Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21527

21527 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-26391 SolarWinds Observability Self-Hosted XSS Vulnerability — SolarWinds Observability Self-Hosted 5.4 Medium2025-11-18
CVE-2025-12078 ArtiBot Free Chat Bot for WebSites <= 1.1.7 - Reflected Cross-Site Scripting via PostMessage — ArtiBot Free Chat Bot for WebSites 6.1 Medium2025-11-18
CVE-2025-11868 everviz <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — everviz – Charts, Maps and Tables – Interactive and responsive 6.4 Medium2025-11-18
CVE-2025-8609 RTMKit Addons <= 1.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Accordion Repeater Block Attribute — RTMKit 6.4 Medium2025-11-18
CVE-2025-8605 Gutenify - Visual Site Builder Blocks & Site Templates <= 1.5.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Count Up block — Gutenify – Visual Site Builder Blocks & Site Templates. 6.4 Medium2025-11-18
CVE-2025-12823 CSV to SortTable <= 4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — CSV to SortTable 6.4 Medium2025-11-18
CVE-2025-55059 Maxum Rumpus FTP Server 跨站脚本漏洞 — FTP Server 4.8 Medium2025-11-17
CVE-2025-55056 Maxum Rumpus FTP Server 跨站脚本漏洞 — FTP Server 4.8 Medium2025-11-17
CVE-2025-64758 @dependencytrack/frontend Vulnerable to Persistent Cross-Site-Scripting via Welcome Message — frontend 4.8 Medium2025-11-17
CVE-2025-40834 Siemens Mendix RichText 跨站脚本漏洞 — Mendix RichText 5.7 Medium2025-11-17
CVE-2025-13245 code-projects Student Information System editprofile.php cross site scripting — Student Information System 3.5 Low2025-11-16
CVE-2025-13244 code-projects Student Information System register.php cross site scripting — Student Information System 4.3 Medium2025-11-16
CVE-2025-13232 projectsend File Editor/Custom Download Aliases cross site scripting — projectsend 3.5 Low2025-11-16
CVE-2025-13202 code-projects Simple Cafe Ordering System add_to_cart cross site scripting — Simple Cafe Ordering System 3.5 Low2025-11-15
CVE-2025-13186 Bdtask/CodeCanyon Isshue Multi Store eCommerce Shopping Cart Solution manage_customer cross site scripting — Isshue Multi Store eCommerce Shopping Cart Solution 2.4 Low2025-11-14
CVE-2025-13182 pojoin h3blog addtitle cross site scripting — h3blog 3.5 Low2025-11-14
CVE-2025-13181 pojoin h3blog add cross site scripting — h3blog 3.5 Low2025-11-14
CVE-2025-10018 Multiple Stored XSS in QuickCMS — QuickCMS 4.8 -2025-11-14
CVE-2025-12904 SNORDIAN's H5PxAPIkatchu <= 0.4.17 - Unauthenticated Stored Cross-Site Scripting via insert_data — SNORDIAN's H5PxAPIkatchu 7.2 High2025-11-14
CVE-2025-64744 OpenObserve Vulnerable to HTML Injection in Organization Invitation Emails — openobserve 3.5 Low2025-11-13
CVE-2025-64745 Astro development server error page vulnerable to reflected Cross-site Scripting — astro 2.7 Low2025-11-13
CVE-2025-59840 Vega Cross-Site Scripting (XSS) via expressions abusing toString calls in environments using the VEGA_DEBUG global variable — vega 8.1 High2025-11-13
CVE-2025-20353 Cisco Catalyst Center Cross-Site Scripting Vulnerability — Cisco Digital Network Architecture Center (DNA Center) 6.1 Medium2025-11-13
CVE-2025-62482 Zoom Workplace for Windows - Cross-site Scripting — Zoom Workplace 4.3 Medium2025-11-13
CVE-2025-40681 Cross-Site Scripting (XSS) in xCally Omnichannel — Omnichannel 6.1 -2025-11-13
CVE-2025-64383 WordPress Qi Blocks plugin <= 1.4.3 - Cross Site Scripting (XSS) vulnerability — Qi Blocks 6.5 Medium2025-11-13
CVE-2025-64380 WordPress Booster for WooCommerce plugin <= 7.3.2 - Cross Site Scripting (XSS) vulnerability — Booster for WooCommerce 6.5 Medium2025-11-13
CVE-2025-64381 WordPress Booking Calendar plugin <= 10.14.7 - Cross Site Scripting (XSS) vulnerability — Booking Calendar 6.5 Medium2025-11-13
CVE-2025-64292 WordPress Analytics Germanized for Google Analytics plugin <= 1.6.2 - Cross Site Scripting (XSS) vulnerability — Analytics Germanized for Google Analytics 6.5 Medium2025-11-13
CVE-2025-64275 WordPress Booking Manager plugin <= 2.1.17 - Cross Site Scripting (XSS) vulnerability — Booking Manager 6.5 Medium2025-11-13

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21527 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.