CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21527

21527 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-13068	Telegram Bot & Channel <= 4.1 - Unauthenticated Stored Cross-Site Scripting via Telegram Username — Telegram Bot & Channel	7.2	High	2025-11-25
CVE-2025-64730	Sony SNC-CX600W 跨站脚本漏洞 — SNC-CX600W	6.1^AI	Medium^AI	2025-11-25
CVE-2025-10555	Stored Cross-site Scripting (XSS) vulnerability affecting Service Items Management in DELMIA Service Process Engineer on Release 3DEXPERIENCE R2025x — DELMIA Service Process Engineer	8.7	High	2025-11-24
CVE-2025-10554	Stored Cross-site Scripting (XSS) vulnerability affecting Requirements in ENOVIA Product Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x — ENOVIA Product Manager	8.7	High	2025-11-24
CVE-2025-41087	Cross-Site Scripting (XSS) stored in Taclia's web application — Taclia's web application	5.4^AI	Medium^AI	2025-11-24
CVE-2025-12739	Cross-Site Scripting (XSS) in Looker's Extension Loader leading to Admin Account Compromise — Looker	7.6^AI	High^AI	2025-11-24
CVE-2025-13584	Eigenfocus Description cross site scripting — Eigenfocus	3.5	Low	2025-11-24
CVE-2025-13589	Otsuka Information Technology｜FMS - Reflected Cross-site Scripting — FMS	6.1^AI	Medium^AI	2025-11-24
CVE-2025-13577	PHPGurukul Hostel Management System register-complaint.php cross site scripting — Hostel Management System	3.5	Low	2025-11-24
CVE-2025-11186	Cookie Notice & Compliance for GDPR / CCPA <= 2.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Cookie Notice & Compliance for GDPR / CCPA	6.4	Medium	2025-11-22
CVE-2025-66111	WordPress Nelio Popups plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability — Nelio Popups	6.5	Medium	2025-11-21
CVE-2025-66098	WordPress Travelers' Map plugin <= 2.3.2 - Cross Site Scripting (XSS) vulnerability — Travelers' Map	6.5	Medium	2025-11-21
CVE-2025-66092	WordPress Accordion Slider plugin <= 1.9.13 - Cross Site Scripting (XSS) vulnerability — Accordion Slider	6.5	Medium	2025-11-21
CVE-2025-66090	WordPress SKT Skill Bar plugin <= 2.5 - Cross Site Scripting (XSS) vulnerability — SKT Skill Bar	6.5	Medium	2025-11-21
CVE-2025-66091	WordPress Stylish Cost Calculator plugin <= 8.1.5 - Cross Site Scripting (XSS) vulnerability — Stylish Cost Calculator	6.5	Medium	2025-11-21
CVE-2025-66093	WordPress Extensions for Leaflet Map plugin <= 4.8 - Cross Site Scripting (XSS) vulnerability — Extensions for Leaflet Map	6.5	Medium	2025-11-21
CVE-2025-66081	WordPress Head Meta Data plugin <= 20250327 - Cross Site Scripting (XSS) vulnerability — Head Meta Data	5.9	Medium	2025-11-21
CVE-2025-66067	WordPress Funnel Builder by FunnelKit plugin <= 3.13.1.2 - Cross Site Scripting (XSS) vulnerability — Funnel Builder by FunnelKit	6.5	Medium	2025-11-21
CVE-2025-66066	WordPress Envo Extra plugin <= 1.9.11 - Cross Site Scripting (XSS) vulnerability — Envo Extra	6.5	Medium	2025-11-21
CVE-2025-66057	WordPress Bold Page Builder plugin <= 5.5.2 - Cross Site Scripting (XSS) vulnerability — Bold Page Builder	6.5	Medium	2025-11-21
CVE-2025-66053	WordPress Enfold theme <= 7.1.2 - Cross Site Scripting (XSS) vulnerability — Enfold	6.5	Medium	2025-11-21
CVE-2025-12935	FluentCRM - Marketing Automation For WordPress <= 2.9.84 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'fluentcrm_content' Shortcode — FluentCRM – Email Newsletter, Automation, Email Marketing, Email Campaigns, Optins, Leads, and CRM Solution	6.4	Medium	2025-11-21
CVE-2025-12160	Simple User Registration <= 6.6 - Unauthenticated Stored Cross-Site Scripting — Simple User Registration	7.2	High	2025-11-21
CVE-2025-12964	Magical Products Display <= 1.1.29 - Authenticated (Contributor+) Stored Cross-Site Scripting via MPD Pricing Table Widget — Magical Shop Builder – WooCommerce Template Builder for Elementor \| Shop, Cart, Checkout & Product Page Builder	6.4	Medium	2025-11-21
CVE-2025-12066	WP Delete Post Copies <= 6.0.2 - Authenticated (Admin+) Stored Cross-Site Scripting — WP Delete Post Copies	4.4	Medium	2025-11-21
CVE-2025-11808	Shortcode for Google Street View <= 0.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Shortcode for Google Street View	6.4	Medium	2025-11-21
CVE-2025-13141	HT Mega – Absolute Addons For Elementor <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Tag Attribute Injection — HT Mega Addons for Elementor – Elementor Widgets & Template Builder	6.4	Medium	2025-11-21
CVE-2025-11826	WP Company Info <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — WP Company Info	6.4	Medium	2025-11-21
CVE-2025-11803	WPSite Shortcode <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — WPSite Shortcode	6.4	Medium	2025-11-21
CVE-2025-11800	Surbma \| MiniCRM Shortcode <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Surbma \| MiniCRM Shortcode	6.4	Medium	2025-11-21

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21527 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21527