CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21529

21529 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-12580	SMS for WordPress <= 1.1.8 - Reflected Cross-Site Scripting — SMS for WordPress	6.1	Medium	2025-11-05
CVE-2025-62722	LinkAce: Stored XSS Vulnerability in Link Title Field Through Social Media Sharing Feature — LinkAce	5.4^AI	Medium^AI	2025-11-04
CVE-2025-62715	ClipBucket v5: Stored XSS via Collection Tags — clipbucket-v5	5.4^AI	Medium^AI	2025-11-04
CVE-2025-12184	MeetingList <= 0.11 - Authenticated (Admin+) Stored Cross-Site Scripting — MeetingList	4.4	Medium	2025-11-04
CVE-2025-12045	Orbit Fox Companion <= 3.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via Post Taxonomy — Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More	6.4	Medium	2025-11-04
CVE-2025-12396	Clubmember <= 0.2 - Authenticated (Admin+) Stored Cross-Site Scripting — clubmember	4.4	Medium	2025-11-04
CVE-2025-11812	Reuse Builder <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Reuse Builder	6.4	Medium	2025-11-04
CVE-2025-11753	Multi-language Responsive Portfolio WordPress <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting — Bootstrap Multi-language Responsive Portfolio	4.4	Medium	2025-11-04
CVE-2025-12065	WP Carticon <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting — WP Carticon	4.4	Medium	2025-11-04
CVE-2025-11733	Footnotes Made Easy <= 3.0.7 - Unauthenticated Stored Cross-Site Scripting — Footnotes Made Easy	7.2	High	2025-11-04
CVE-2025-12371	Nari Accountant <= 1.0.12 - Authenticated (Editor+) Stored Cross-Site Scripting — Nari Accountant	4.4	Medium	2025-11-04
CVE-2025-12369	Extensions for Leaflet Map <= 4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting — Extensions for Leaflet Map	6.4	Medium	2025-11-04
CVE-2025-12393	Free Quotation <= 3.1.6 - Authenticated (Admin+) Stored Cross-Site Scripting — Free Quotation	4.4	Medium	2025-11-04
CVE-2025-12324	TablePress – Tables in WordPress made easy <= 3.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — TablePress – Tables in WordPress made easy	6.4	Medium	2025-11-04
CVE-2025-11841	Greenshift – animation and page builder blocks <= 12.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Chart Data Attributes — Greenshift – animation and page builder blocks	6.4	Medium	2025-11-04
CVE-2021-47698	Nagios XI < 5.8.7 XSS in Core UI Views URL handling — XI	6.1^AI	Medium^AI	2025-11-03
CVE-2025-36172	Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for 24.0.0-IF007, 24.0.1-IF005 and 25.0.0-IF002 — Cloud Pak for Business Automation	6.4	Medium	2025-11-03
CVE-2025-10280	Incorrect Content Type Cross-Site Scripting Vulnerability — IdentityIQ	7.1	High	2025-11-03
CVE-2025-6988	Kallyas <= 4.23.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — KALLYAS - Creative eCommerce Multi-Purpose WordPress Theme	6.4	Medium	2025-11-01
CVE-2025-11502	Schema & Structured Data for WP & AMP <= 1.51 - Authenticated (Contributor+) Stored Cross-Site Scripting — Schema & Structured Data for WP & AMP	6.4	Medium	2025-11-01
CVE-2025-12090	Employee Spotlight – Team Member Showcase & Meet the Team Plugin <= 5.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — Employee Spotlight – Team Member Showcase & Meet the Team Plugin	6.4	Medium	2025-11-01
CVE-2025-11927	Flying Images: Optimize and Lazy Load Images for Faster Page Speed <= 2.4.14 - Authenticated (Admin+) Stored Cross-Site Scripting — Flying Images: Optimize and Lazy Load Images for Faster Page Speed	4.4	Medium	2025-11-01
CVE-2025-12118	Schema Scalpel <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title in JSON-LD Schema — Schema Scalpel	6.4	Medium	2025-11-01
CVE-2025-11995	Community Events <= 1.5.2 - Unauthenticated Stored Cross-Site Scripting — Community Events	7.2	High	2025-11-01
CVE-2025-11928	CSS & JavaScript Toolbox <= 12.0.5 - Authenticated (Admin+) Stored Cross-Site Scripting — CSS & JavaScript Toolbox	4.4	Medium	2025-11-01
CVE-2025-11922	Inactive Logout <= 3.5.5 - Authenticated (Subscriber+) Stored Cross-Site Scripting — Inactive Logout	6.4	Medium	2025-11-01
CVE-2025-12546	LogicalDOC Community Edition API Key creation UI cross site scripting — Community Edition	3.5	Low	2025-10-31
CVE-2025-62267	Liferay Portal和Liferay DXP 跨站脚本漏洞 — Portal	6.1	-	2025-10-31
CVE-2025-62264	Liferay Portal和Liferay DXP 跨站脚本漏洞 — Portal	6.1	-	2025-10-31
CVE-2025-12460	Stored XSS vulnerability in Afterlogic Aurora webmail — Aurora	6.1	-	2025-10-31

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21529 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21529