Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21529

21529 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-10490 Zephyr Project Manager <= 3.3.202 - Authenticated (Admin+) Stored Cross-Site Scripting — Zephyr Project Manager 4.4 Medium2025-09-26
CVE-2025-10136 TweetThis Shortcode <= 1.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — TweetThis Shortcode 6.4 Medium2025-09-26
CVE-2025-10180 Markdown Shortcode <= 0.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Markdown Shortcode 6.4 Medium2025-09-26
CVE-2025-9490 Popup Maker <= 1.20.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via title Parameter — Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popup Builder 6.4 Medium2025-09-26
CVE-2025-9044 Mapster WP Maps <= 1.20.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Mapster WP Maps 6.4 Medium2025-09-26
CVE-2025-8200 Mega Elements – Addons for Elementor <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer Widget — Mega Elements – Addons for Elementor 6.4 Medium2025-09-26
CVE-2025-10178 CM Business Directory <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — CM Business Directory – Optimise and showcase local business 6.4 Medium2025-09-26
CVE-2025-8906 Widgets for Tiktok Feed <= 1.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — Widgets for Tiktok Feed 6.4 Medium2025-09-26
CVE-2025-33116 IBM Watson Studio on Cloud Pak for Data cross-site scripting — Watson Studio on Cloud Pak for Data 4.4 Medium2025-09-25
CVE-2025-59838 Monkeytype Vulnerable to Self-XSS on loading saved custom text — monkeytype 6.1AIMediumAI2025-09-25
CVE-2025-59832 Horrila Stored XSS Vulnerability via Ticket Comment section — horilla 9.9 Critical2025-09-25
CVE-2025-10949 Changsha Developer Technology iView Editor Markdown cross site scripting — iView Editor 2.4 Low2025-09-25
CVE-2025-59839 Star Citizen EmbedVideo Extension Stored XSS through wikitext caused by usage of non-reserved data attributes — mediawiki-extensions-EmbedVideo 8.6 High2025-09-25
CVE-2025-10467 Stored XSS in Proliz Software's OBS — OBS (Student Affairs Information System) 8.9 High2025-09-25
CVE-2025-10946 nuz007 smsboom dy.php cross site scripting — smsboom 3.5 Low2025-09-25
CVE-2025-10945 nuz007 smsboom d.php cross site scripting — smsboom 3.5 Low2025-09-25
CVE-2025-10944 yi-ge get-header-ip ip.php cross site scripting — get-header-ip 3.5 Low2025-09-25
CVE-2025-10943 MikeCen WeChat-Face-Recognition wx.php valid cross site scripting — WeChat-Face-Recognition 3.5 Low2025-09-25
CVE-2025-10940 Total.js CMS Layout admin layouts_save cross site scripting — CMS 2.4 Low2025-09-25
CVE-2025-60249 Vulnerability-Lookup 跨站脚本漏洞 — vulnerability-lookup 6.4 Medium2025-09-25
CVE-2025-59525 Horilla has Improper Input Sanitization Leading to XSS and Admin Account Takeover — horilla 5.4AIMediumAI2025-09-24
CVE-2025-59524 Horilla Stored XSS Vulnerability via File Upload in Reimbursement Panel — horilla 8.8AIHighAI2025-09-24
CVE-2025-48867 Horilla Stored Cross-Site Scripting (XSS) Vulnerability in Project and Task Modules — horilla 4.8 Medium2025-09-24
CVE-2025-10909 Mangati NovoSGA SVG File admin cross site scripting — NovoSGA 2.4 Low2025-09-24
CVE-2025-9353 Themify Builder <= 7.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting — Themify Builder 6.4 Medium2025-09-24
CVE-2025-43779 Liferay Portal和Liferay DXP 跨站脚本漏洞 — Portal 5.4AIMediumAI2025-09-24
CVE-2025-58674 WordPress <= 6.8.2 - (Author+) Cross Site Scripting (XSS) Vulnerability — WordPress 5.9 Medium2025-09-23
CVE-2025-59548 DNN Vulnerable to Reflected Cross-Site Scripting (XSS) in CKEditor File Browser — Dnn.Platform 6.1AIMediumAI2025-09-23
CVE-2025-59821 DNN vulnerable to Reflected Cross-Site Scripting (XSS) using url to profile — Dnn.Platform 6.5 Medium2025-09-23
CVE-2025-59546 DNN Vulnerable to Stored XSS Using Backend Admin Credentials — Dnn.Platform 2.4 Low2025-09-23

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21529 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.