CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21527

21527 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-13401	Autoptimize <= 3.1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting — Autoptimize	6.4	Medium	2025-12-03
CVE-2025-13448	CSSIgniter Shortcodes <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'element' Shortcode Attribute — CSSIgniter Shortcodes	6.4	Medium	2025-12-03
CVE-2025-66468	Aimeos GrapesJS CMS extension possible stores XSS exploitable by authenticated editors — ai-cms-grapesjs	7.7	High	2025-12-02
CVE-2025-66460	Lookyloo vulnerable to XSS due to lack of escaping in HTML elements passed to Datatables — lookyloo	7.5^AI	High^AI	2025-12-02
CVE-2025-66459	Lookyloo vulnerable to XSS due to unescaped error message passed to innerHTML — lookyloo	6.1^AI	Medium^AI	2025-12-02
CVE-2025-66458	Lookyloo has multiple XSS due to unsafe use of f-strings in Markup — lookyloo	6.1^AI	Medium^AI	2025-12-02
CVE-2025-13505	Stored XSS in Datateam's Datactive — Datactive	4.8	Medium	2025-12-02
CVE-2025-13731	Nexter Extension <= 4.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Nexter Extension – Security, Performance, Code Snippets & Site Toolkit	6.4	Medium	2025-12-02
CVE-2025-40700	Reflected Cross-Site Scripting (XSS) in Governalia by IDI Eikon — Governalia	6.1^AI	Medium^AI	2025-12-02
CVE-2025-13873	The feature to import a survey is prone to stored Cross-Site Script attacks — Opinio	5.4^AI	Medium^AI	2025-12-02
CVE-2025-13007	WP Social Ninja – Embed Social Feeds, Customer Reviews, Chat Widgets (Google Reviews, YouTube Feed, Photo Feeds, and More) <= 3.20.3 - Unauthenticated Stored Cross-Site Scripting via External Content Import — WP Social Ninja – Embed Social Feeds, User Reviews & Chat Widgets	6.1	Medium	2025-12-02
CVE-2025-13387	Kadence WooCommerce Email Designer <= 1.5.17 - Unauthenticated Stored Cross-Site Scripting — Kadence WooCommerce Email Designer	7.2	High	2025-12-02
CVE-2025-13697	BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library <= 2.2.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via `timestamp` Attribute — BlockArt Blocks – Gutenberg Blocks, Page Builder Blocks ,WordPress Block Plugin, Sections & Template Library	6.4	Medium	2025-12-02
CVE-2025-66412	Angular Stored XSS Vulnerability via SVG Animation, SVG URL and MathML Attributes — angular	6.1^AI	Medium^AI	2025-12-01
CVE-2025-66403	FileRise Vulnerable to Stored XSS via SVG Upload — FileRise	4.6	Medium	2025-12-01
CVE-2025-66312	Grav Admin Plugin vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/accounts/groups/[group]` parameter `data[readableName]` — grav	5.4^AI	Medium^AI	2025-12-01
CVE-2025-66311	Grav vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/pages/[page]` in Multiples parameters — grav	5.4^AI	Medium^AI	2025-12-01
CVE-2025-66310	Grav vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/pages/[page]` parameter `data[header][template]` in Advanced Tab — grav	5.4^AI	Medium^AI	2025-12-01
CVE-2025-66309	Grav vulnerable to Cross-Site Scripting (XSS) Reflected endpoint /admin/pages/[page], parameter data[header][content][items], located in the "Blog Config" tab — grav	6.1^AI	Medium^AI	2025-12-01
CVE-2025-66308	Grav Admin Plugin vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/config/site` parameter `data[taxonomies]` — grav	5.4^AI	Medium^AI	2025-12-01
CVE-2025-13835	WordPress Arconix Shortcodes plugin <= 2.1.20 - Cross Site Scripting (XSS) vulnerability — Arconix Shortcodes	6.5	Medium	2025-12-01
CVE-2025-41070	Reflected Cross-site Scripting (XSS) in Sanoma's Clickedu — Clickedu	6.1^AI	Medium^AI	2025-12-01
CVE-2025-13802	jairiidriss RestaurantWebsite Make a Reservation cross site scripting — RestaurantWebsite	4.3	Medium	2025-12-01
CVE-2025-13795	codingWithElias School Management System Edit Student Info student-view.php cross site scripting — School Management System	2.4	Low	2025-11-30
CVE-2025-13793	winston-dsouza Ecommerce-Website GET Parameter header_menu.php cross site scripting — Ecommerce-Website	4.3	Medium	2025-11-30
CVE-2025-13784	yungifez Skuul School Management System SVG File edit cross site scripting — Skuul School Management System	2.4	Low	2025-11-30
CVE-2025-66421	Tryton sao 跨站脚本漏洞 — sao	5.4	Medium	2025-11-30
CVE-2025-66420	Tryton sao 跨站脚本漏洞 — sao	5.4	Medium	2025-11-30
CVE-2025-66036	Retro is vulnerable to XSS vulnerability in input handling component — Retro	6.1	Medium	2025-11-29
CVE-2025-13692	Unlimited Elements For Elementor and Unlimited Elements For Elementor (Premium) <= 2.0 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload — Unlimited Elements for Elementor (Premium)	7.2	High	2025-11-27

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21527 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21527