CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21529

21529 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-8149	aThemes Addons for Elementor Lite <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget — aThemes Addons for Elementor	6.4	Medium	2025-09-06
CVE-2025-8564	SKT Addons for Elementor <= 3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets — SKT Addons for Elementor	6.4	Medium	2025-09-06
CVE-2025-9493	Admin Menu Editor <= 1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via placeholder Parameter — Admin Menu Editor	6.4	Medium	2025-09-06
CVE-2025-9442	StreamWeasels Kick Integration <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via vodsChannel Parameter — StreamWeasels Kick Integration	6.4	Medium	2025-09-06
CVE-2025-8722	Content Views <= 4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Grid and List Widgets — Content Views – Post Grid & Filter, Recent Posts, Category Posts … (Shortcode, Gutenberg Blocks, and Widgets for Elementor)	6.4	Medium	2025-09-06
CVE-2025-9126	Smart Table Builder <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter — Smart Table Builder	6.4	Medium	2025-09-06
CVE-2025-9853	Optio Dentistry <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — Optio Dentistry	6.4	Medium	2025-09-06
CVE-2025-8360	LA-Studio Element Kit for Elementor <= 1.5.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets — LA-Studio Element Kit for Elementor	6.4	Medium	2025-09-06
CVE-2025-6067	Easy Social Feed – Social Photos Gallery – Post Feed – Like Box <= 6.6.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting — Easy Social Feed – Social Photos Gallery and Post Feed for WordPress	6.4	Medium	2025-09-06
CVE-2025-9849	Html Social share buttons <= 2.1.16 - Authenticated (Contributor+) Stored Cross-Site Scripting — Html Social share buttons	6.4	Medium	2025-09-06
CVE-2025-10027	itsourcecode POS Point of Sale System 2512.php cross site scripting — POS Point of Sale System	3.5	Low	2025-09-05
CVE-2025-10026	itsourcecode POS Point of Sale System -complex_header.php cross site scripting — POS Point of Sale System	3.5	Low	2025-09-05
CVE-2025-10044	Keycloak: keycloak error_description injection on error pages — keycloak	4.3	Medium	2025-09-05
CVE-2025-9057	Biagiotti Core <= 2.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Biagiotti Core	6.4	Medium	2025-09-05
CVE-2025-48102	WordPress GoUrl Bitcoin Payment Gateway & Paid Downloads & Membership plugin <= 1.6.6 - Cross Site Scripting (XSS) vulnerability — GoUrl Bitcoin Payment Gateway & Paid Downloads & Membership	5.9	Medium	2025-09-05
CVE-2025-48103	WordPress Today's Date Inserter plugin <= 1.2.1 - Cross Site Scripting (XSS) vulnerability — Today's Date Inserter	6.5	Medium	2025-09-05
CVE-2025-48105	WordPress Easy Flash Embed plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability — Easy Flash Embed	6.5	Medium	2025-09-05
CVE-2025-53307	WordPress Assistant Plugin <= 1.5.2 - Cross Site Scripting (XSS) Vulnerability — WordPress Assistant	7.1	High	2025-09-05
CVE-2025-58887	WordPress Course Booking Platform Plugin <= 1.0.0 - Cross Site Scripting (XSS) Vulnerability — Course Booking Platform	6.5	Medium	2025-09-05
CVE-2025-58884	WordPress vipdrv Plugin <= 1.0.3 - Cross Site Scripting (XSS) Vulnerability — vipdrv	5.9	Medium	2025-09-05
CVE-2025-58886	WordPress Instant Locations Plugin <= 1.0 - Cross Site Scripting (XSS) Vulnerability — Instant Locations	5.9	Medium	2025-09-05
CVE-2025-58883	WordPress Search Cloud One Plugin <= 2.2.5 - Cross Site Scripting (XSS) Vulnerability — Search Cloud One	5.9	Medium	2025-09-05
CVE-2025-58882	WordPress Simple Text Slider Plugin <= 1.0.5 - Cross Site Scripting (XSS) Vulnerability — Simple Text Slider	6.5	Medium	2025-09-05
CVE-2025-58880	WordPress Translate This gTranslate Shortcode Plugin <= 1.0 - Cross Site Scripting (XSS) Vulnerability — Translate This gTranslate Shortcode	6.5	Medium	2025-09-05
CVE-2025-58876	WordPress Aparat Video Shortcode Plugin <= 0.2.4 - Cross Site Scripting (XSS) Vulnerability — Aparat Video Shortcode	6.5	Medium	2025-09-05
CVE-2025-58875	WordPress WP Github Gist Plugin <= 0.5 - Cross Site Scripting (XSS) Vulnerability — WP Github Gist	6.5	Medium	2025-09-05
CVE-2025-58874	WordPress StoryMap Plugin <= 2.1 - Cross Site Scripting (XSS) Vulnerability — StoryMap	6.5	Medium	2025-09-05
CVE-2025-58873	WordPress Pushe Web Push Notification Plugin <= 0.5.0 - Cross Site Scripting (XSS) Vulnerability — Pushe Web Push Notification	5.9	Medium	2025-09-05
CVE-2025-58870	WordPress WP-GraphViz Plugin <= 1.5.1 - Cross Site Scripting (XSS) Vulnerability — WP-GraphViz	6.5	Medium	2025-09-05
CVE-2025-58871	WordPress Master Paper Collapse Toggle Plugin <= 1.1 - Cross Site Scripting (XSS) Vulnerability — Master Paper Collapse Toggle	6.5	Medium	2025-09-05

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21529 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21529