Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21529

21529 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-55757 Extension - virtuemart.net - XSS in VirtueMart component 1.0.0 - 4.4.10 for Joomla — Virtuemart component for Joomla 6.1 -2025-10-25
CVE-2025-11897 The7 — Ultimate WordPress & WooCommerce Theme <= 12.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'the7_fancy_title_css' — The7 — Website and eCommerce Builder for WordPress 6.4 Medium2025-10-25
CVE-2025-11875 SpendeOnline.org <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — SpendeOnline.org 6.4 Medium2025-10-25
CVE-2025-10580 Widget Options – The #1 WordPress Widget & Block Control Plugin <= 4.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets 6.4 Medium2025-10-25
CVE-2025-12034 Fast Velocity Minify <= 3.5.1 - Authenticated (Admin+) Stored Cross-Site Scripting — Fast Velocity Minify 4.4 Medium2025-10-25
CVE-2025-10737 Open Source Genesis Framework <= 3.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes — Open Source Genesis Framework 6.4 Medium2025-10-25
CVE-2025-8588 Gutenberg Blocks – PublishPress Blocks Controls, Visibility, Reusable Blocks <= 3.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting — PublishPress Blocks – Block Controls, Block Visibility, Block Permissions 6.4 Medium2025-10-25
CVE-2025-8413 Listeo <= 2.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via soundcloud Shortcode — Listeo - Directory & Listings With Booking - WordPress Theme 6.4 Medium2025-10-25
CVE-2025-8666 Testimonial Carousel For Elementor <= 11.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets — Testimonial Carousel For Elementor 6.4 Medium2025-10-25
CVE-2025-11238 Watu Quiz <= 3.4.4 - Unauthenticated Stored Cross-Site Scripting via HTTP Referer — Watu Quiz 7.2 High2025-10-25
CVE-2025-62716 Plane Vulnerable to Cross-Site Scripting via Open Redirect in ?next_path Parameter — plane 8.1 High2025-10-24
CVE-2025-12017 VNPAY for Woocommerce <= 1.0.0 - Reflected Cross-Site Scripting — VNPAY Payment gateway 6.1 Medium2025-10-24
CVE-2025-12096 Simple Excel Pricelist for WooCommerce <= 1.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Simple Excel Pricelist for WooCommerce 6.4 Medium2025-10-24
CVE-2025-10701 Time Clock – A WordPress Employee & Volunteer Time Clock Plugin <= 1.3.1 - Authenticated (Custom+) Stored Cross-Site Scripting — Time Clock – A WordPress Employee & Volunteer Time Clock Plugin 6.4 Medium2025-10-24
CVE-2025-12016 qnotsquiz <= 1.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting — qnotsquiz 4.4 Medium2025-10-24
CVE-2025-9158 Stored XSS in Request Tracker — Request Tracker 5.4 -2025-10-24
CVE-2025-61931 Pleasanter 跨站脚本漏洞 — Pleasanter 5.4 -2025-10-24
CVE-2025-58070 Pleasanter 跨站脚本漏洞 — Pleasanter 5.4 -2025-10-24
CVE-2025-7730 Bold Page Builder <= 5.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via `percentage` Parameter — Bold Page Builder 6.4 Medium2025-10-23
CVE-2025-62255 Liferay Portal和Liferay DXP 跨站脚本漏洞 — Portal 6.1AIMediumAI2025-10-23
CVE-2025-1679 Moxa Ethernet switches 安全漏洞 — TN-4500A Series 4.8AIMediumAI2025-10-23
CVE-2025-53701 XSS vulnerability in Vilar VS-IPC1002 IP cameras — VS-IPC1002 6.1AIMediumAI2025-10-23
CVE-2025-8427 Beaver Builder Plugin (Starter Version) <= 2.9.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'auto_play' — Beaver Builder Plugin (Starter Version) 6.4 Medium2025-10-23
CVE-2025-40643 Stored Cross-Site Scripting (XSS) in Energy CRM by Status Tracker — Energy CRM 5.4AIMediumAI2025-10-23
CVE-2025-9981 Multiple Stored XSS in QuickCMS — QuickCMS 4.8AIMediumAI2025-10-23
CVE-2025-9980 Multiple Stored XSS in QuickCMS — QuickCMS 4.8AIMediumAI2025-10-23
CVE-2025-10914 Reflected XSS in Proliz's OBS — OBS (Student Affairs Information System) 7.6 High2025-10-23
CVE-2025-10727 Reflected XSS in ArkSigner's AcBakImzala — AcBakImzala 5.4 Medium2025-10-23
CVE-2025-54806 Weseek Growi 跨站脚本漏洞 — GROWI 6.1AIMediumAI2025-10-23
CVE-2025-62499 Six Apart Movable Type 跨站脚本漏洞 — Movable Type (Software Edition) 5.4AIMediumAI2025-10-23

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21529 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.