Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21527

21527 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-59026 Open-Xchange OX App Suite 安全漏洞 — OX App Suite 5.4 Medium2025-11-27
CVE-2025-59025 Open-Xchange OX App Suite 安全漏洞 — OX App Suite 6.1 Medium2025-11-27
CVE-2025-30190 Open-Xchange OX App Suite 安全漏洞 — OX App Suite 5.4 Medium2025-11-27
CVE-2025-30186 Open-Xchange OX App Suite 安全漏洞 — OX App Suite 5.4 Medium2025-11-27
CVE-2025-13525 WP Directory Kit <= 1.4.5 - Reflected Cross-Site Scripting via 'order_by' Parameter — WP Directory Kit 6.1 Medium2025-11-27
CVE-2025-12123 Customer Reviews Collector for WooCommerce <= 4.6.1 - Reflected Cross-Site Scripting — Customer Reviews Collector for WooCommerce 6.1 Medium2025-11-27
CVE-2025-12185 StaffList <= 3.2.6 - Authenticated (Admin+) Stored Cross-Site Scripting — StaffList 4.4 Medium2025-11-27
CVE-2025-12151 Simple Folio <= 1.1.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting — Simple Folio 6.4 Medium2025-11-27
CVE-2025-12670 wp-twitpic <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — wp-twitpic 6.4 Medium2025-11-27
CVE-2025-12713 Soundslides <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via soundslides Shortcode — Soundslides 6.4 Medium2025-11-27
CVE-2025-12649 SortTable Post <= 4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — SortTable Post 6.4 Medium2025-11-27
CVE-2025-12712 Shouty <= 0.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shouty Shortcode Attributes — Shouty 6.4 Medium2025-11-27
CVE-2025-12666 Google Drive upload and download link <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Google Drive upload and download link 6.4 Medium2025-11-27
CVE-2024-5540 ALC WebCTRL Carrier i-Vu Reflected Cross-Site Scripting — WebCTRL 6.1 -2025-11-27
CVE-2025-66359 Logpoint SIEM 跨站脚本漏洞 — SIEM 8.5 High2025-11-27
CVE-2025-66040 Spotipy has a XSS vulnerability in OAuth callback server — spotipy 3.6 Low2025-11-26
CVE-2025-64130 Zenitel TCIV-3+ Cross-site Scripting — TCIV-3+ 9.8 Critical2025-11-26
CVE-2025-9163 Houzez <= 4.1.6 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload — Houzez 6.1 Medium2025-11-26
CVE-2025-66026 REDAXO is Vulnerable to Reflected XSS in Mediapool Info Banner via args[types] — redaxo 6.1 Medium2025-11-26
CVE-2025-66021 OWASP Java HTML Sanitizer is vulnerable to XSS via noscript tag and improper style tag sanitization — java-html-sanitizer 6.1AIMediumAI2025-11-26
CVE-2025-12848 XSS vulnerability when rendering filename in Webform Multiform — Drupal 6.1AIMediumAI2025-11-26
CVE-2025-66258 Stored Cross-Site Scripting via XML Injection — Mozart FM Transmitter 5.4AIMediumAI2025-11-26
CVE-2025-65956 Formwork CMS Has a Stored Cross-Site Scripting (XSS) Vulnerability in Blog Tags — formwork 6.5 Medium2025-11-25
CVE-2025-21621 GeoServer Reflected Cross-Site Scripting (XSS) vulnerability in WMS GetFeatureInfo HTML format — geoserver 6.1 Medium2025-11-25
CVE-2025-40890 Stored Cross-Site Scripting (XSS) in Dashboards in Guardian/CMC before 25.4.0 — Guardian 7.9 High2025-11-25
CVE-2025-12645 Inline frame – Iframe <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Inline frame – Iframe 6.4 Medium2025-11-25
CVE-2025-13311 Just Highlight <= 1.0.3 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Highlight Color' Setting — Just Highlight 4.4 Medium2025-11-25
CVE-2025-12025 YouTube Subscribe <= 3.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting via Title and Channel ID — YouTube Subscribe 4.4 Medium2025-11-25
CVE-2025-12032 ZWeb - Social Mobile <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting — Zweb Social Mobile – Ứng Dụng Nút Gọi Mobile 4.4 Medium2025-11-25
CVE-2025-13383 Job Board by BestWebSoft <= 1.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via $_GET Array Storage — Job Board by BestWebSoft 6.1 Medium2025-11-25

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21527 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.