Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21527

21527 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-64264 WordPress Popup addon for Ninja Forms plugin <= 3.5.1 - Cross Site Scripting (XSS) vulnerability — Popup addon for Ninja Forms 5.9 Medium2025-11-13
CVE-2025-11769 WordPress Content Flipper <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — WordPress Content Flipper 6.4 Medium2025-11-13
CVE-2025-8397 Save as PDF Button <= 1.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via restpackpdfbutton Shortcode — Save as PDF Button 6.4 Medium2025-11-13
CVE-2025-10295 Angel – Fashion Model Agency WordPress CMS Theme <= 3.2.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting — Angel – Fashion Model Agency WordPress CMS Theme 6.4 Medium2025-11-13
CVE-2025-64711 PrivateBin vulnerable to malicious filename use for self-XSS / HTML injection locally for users — PrivateBin 3.9 Low2025-11-13
CVE-2025-64716 Anubis vulnerable to possible XSS via redir parameter when using subrequest auth mode — anubis 6.1 -2025-11-13
CVE-2025-64710 Bitplatform Boilerplate has cross-site scripting vulnerability — bitplatform 6.1 -2025-11-13
CVE-2025-13058 soerennb eXtplorer Filename cross site scripting — eXtplorer 3.5 Low2025-11-12
CVE-2025-11994 Easy Email Subscription <= 1.3 - Unauthenticated Stored Cross-Site Scripting — Easy Email Subscription 7.2 High2025-11-12
CVE-2025-61623 Apache OFBiz: Reflected Cross-site Scripting — Apache OFBiz 6.1 -2025-11-12
CVE-2025-11962 Stored XSS in DivvyDrive Information Technologies' Digital Corporate Warehouse — Digital Corporate Warehouse 7.3 High2025-11-12
CVE-2025-12872 aEnrich|eHRD - Stored Cross-Site Scripting — a+HRD 5.4 Medium2025-11-12
CVE-2025-12869 aEnrich|eHRD - Stored Cross-Site Scripting — a+HRD 4.8 Medium2025-11-12
CVE-2025-12018 MembershipWorks <= 6.14 - Authenticated (Admin+) Stored Cross-Site Scripting — MembershipWorks – Membership, Events & Directory 4.4 Medium2025-11-12
CVE-2025-62211 Dynamics 365 Field Service (online) Spoofing Vulnerability — Dynamics 365 Field Service (online) 8.7 High2025-11-11
CVE-2025-62210 Dynamics 365 Field Service (online) Spoofing Vulnerability — Dynamics 365 Field Service (online) 8.7 High2025-11-11
CVE-2025-12101 Cross-Site Scripting (XSS) — ADC 6.1 -2025-11-11
CVE-2025-9227 Stored XSS — ManageEngine OpManager 6.5 Medium2025-11-11
CVE-2025-41106 Multiple vulnerabilities in Fairsketch's RISE CRM Framework — RISE CRM Framework 7.2 -2025-11-11
CVE-2025-41105 Multiple vulnerabilities in Fairsketch's RISE CRM Framework — RISE CRM Framework 7.2 -2025-11-11
CVE-2025-41104 Multiple vulnerabilities in Fairsketch's RISE CRM Framework — RISE CRM Framework 7.2 -2025-11-11
CVE-2025-41103 Multiple vulnerabilities in Fairsketch's RISE CRM Framework — RISE CRM Framework 7.2 -2025-11-11
CVE-2025-41102 Multiple vulnerabilities in Fairsketch's RISE CRM Framework — RISE CRM Framework 7.2 -2025-11-11
CVE-2025-41101 Multiple vulnerabilities in Fairsketch's RISE CRM Framework — RISE CRM Framework 7.2 -2025-11-11
CVE-2025-11960 Reflected XSS in Aryom's KVKNET — KVKNET 6.1 Medium2025-11-11
CVE-2025-7633 Stored XSS — ManageEngine Exchange Reporter Plus 7.3 High2025-11-11
CVE-2025-7632 Stored XSS — ManageEngine Exchange Reporter Plus 7.3 High2025-11-11
CVE-2025-7430 Stored XSS — ManageEngine Exchange Reporter Plus 7.3 High2025-11-11
CVE-2025-7429 Stored XSS — ManageEngine Exchange Reporter Plus 7.3 High2025-11-11
CVE-2025-12667 GitHub Gist Shortcode Plugin <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — GitHub Gist Shortcode Plugin 6.4 Medium2025-11-11

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21527 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.