Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21529

21529 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-10271 erjinzhi 10OA finder cross site scripting — 10OA 4.3 Medium2025-09-11
CVE-2025-10255 Ascensio System SIA OnlyOffice Comment Messages.aspx cross site scripting — OnlyOffice 3.5 Low2025-09-11
CVE-2025-10254 Ascensio System SIA OnlyOffice SVG Image Messages.aspx cross site scripting — OnlyOffice 3.5 Low2025-09-11
CVE-2025-10253 openDCIM SVG File uploadifive.php cross site scripting — openDCIM 3.5 Low2025-09-11
CVE-2025-40696 Cross Site Scripting in PHPGurukul Online Fire Reporting System — Online Fire Reporting System 5.4AIMediumAI2025-09-11
CVE-2025-40695 Cross Site Scripting in PHPGurukul Online Fire Reporting System — Online Fire Reporting System 5.4AIMediumAI2025-09-11
CVE-2025-40694 Cross Site Scripting in PHPGurukul Online Fire Reporting System — Online Fire Reporting System 5.4AIMediumAI2025-09-11
CVE-2025-40693 Cross Site Scripting in PHPGurukul Online Fire Reporting System — Online Fire Reporting System 5.4AIMediumAI2025-09-11
CVE-2025-8691 WP Scriptcase <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Parameter — WP Scriptcase 6.4 Medium2025-09-11
CVE-2025-8398 azurecurve BBCode <= 2.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Shortcode — azurecurve BBCode 6.4 Medium2025-09-11
CVE-2025-9855 Enhanced BibliPlug <= 1.3.8 - Authenticated (Contirbutor+) Stored Cross-Site Scripting — Enhanced BibliPlug 6.4 Medium2025-09-11
CVE-2025-9123 CBX Map for Google Map & OpenStreetMap <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — CBX Map for Google Map & OpenStreetMap 6.4 Medium2025-09-11
CVE-2025-9128 eID Easy <= 4.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter — eID Easy 6.4 Medium2025-09-11
CVE-2025-8689 Elements Plus! <= 2.16.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets — Elements Plus! 6.4 Medium2025-09-11
CVE-2025-8215 Responsive Addons for Elementor <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets — Responsive Addons for Elementor – Free Elementor Addons, Kits and Elementor Templates 6.4 Medium2025-09-11
CVE-2025-8392 Mitfahrgelegenheit <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via date Parameter — Mitfahrgelegenheit 6.4 Medium2025-09-11
CVE-2025-9860 Mixtape <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Mixtape 6.4 Medium2025-09-11
CVE-2025-8318 Jobify <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via keyword Parameter — Jobify 6.4 Medium2025-09-11
CVE-2025-8445 Countdown Timer for Elementor <= 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'countdown_label' — Countdown Timer for Elementor 6.4 Medium2025-09-11
CVE-2025-5801 Digital Events Calendar <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via column Parameter — Digital Events Calendar 6.4 Medium2025-09-11
CVE-2025-9850 Evenium <= 1.3.11 - Authenticated (Contributor+) Stored Cross-Site Scripting — Evenium 6.4 Medium2025-09-11
CVE-2025-8686 WP Easy FAQs <= 1.0.5 - Authenticated (Author+) Stored Cross-Site Scripting via WP_EASY_FAQ Shortcode — WP Easy FAQs 6.4 Medium2025-09-11
CVE-2025-9861 ThemeLoom Widgets <= 1.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting — ThemeLoom Widgets 6.4 Medium2025-09-11
CVE-2025-8316 Certifica WP <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via evento Parameter — Certifica WP 6.4 Medium2025-09-11
CVE-2025-8721 Workable API <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via workable_jobs Shortcode — Workable Api 6.4 Medium2025-09-11
CVE-2025-10246 lokibhardwaj PHP-Code-For-Unlimited-File-Upload f.php cross site scripting — PHP-Code-For-Unlimited-File-Upload 3.5 Low2025-09-11
CVE-2025-9910 jsondiffpatch 安全漏洞 — jsondiffpatch 4.7 Medium2025-09-11
CVE-2025-10235 Scada-LTS Reports reports.shtm cross site scripting — Scada-LTS 2.4 Low2025-09-11
CVE-2025-10234 Scada-LTS Data Point Edit data_point_edit.shtm cross site scripting — Scada-LTS 2.4 Low2025-09-10
CVE-2025-43783 Liferay Portal和Liferay DXP 跨站脚本漏洞 — Portal 6.1AIMediumAI2025-09-10

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21529 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.