CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21529

21529 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-62653	Stored XSS through system messages in PollNY — MediaWiki PollNY extension	6.1^AI	Medium^AI	2025-10-17
CVE-2025-62652	Stored XSS in WebAuthn key name — MediaWiki WebAuthn extension	5.4^AI	Medium^AI	2025-10-17
CVE-2025-62508	Citizen vulnerable to stored XSS in sticky header button messages — mediawiki-skins-Citizen	6.5	Medium	2025-10-17
CVE-2025-34281	Stored Cross-Site Scripting (XSS) in ThingsBoard — thingsboard	5.4^AI	Medium^AI	2025-10-17
CVE-2025-62430	ClipBucket v5 stored XSS via video/photo fields — clipbucket-v5	5.4	Medium	2025-10-17
CVE-2025-62421	DataEase vulnerable to stored cross-site scripting via file upload bypass — dataease	5.4^AI	Medium^AI	2025-10-17
CVE-2025-58747	Dify MCP OAuth Flow Vulnerable to XSS — dify	6.1^AI	Medium^AI	2025-10-17
CVE-2025-48087	WordPress Memberlite Shortcodes plugin <= 1.4.1 - Cross Site Scripting (XSS) vulnerability — Memberlite Shortcodes	6.5	Medium	2025-10-17
CVE-2025-34253	D-Link Nuclias Connect <= v1.3.1.4 Stored Cross-Site Scripting (XSS) — Nuclias Connect	5.4^AI	Medium^AI	2025-10-16
CVE-2025-62413	MQTTX vulnerable to cross-site scripting via improper message payload rendering — MQTTX	6.1	Medium	2025-10-16
CVE-2025-34512	Ilevia EVE X1 Server 4.7.18.0.eden Reflected XSS — EVE X1 Server	6.1^AI	Medium^AI	2025-10-16
CVE-2025-62412	LibreNMS alert-rules Cross-Site Scripting Vulnerability — librenms	3.8	Low	2025-10-16
CVE-2025-62411	Stored XSS in Alert Transport name field in LibreNMS — librenms	5.5	Medium	2025-10-16
CVE-2025-11851	Apeman ID71 set_alias.cgi cross site scripting — ID71	3.5	Low	2025-10-16
CVE-2025-55072	NEOJAPAN desknets NEO 跨站脚本漏洞 — desknet's NEO	5.4^AI	Medium^AI	2025-10-16
CVE-2025-54859	Desknets Neo 跨站脚本漏洞 — desknet's NEO	5.4^AI	Medium^AI	2025-10-16
CVE-2025-54760	Desknets Neo 跨站脚本漏洞 — desknet's NEO	5.4^AI	Medium^AI	2025-10-16
CVE-2025-52583	NEOJAPAN desknets Web Server 跨站脚本漏洞 — desknet's Web Server	6.1^AI	Medium^AI	2025-10-16
CVE-2025-24833	Desknets Neo 跨站脚本漏洞 — desknet's NEO	5.4^AI	Medium^AI	2025-10-16
CVE-2025-58115	ChatLuck 跨站脚本漏洞 — ChatLuck	6.1^AI	Medium^AI	2025-10-16
CVE-2025-53858	ChatLuck 跨站脚本漏洞 — ChatLuck	5.4^AI	Medium^AI	2025-10-16
CVE-2025-41021	Stored Cross-Site Scripting (XSS) vulnerability in Sergestec's Exito — SISTICK	5.4^AI	Medium^AI	2025-10-16
CVE-2025-11814	Ultimate Addons for WPBakery Page Builder < 3.21.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Ultimate Addons for WPBakery	6.4	Medium	2025-10-16
CVE-2025-62380	Mailgen has HTML Injection and XSS Filter Bypass in Plaintext Emails — mailgen	7.2^AI	High^AI	2025-10-15
CVE-2025-20351	Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Firmware Cross-Site Scripting Vulnerability — Cisco Session Initiation Protocol (SIP) Software	6.1	Medium	2025-10-15
CVE-2025-61933	BIG-IP APM cross-site scripting (XSS) vulnerability — BIG-IP	6.1	Medium	2025-10-15
CVE-2025-59269	BIG-IP Configuration utility XSS vulnerability — BIG-IP	6.1	Medium	2025-10-15
CVE-2025-10869	Stored Cross-Site Scripting (XSS) in Oct8ne Chatbot — Chatbot	5.4^AI	Medium^AI	2025-10-15
CVE-2025-10194	Shortcode Button <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting — Shortcode Button	6.4	Medium	2025-10-15
CVE-2025-10141	Digiseller <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — Digiseller	6.4	Medium	2025-10-15

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21529 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21529