1AIMediumAI2025-12-04
CVE-2025-13488 Nexus Repository 3 - Stored Cross-Site Scripting (XSS) — Nexus Repository 4.8AIMediumAI2025-12-04
CVE-2025-14013 JIZHICMS Comment addcomment.html cross site scripting — JIZHICMS 2.4 Low2025-12-04
CVE-2025-14007 dayrui XunRuiCMS Domain Name Binding admin79f2ec220c7e.php cross site scripting — XunRuiCMS 2.0 Low2025-12-04
CVE-2025-14006 dayrui XunRuiCMS Add Data Validation admind45f74adbd95.php cross site scripting — XunRuiCMS 3.5 Low2025-12-04
CVE-2025-14005 dayrui XunRuiCMS Add Display Name Field admind45f74adbd95.php cross site scripting — XunRuiCMS 2.4 Low2025-12-04
CVE-2025-41080 Multiple vulnerabilities in Seafile — Seafile 5.4AIMediumAI2025-12-04
CVE-2025-41079 Multiple vulnerabilities in Seafile — Seafile 5.4AIMediumAI2025-12-04
CVE-2025-13513 Clik stats <= 0.8 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] — Clik stats 6.1 Medium2025-12-04
CVE-2025-11727 Omnichannel for WooCommerce: Google, Amazon, eBay & Walmart Integration - Powered by Codisto <= 1.3.65 - Unauthenticated Stored Cross-Site Scripting — Omnichannel for WooCommerce: Google, Amazon, eBay & Walmart Integration – Powered by Codisto 7.2 High2025-12-04
CVE-2025-65027 RomM Chained XSS and CSRF Vulnerabilities Enable Admin Account Takeover — romm 7.6 High2025-12-03
CVE-2025-20385 Stored Cross-Site scripting (XSS) through Anchor Tag "href" in Navigation Bar Collections in Splunk Enterprise — Splunk Enterprise 2.4 Low2025-12-03
CVE-2025-13401 Autoptimize <= 3.1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting — Autoptimize 6.4 Medium2025-12-03
CVE-2025-13448 CSSIgniter Shortcodes <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'element' Shortcode Attribute — CSSIgniter Shortcodes 6.4 Medium2025-12-03
CVE-2025-66468 Aimeos GrapesJS CMS extension possible stores XSS exploitable by authenticated editors — ai-cms-grapesjs 7.7 High2025-12-02

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21524 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.