CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21529

21529 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-6815	LatePoint <= 5.1.94 - Authenticated (Administrator+) Stored Cross-Site Scripting — LatePoint – Calendar Booking Plugin for Appointments and Events	5.5	Medium	2025-09-30
CVE-2025-8777	planetcalc <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via language Parameter — planetcalc	6.4	Medium	2025-09-30
CVE-2025-10196	SurveyAnyplace Plugin <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Survey Anyplace	6.4	Medium	2025-09-30
CVE-2025-8214	The Pack Elementor addon <= 2.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Typing Letter Widget — The Pack Elementor addon	6.4	Medium	2025-09-30
CVE-2025-8608	Mihdan: Elementor Yandex Maps <= 1.6.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Marker Pins — Maps from Yandex for Elementor	6.4	Medium	2025-09-30
CVE-2025-10189	BP Direct Menus <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — BP Direct Menus	6.4	Medium	2025-09-30
CVE-2025-10168	Any News Ticker <= 3.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Any News Ticker	6.4	Medium	2025-09-30
CVE-2025-10182	dbview <= 0.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting — dbview	6.4	Medium	2025-09-30
CVE-2025-8623	WeedMaps Menu for WordPress <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via weedmaps_menu Shortcode — WeedMaps Menu for WordPress	6.4	Medium	2025-09-30
CVE-2025-8624	Nexa Blocks <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Google Maps Widget — Nexa Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE	6.4	Medium	2025-09-30
CVE-2025-10191	Big Post Shipping for WooCommerce <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — Big Post Shipping for WooCommerce	6.4	Medium	2025-09-30
CVE-2025-10131	All Social Share Options <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — All Social Share Options	6.4	Medium	2025-09-30
CVE-2025-8560	FancyTabs <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via title Parameter — FancyTabs	6.4	Medium	2025-09-30
CVE-2025-9852	Yoga Schedule Momoyoga <= 2.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Yoga Schedule Momoyoga	6.4	Medium	2025-09-30
CVE-2025-10130	Layers <= 0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting — Layers	6.4	Medium	2025-09-30
CVE-2025-10179	My AskAI <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — My AskAI	6.4	Medium	2025-09-30
CVE-2025-8566	GutenBee – Gutenberg Blocks <= 2.18.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — GutenBee – Gutenberg Blocks	6.4	Medium	2025-09-30
CVE-2025-59948	FreshRSS is vulnerable to XSS due to lack of CSP on HTML query page — FreshRSS	6.7	Medium	2025-09-29
CVE-2025-43817	Liferay Portal和Liferay DXP 跨站脚本漏洞 — Portal	6.1^AI	Medium^AI	2025-09-29
CVE-2025-43812	Liferay Portal和Liferay DXP 跨站脚本漏洞 — Portal	5.4^AI	Medium^AI	2025-09-29
CVE-2025-43811	Liferay Portal和Liferay DXP 跨站脚本漏洞 — Portal	5.4^AI	Medium^AI	2025-09-29
CVE-2025-43820	Liferay Portal和Liferay DXP 跨站脚本漏洞 — Portal	5.4^AI	Medium^AI	2025-09-29
CVE-2025-43818	Liferay Portal和Liferay DXP 跨站脚本漏洞 — Portal	5.4^AI	Medium^AI	2025-09-29
CVE-2025-57769	FressRSS: Clickjacking can lead to XSS and/or privilege escalation — FreshRSS	8.8^AI	High^AI	2025-09-29
CVE-2025-43815	Liferay Portal和Liferay DXP 跨站脚本漏洞 — Portal	6.1^AI	Medium^AI	2025-09-29
CVE-2025-35034	Medical Informatics Engineering Enterprise Health reflected cross site scripting via portlet_user_id — Enterprise Health	4.3	Medium	2025-09-29
CVE-2025-57871	BUG-000174020 - Reflected XSS vulnerability identified in Portal for ArcGIS. (11.3, 11.1, 10.9.1) — Portal for ArcGIS	4.8	Medium	2025-09-29
CVE-2025-57873	BUG-000175222 - Reflected XSS vulnerability in Portal for ArcGIS. — Portal for ArcGIS	4.8	Medium	2025-09-29
CVE-2025-57874	BUG-000161627 - Reflected XSS vulnerability in Portal for ArcGIS. (11.3, 11.1, 10.9.1) — Portal for ArcGIS	4.8	Medium	2025-09-29
CVE-2025-57875	BUG-000164122 - Reflected XSS vulnerability in Portal for ArcGIS. — Portal for ArcGIS	4.8	Medium	2025-09-29

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21529 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21529