Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21529

21529 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-62178 WeGIA Cross-Site Scripting (XSS) Reflected endpoint '/html/atendido/cadastro_atendido_parentesco_pessoa_nova.php' parameter 'idatendido' — WeGIA 3.5 Low2025-10-13
CVE-2025-62246 Liferay Portal和Liferay DXP 跨站脚本漏洞 — Portal 5.4AIMediumAI2025-10-13
CVE-2025-11184 Cross-Site Scripting Vulnerability in QWC2 Registration GUI — qwc-registration-gui 5.4AIMediumAI2025-10-13
CVE-2025-11183 Cross-Site Scripting Vulnerability in QWC2 — QWC2 5.4AIMediumAI2025-10-13
CVE-2025-10558 Stored Cross-site Scripting (XSS) vulnerability affecting 3DSearch in 3DSwymer on Release 3DEXPERIENCE R2025x — 3DSwymer 8.7 High2025-10-13
CVE-2025-10557 Stored Cross-site Scripting (XSS) vulnerability affecting Issue Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x — ENOVIA Collaborative Industry Innovator 8.7 High2025-10-13
CVE-2025-10556 Stored Cross-site Scripting (XSS) vulnerability affecting Specification Management in ENOVIA Specification Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x — ENOVIA Specification Manager 8.7 High2025-10-13
CVE-2025-10552 Stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2025x — 3DSwymer 8.7 High2025-10-13
CVE-2025-27259 Ericsson Network Manager: improper neutralization of user controlled input — Ericsson Network Manager(ENM) 6.1AIMediumAI2025-10-13
CVE-2025-31994 HCL Unica Campaign is vulnerable to Reflected Cross-Site Scripting (XSS) — Unica Campaign 4.3 Medium2025-10-13
CVE-2025-10129 WordPress Live Webcam Widget & Shortcode <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — WordPress Live Webcam Widget & Shortcode 6.4 Medium2025-10-11
CVE-2025-10190 WP Easy Toggles <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — WP Easy Toggles 6.4 Medium2025-10-11
CVE-2025-7652 Easy Plugin Stats <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Easy Plugin Stats 6.4 Medium2025-10-11
CVE-2025-10167 Stock History & Reports Manager for WooCommerce <= 2.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — Stock History & Reports Manager for WooCommerce 6.4 Medium2025-10-11
CVE-2025-11197 Draft List <= 2.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Draft List 6.4 Medium2025-10-11
CVE-2025-9496 Enable Media Replace <= 4.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via file_modified Shortcode — Enable Media Replace 6.4 Medium2025-10-11
CVE-2025-9560 Colibri Page Builder <= 1.0.334 - Authenticated (Contributor+) Stored Cross-Site Scripting via colibri_newsletter Shortcode — Colibri Page Builder 6.4 Medium2025-10-11
CVE-2025-9550 Facets - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-100 — Facets 6.1AIMediumAI2025-10-10
CVE-2025-62237 Liferay Portal和Liferay DXP 跨站脚本漏洞 — Portal 5.4AIMediumAI2025-10-10
CVE-2025-62238 Liferay Portal和Liferay DXP 跨站脚本漏洞 — Portal 5.4AIMediumAI2025-10-10
CVE-2025-62239 Liferay Portal和Liferay DXP 跨站脚本漏洞 — Portal 5.4AIMediumAI2025-10-10
CVE-2025-7781 WP JobHunt <= 7.6 - Authenticated (Candidate+) Stored Cross-Site Scripting via ‘cs_job_title’ — WP JobHunt 6.4 Medium2025-10-10
CVE-2025-25017 Kibana Stored Cross-Site Scripting (XSS) — Kibana 8.2 High2025-10-10
CVE-2025-25018 Kibana Stored Cross-Site Scripting (XSS) — Kibana 8.7 High2025-10-10
CVE-2025-41089 Reflected Cross-Site Scripting (XSS) in CMS — Xibo CMS 6.1AIMediumAI2025-10-10
CVE-2025-41088 Stored Cross-Site Scripting (XSS) in CMS — Xibo CMS 5.4AIMediumAI2025-10-10
CVE-2025-40640 Stored Cross-Site Scripting (XSS) in Energy CRM by Status Tracker — Energy CRM 5.4AIMediumAI2025-10-10
CVE-2025-11570 Drupal Unified Twig Extensions 安全漏洞 — drupal-pattern-lab/unified-twig-extensions 4.6 Medium2025-10-10
CVE-2025-11449 Reflected Cross Site Scripting in ServiceNow AI Platform — ServiceNow AI Platform 6.1AIMediumAI2025-10-10
CVE-2025-11450 Reflected Cross Site Scripting in ServiceNow AI Platform — ServiceNow AI Platform 6.1AIMediumAI2025-10-10

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21529 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.