Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21529

21529 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-10612 XSS in GiSoft's City Guide — City Guide 6.1 Medium2025-10-21
CVE-2025-62701 Stored XSS through system messages — Mediawiki - Wikistories 5.4AIMediumAI2025-10-21
CVE-2025-62702 Stored XSS through system messages — Mediawiki - PageTriage Extension 6.1AIMediumAI2025-10-21
CVE-2025-62694 Stored XSS through a system message — Mediawiki - WikiLove Extension 5.4AIMediumAI2025-10-21
CVE-2025-62695 Stored XSS through system messages — Mediawiki - WikiLambda Extension 5.4AIMediumAI2025-10-21
CVE-2025-62657 Stored XSS through system messages in PageForms — MediaWiki PageForms extension 5.4AIMediumAI2025-10-20
CVE-2025-62656 GlobalBlocking Special:GlobalBlockList vulnerable to message key stored XSS — MediaWiki GlobalBlocking extension 5.4AIMediumAI2025-10-20
CVE-2025-62528 Taguette cross-site scripting vulnerability via tag name, tag description, document name and document description — taguette 5.4 Medium2025-10-20
CVE-2025-62698 Stored XSS through system messages in ExternalGuidance — Mediawiki - ExternalGuidance 6.1AIMediumAI2025-10-20
CVE-2025-62700 Stored XSS through a system message in MultiBoilerplate — Mediawiki - MultiBoilerplate Extensionmaste 5.4AIMediumAI2025-10-20
CVE-2025-62693 Stored XSS through system messages in LastModified — Mediawiki - LastModified Extension 6.1AIMediumAI2025-10-20
CVE-2025-8349 Cross-Site Scripting (XSS) stored in Tawk Live Chat — Live Chat 5.4AIMediumAI2025-10-20
CVE-2025-11946 LogicalDOC Community Edition Add Contact frontend.jsp cross site scripting — Community Edition 3.5 Low2025-10-19
CVE-2025-11945 toeverything AFFiNE Avatar Upload Image Endpoint cross site scripting — AFFiNE 3.5 Low2025-10-19
CVE-2025-11926 Related Posts Lite <= 1.12 - Authenticated (Admin+) Stored Cross-Site Scripting — Related Posts Lite 4.4 Medium2025-10-18
CVE-2025-11270 Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns <= 5.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns 6.4 Medium2025-10-18
CVE-2025-9562 Redirection for Contact Form 7 <= 3.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via qs_date Shortcode — Redirection for Contact Form 7 6.4 Medium2025-10-18
CVE-2025-10006 WPBakery Page Builder <= 8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting — WPBakery Page Builder 6.4 Medium2025-10-18
CVE-2025-11857 XX2WP Integration Tools <= 1.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting — XX2WP Integration Tools 6.4 Medium2025-10-18
CVE-2025-11937 Stored XSS through a system message in SecurePoll — Mediawiki - SecurePoll Extension 6.1AIMediumAI2025-10-18
CVE-2025-62667 Stored XSS through article extracts in GrowthExperiments — Mediawiki - GrowthExperiments Extension 6.1AIMediumAI2025-10-18
CVE-2025-62670 Stored XSS through a system message in FlexDiagrams — Mediawiki - FlexDiagrams Extension 6.1AIMediumAI2025-10-18
CVE-2025-62671 Stored XSS through wikitext in Cargo — Mediawiki - Cargo Extension 6.1AIMediumAI2025-10-18
CVE-2025-62662 Stored XSS through system messages in AdvancedSearch — Mediawiki - AdvancedSearch Extension 6.1AIMediumAI2025-10-18
CVE-2025-62663 Stored XSS through a system message in UploadWizard — Mediawiki - UploadWizard Extension 6.1AIMediumAI2025-10-18
CVE-2025-62664 Stored XSS through a system message in ImageRating — Mediawiki - ImageRating Extension 5.4AIMediumAI2025-10-18
CVE-2025-62665 Stored XSS through system messages in Skin:BlueSky — Mediawiki - Skin:BlueSky 6.1AIMediumAI2025-10-18
CVE-2020-36854 Async JavaScript <= 2.19.07.14 - Authenticated (Subscriber+) Stored Cross-Site Scripting — Async JavaScript 6.4 Medium2025-10-18
CVE-2020-36853 10WebMapBuilder <= 1.0.63 - Unauthenticated Stored Cross-Site Scripting via Plugin Settings Change — 10Web Map Builder for Google Maps 7.2 High2025-10-18
CVE-2025-62654 Stored XSS through system messages in QuizGame — MediaWiki QuizGame extension 5.4AIMediumAI2025-10-17

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21529 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.