Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21529

21529 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-12652 Ungapped Widgets <= 1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Ungapped Widgets 6.4 Medium2025-11-11
CVE-2025-11873 WP BBCode <= 1.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — WP BBCode 6.4 Medium2025-11-11
CVE-2025-11822 WP Bootstrap Tabs <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — WP Bootstrap Tabs 6.4 Medium2025-11-11
CVE-2025-42886 Reflected Cross-Site Scripting (XSS) vulnerability in SAP Business Connector — SAP Business Connector 6.1 Medium2025-11-11
CVE-2025-11892 DOM-based Cross-Site Scripting was identified in GitHub Enterprise Server Issues search allows privilege escalation and unauthorized workflow triggers — Enterprise Server 6.1 -2025-11-10
CVE-2025-64501 ProsemirrorToHtml: Cross-Site Scripting vulnerability through unescaped HTML attribute values — prosemirror_to_html 7.6 High2025-11-10
CVE-2025-62780 changedetection.io vulnerable to stored XSS in Watch update via API — changedetection.io 3.5 Low2025-11-10
CVE-2025-64167 Combodo iTop vulnerable to reflected XSS in webservices/export.php — iTop 7.1 High2025-11-10
CVE-2025-48065 Combodo iTop vulnerable to reflected XSS via objection edition form error — iTop 8.8 High2025-11-10
CVE-2025-48055 Combodo iTop has stored XSS in user portal's browse brick — iTop 8.5 High2025-11-10
CVE-2025-47932 Combodo iTop vulnerable to reflected XSS in ajax.render.php render_dashboard — iTop 8.8 High2025-11-10
CVE-2025-47773 Combodo iTop has XSS vulnerability in /pages/ajax.render.php — iTop 8.8 High2025-11-10
CVE-2025-41001 Cross-Site Scripting (XSS) in SOPlanning — SOPlanning 5.4 -2025-11-10
CVE-2025-41107 Stored XSS in Smart School — Smart Schoo 6.1 -2025-11-10
CVE-2025-12920 qianfox FoxCMS Product.php edit cross site scripting — FoxCMS 2.4 Low2025-11-09
CVE-2025-12837 aThemes Addons for Elementor <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Call To Action Widget — aThemes Addons for Elementor 6.4 Medium2025-11-08
CVE-2025-12643 Saphali LiqPay for donate <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Saphali LiqPay for donate 6.4 Medium2025-11-08
CVE-2025-12125 HTML Forms <= 1.5.5 - Authenticated (Admin+) Stored Cross-Site Scripting — HTML Forms – Simple WordPress Forms Plugin 4.4 Medium2025-11-08
CVE-2025-12112 Insert Headers and Footers Code – HT Script <= 1.1.6 - Authenticated (Author+) Stored Cross-Site Scripting — Insert Headers and Footers Code – HT Script 6.4 Medium2025-11-08
CVE-2025-12193 Mang Board WP <= 2.3.1 - Reflected Cross-Site Scripting — Mang Board WP 6.1 Medium2025-11-08
CVE-2025-12064 WP2Social Auto Publish <= 2.4.7 - Reflected Cross-Site Scripting via PostMessage — WP2Social Auto Publish 6.1 Medium2025-11-08
CVE-2025-64495 Open WebUI vulnerable to Stored DOM XSS via prompts when 'Insert Prompt as Rich Text' is enabled resulting in ATO/RCE — open-webui 8.7 High2025-11-08
CVE-2025-64491 SuiteCRM is vulnerable to unauthenticated reflected XSS through its Login page — SuiteCRM 6.1 Medium2025-11-08
CVE-2025-64442 HumHub is vulnerable to XSS through its Meta Search component — humhub 6.1 -2025-11-07
CVE-2025-36135 IBM Sterling B2B Integrator and IBM Sterling File Gateway are Vulnerable to Cross-Site Scripting — Sterling B2B Integrator 5.4 Medium2025-11-07
CVE-2025-54167 Notification Center — Notification Center 5.4 -2025-11-07
CVE-2025-54168 QuLog Center — QuLog Center 5.4 -2025-11-07
CVE-2025-57706 File Station 5 — File Station 5 5.4 -2025-11-07
CVE-2025-58465 Download Station — Download Station 5.4 -2025-11-07
CVE-2025-12520 WP Airbnb Review Slider <= 4.2 - Authenticated (Admin+) Stored Cross-Site Scripting — WP Airbnb Review Slider 4.0 Medium2025-11-07

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21529 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.