CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21529

21529 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-30875	WordPress WP Weixin plugin <= 1.3.16 - Cross Site Scripting (XSS) vulnerability — WP Weixin	5.9	Medium	2025-09-09
CVE-2025-47570	WordPress WooCommerce Photo Reviews plugin <= 1.3.13 - Cross Site Scripting (XSS) vulnerability — WooCommerce Photo Reviews	7.1	High	2025-09-09
CVE-2025-47694	WordPress Blog Designer PRO plugin <= 3.4.7 - Reflected Cross Site Scripting (XSS) vulnerability — Blog Designer PRO	7.1	High	2025-09-09
CVE-2025-55143	Ivanti多款产品跨站脚本漏洞 — Connect Secure	6.1	Medium	2025-09-09
CVE-2025-9061	Wilmer Core <= 2.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Wilmer Core	6.4	Medium	2025-09-09
CVE-2025-9058	Mikado Core <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Mikado Core	6.4	Medium	2025-09-09
CVE-2025-42938	Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Platform — SAP NetWeaver ABAP Platform	6.1	Medium	2025-09-09
CVE-2025-42920	Cross-Site Scripting (XSS) vulnerability in SAP Supplier Relationship Management — SAP Supplier Relationship Management	6.1	Medium	2025-09-09
CVE-2025-43778	Liferay Portal和Liferay DXP 跨站脚本漏洞 — Portal	5.4^AI	Medium^AI	2025-09-09
CVE-2025-10117	SourceCodester Simple To-Do List System Add New Task fetch_tasks.php cross site scripting — Simple To-Do List System	3.5	Low	2025-09-09
CVE-2025-58746	Volkov Labs Business Links plugin vulnerable to privilege escalation attack — business-links	9.1	Critical	2025-09-08
CVE-2025-58452	WeGIA vulnerable to Reflected Cross-Site Scripting (XSS) in endpoint 'listar_despachos.php' parameter 'id_memorando' — WeGIA	6.1^AI	Medium^AI	2025-09-08
CVE-2025-53838	LinkAce has a Stored One Click XSS vulnerability — LinkAce	5.4^AI	Medium^AI	2025-09-08
CVE-2025-10099	Portabilis i-Educar Editar usuário educar_usuario_cad.php cross site scripting — i-Educar	2.4	Low	2025-09-08
CVE-2025-40641	Stored Cross-Site Scripting (XSS) in the Multi-purpose Inventory Management System — Multi-Purpose Inventory Management System	5.4^AI	Medium^AI	2025-09-08
CVE-2025-40642	Reflected Cross-Site Scripting (XSS) in WebWork — WebWork PHP script	6.1^AI	Medium^AI	2025-09-08
CVE-2014-125128	Apostrophe sanitize-html 安全漏洞	6.1	Medium	2025-09-08
CVE-2019-25225	Apostrophe sanitize-html 安全漏洞	6.1	Medium	2025-09-08
CVE-2025-10088	SourceCodester Time Tracker index.html cross site scripting — Time Tracker	3.5	Low	2025-09-08
CVE-2025-10075	SourceCodester Online Polling System manage-profile.php cross site scripting — Online Polling System	3.5	Low	2025-09-08
CVE-2025-10074	Portabilis i-Educar tipos cross site scripting — i-Educar	3.5	Low	2025-09-08
CVE-2025-10067	itsourcecode POS Point of Sale System empty_table.php cross site scripting — POS Point of Sale System	4.3	Medium	2025-09-07
CVE-2025-10066	itsourcecode POS Point of Sale System dymanic_table.php cross site scripting — POS Point of Sale System	4.3	Medium	2025-09-07
CVE-2025-10065	itsourcecode POS Point of Sale System dom_data_th.php cross site scripting — POS Point of Sale System	4.3	Medium	2025-09-07
CVE-2025-10064	itsourcecode POS Point of Sale System dom_data_two_headers.php cross site scripting — POS Point of Sale System	4.3	Medium	2025-09-07
CVE-2025-10063	itsourcecode POS Point of Sale System deferred_table.php cross site scripting — POS Point of Sale System	4.3	Medium	2025-09-06
CVE-2025-10032	Campcodes Grocery Sales and Inventory System index.php cross site scripting — Grocery Sales and Inventory System	4.3	Medium	2025-09-06
CVE-2025-10029	itsourcecode POS Point of Sale System complex_header_2.php cross site scripting — POS Point of Sale System	3.5	Low	2025-09-06
CVE-2025-10028	itsourcecode POS Point of Sale System 6776.php cross site scripting — POS Point of Sale System	3.5	Low	2025-09-06
CVE-2025-6757	Recent Posts Widget Extended <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via rpwe Shortcode — Recent Posts Widget Extended	6.4	Medium	2025-09-06

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21529 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21529