Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21527

21527 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-11802 Bulma Shortcodes <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Bulma Shortcodes 6.4 Medium2025-11-21
CVE-2025-11763 Display Pages Shortcode <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Display Pages Shortcode 6.4 Medium2025-11-21
CVE-2025-13135 HotelRunner Booking Widget <= 5.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting — HotelRunner Booking Widget 6.4 Medium2025-11-21
CVE-2025-11764 Shortcodes Bootstrap <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Shortcodes Bootstrap 6.4 Medium2025-11-21
CVE-2025-11799 Affiliate AI Lite <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Affiliate AI Lite 6.4 Medium2025-11-21
CVE-2025-12135 WPBookit <= 1.0.6 - Unauthenticated Stored Cross-Site Scripting — WPBookit 7.2 High2025-11-21
CVE-2025-13159 Flo Forms – Easy Drag & Drop Form Builder <= 1.0.43 - Unauthenticated Stored Cross-Site Scripting via SVG Upload — Flo Forms – Easy Drag & Drop Form Builder 7.1 High2025-11-21
CVE-2025-11885 EchBay Admin Security <= 1.3.0 - Reflected Cross-Site Scripting — EchBay Admin Security 6.1 Medium2025-11-21
CVE-2025-11770 BrightTALK WordPress Shortcode <= 2.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — BrightTALK WordPress Shortcode 6.4 Medium2025-11-21
CVE-2025-11768 Islamic Phrases <= 2.12.2015 - Authenticated (Contributor+) Stored Cross-Site Scripting — Islamic Phrases 6.4 Medium2025-11-21
CVE-2025-11767 Tips Shortcode <= 0.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Tips Shortcode 6.4 Medium2025-11-21
CVE-2025-11801 AudioTube <= 0.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — AudioTube 6.4 Medium2025-11-21
CVE-2025-11765 Stock Tools <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Stock Tools 6.4 Medium2025-11-21
CVE-2025-12661 Pollcaster Shortcode Plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Pollcaster Shortcode Plugin 6.4 Medium2025-11-21
CVE-2025-12660 Padlet Shortcode <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Padlet Shortcode 6.4 Medium2025-11-21
CVE-2025-12746 Tainacan <= 1.0.0 - Reflected Cross-Site Scripting — Tainacan 6.1 Medium2025-11-21
CVE-2025-61949 LogStare Collector 跨站脚本漏洞 — LogStare Collector (for Windows) 5.4 -2025-11-21
CVE-2025-13484 Campcodes Complete Online Beauty Parlor Management System customer-list.php cross site scripting — Complete Online Beauty Parlor Management System 2.4 Low2025-11-20
CVE-2025-62459 Microsoft Defender Portal Spoofing Vulnerability — Microsoft 365 Defender Portal 8.3 High2025-11-20
CVE-2025-36153 IBM Concert Cross-Site Scripting — Concert 6.1 Medium2025-11-20
CVE-2025-35029 Medical Informatics Engineering Enterprise Health stored cross site scripting via Demographic Information page — Enterprise Health 3.5 Low2025-11-20
CVE-2025-62731 Stored XSS in SOPlanning — SOPlanning 5.4 -2025-11-20
CVE-2025-62729 Stored XSS in SOPlanning — SOPlanning 5.4 -2025-11-20
CVE-2025-62297 Stored XSS in SOPlanning — SOPlanning 5.4 -2025-11-20
CVE-2025-62296 Stored XSS in SOPlanning — SOPlanning 5.4 -2025-11-20
CVE-2025-62295 Stored XSS in SOPlanning — SOPlanning 5.4 -2025-11-20
CVE-2025-13469 Public Knowledge Project omp/ojs Payment Instructions Setting paymentForm.tpl cross site scripting — omp 2.4 Low2025-11-20
CVE-2025-0643 XSS in Narkom Communication Technologies' Pyxis Signage — Pyxis Signage 7.2 High2025-11-20
CVE-2025-64984 Kaspersky Endpoint Security和Kaspersky Industrial CyberSecurity for Linux Nodes 安全漏洞 — Kaspersky Endpoint Security 6.1 Medium2025-11-20
CVE-2025-5092 Multiple Plugins and Themes <= (Various Versions) - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via lightGallery JavaScript Library — LightGallery WP 6.4 Medium2025-11-20

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21527 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.