CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21527

21527 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-13450	SourceCodester Online Shop Project register.php cross site scripting — Online Shop Project	3.5	Low	2025-11-20
CVE-2025-13415	icret EasyImages SVG Image upload.php cross site scripting — EasyImages	3.5	Low	2025-11-19
CVE-2025-11884	Cross-site Scripting vulnerability discovered in OpenText™ Universal Discovery and CMDB — uCMDB	4.8^AI	Medium^AI	2025-11-19
CVE-2025-13412	Campcodes Retro Basketball Shoes Online Store admin_running.php cross site scripting — Retro Basketball Shoes Online Store	2.4	Low	2025-11-19
CVE-2025-65095	Lookyloo is vulnerable due to improper user input sanitization — lookyloo	6.1^AI	Medium^AI	2025-11-19
CVE-2025-65019	Astro Cloudflare adapter has a Stored Cross Site Scripting vulnerability in /_image endpoint — astro	5.4	Medium	2025-11-19
CVE-2025-11963	Reflected XSS in Saysis's StarCities — StarCities	5.4	Medium	2025-11-19
CVE-2024-8528	ALC WebCTRL Carrier i-Vu Reflected XSS due to unsanitized parameter — WebCtrl	6.1^AI	Medium^AI	2025-11-19
CVE-2025-13206	GiveWP - Donation Plugin and Fundraising Platform <= 4.13.0 - Unauthenticated Stored Cross-Site Scripting via 'name' — GiveWP – Donation Plugin and Fundraising Platform	7.2	High	2025-11-19
CVE-2025-12484	Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers <= 1.12.19 - Unauthenticated Stored Cross-Site Scripting — Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers	7.2	High	2025-11-19
CVE-2025-12878	FunnelKit – Funnel Builder for WooCommerce Checkout <= 3.13.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via wfop_phone Shortcode — FunnelKit – Funnel Builder for WooCommerce Checkout	6.4	Medium	2025-11-19
CVE-2025-12710	Pet-Manager – Petfinder <= 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via kwm-petfinder Shortcode — Pet-Manager – Petfinder	6.4	Medium	2025-11-19
CVE-2025-13054	User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor <= 3.14.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor	6.4	Medium	2025-11-19
CVE-2025-6251	Royal Elementor Addons and Templates <= 1.7.1036 - Authenticated (Contributor+) Stored Cross-Site Scripting — Royal Addons for Elementor – Addons and Templates Kit for Elementor	6.4	Medium	2025-11-19
CVE-2025-65013	LibreNMS vulnerable to Reflected Cross-Site Scripting (XSS) in endpoint `/maps/nodeimage` parameter `Image Name` — librenms	6.2	Medium	2025-11-18
CVE-2025-65012	Kirby CMS has cross-site scripting (XSS) in the changes dialog — kirby	4.6^AI	Medium^AI	2025-11-18
CVE-2025-64325	Emby Server is Vulnerable to Remote Code Execution Through XSS in Admin Dashboard — Emby.Security	4.3^AI	Medium^AI	2025-11-18
CVE-2025-12761	Simple multi step form - Moderately critical - Cross-site Scripting - SA-CONTRIB-2025-116 — Simple multi step form	6.1^AI	Medium^AI	2025-11-18
CVE-2025-13349	SourceCodester Student Grades Management System Add New Grade grades.php cross site scripting — Student Grades Management System	3.5	Low	2025-11-18
CVE-2025-59117	Multiple Stored XSS in Windu CMS — Windu CMS	4.8^AI	Medium^AI	2025-11-18
CVE-2025-59115	Stored XSS in Windu CMS — Windu CMS	5.4^AI	Medium^AI	2025-11-18
CVE-2025-13343	SourceCodester Interview Management System editQuestion.php cross site scripting — Interview Management System	3.5	Low	2025-11-18
CVE-2025-41350	Stored Cross-Site Scripting (XSS) in WinPlus by Informática del Este — WinPlus	5.4^AI	Medium^AI	2025-11-18
CVE-2025-41349	Stored Cross-Site Scripting (XSS) in WinPlus by Informática del Este — WinPlus	5.4^AI	Medium^AI	2025-11-18
CVE-2025-12691	Photonic Gallery & Lightbox for Flickr, SmugMug & Others <= 3.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via Caption Attribute — Photonic Gallery & Lightbox for Flickr, SmugMug & Others	6.4	Medium	2025-11-18
CVE-2025-12457	Enable SVG, WebP, and ICO Upload <= 1.1.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Uploads — Enable SVG, WebP, and ICO Upload	6.4	Medium	2025-11-18
CVE-2025-12088	Meta Display Block <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Meta Display Block	6.4	Medium	2025-11-18
CVE-2025-12079	WP Twitter Auto Publish <= 1.7.4 - Reflected Cross-Site Scripting via PostMessage — WP Twitter Auto Publish	6.1	Medium	2025-11-18
CVE-2025-13196	Element Pack Addons for Elementor <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Open Street Map widget — Element Pack – Widgets, Templates & Addons for Elementor	5.4	Medium	2025-11-18
CVE-2025-4212	Checkout Files Upload for WooCommerce <= 2.2.1 - Unauthenticated Stored Cross-Site Scripting — Checkout Files Upload for WooCommerce	7.2	High	2025-11-18

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21527 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21527