Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21530

21530 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-54540 Reflected XSS in QuickCMS — QuickCMS 4.8AIMediumAI2025-08-28
CVE-2025-6255 Dynamic AJAX Product Filters for WooCommerce <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via className Parameter — Dynamic AJAX Product Filters for WooCommerce 6.4 Medium2025-08-28
CVE-2025-8073 Dynamic AJAX Product Filters for WooCommerce <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via name Parameter — Dynamic AJAX Product Filters for WooCommerce 6.4 Medium2025-08-28
CVE-2025-9346 Booking Calendar <= 10.14.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Booking Calendar 6.4 Medium2025-08-28
CVE-2025-8603 Unlimited Elements For Elementor <= 1.5.148 - Authenticated (Contributor+) Stored Cross-Site Scripting — Unlimited Elements For Elementor 6.4 Medium2025-08-28
CVE-2025-8897 Beaver Builder Plugin (Lite Version) <= 2.9.2.1 - Reflected Cross-Site Scripting — Beaver Builder Page Builder – Drag and Drop Website Builder 6.1 Medium2025-08-28
CVE-2025-9352 Pronamic Google Maps <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Pronamic Google Maps 5.4 Medium2025-08-28
CVE-2025-9344 UsersWP <= 1.2.42 - Authenticated (Contributor+) Stored Cross-Site Scripting — UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP 6.4 Medium2025-08-28
CVE-2025-34521 Arcserve UDP < 10.2 Reflected Cross-Site Scripting (XSS) — Unified Data Protection (UDP) 5.4AIMediumAI2025-08-27
CVE-2025-58216 WordPress WP Thumbtack Review Slider Plugin <= 2.6 - Cross Site Scripting (XSS) Vulnerability — WP Thumbtack Review Slider 5.9 Medium2025-08-27
CVE-2025-58213 WordPress Booking System Trafft Plugin <= 1.0.14 - Cross Site Scripting (XSS) Vulnerability — Booking System Trafft 6.5 Medium2025-08-27
CVE-2025-58212 WordPress Epeken All Kurir Plugin <= 2.0.1 - Cross Site Scripting (XSS) Vulnerability — Epeken All Kurir 6.5 Medium2025-08-27
CVE-2025-58211 WordPress Chatbox Manager Plugin <= 1.2.6 - Cross Site Scripting (XSS) Vulnerability — Chatbox Manager 6.5 Medium2025-08-27
CVE-2025-58209 WordPress Transcoder Plugin <= 1.4.0 - Cross Site Scripting (XSS) Vulnerability — Transcoder 6.5 Medium2025-08-27
CVE-2025-58208 WordPress PDF for Elementor Forms + Drag And Drop Template Builder Plugin <= 6.2.0 - Cross Site Scripting (XSS) Vulnerability — PDF for Elementor Forms + Drag And Drop Template Builder 6.5 Medium2025-08-27
CVE-2025-58205 WordPress ElementInvader Addons for Elementor Plugin <= 1.3.6 - Cross Site Scripting (XSS) Vulnerability — ElementInvader Addons for Elementor 6.5 Medium2025-08-27
CVE-2025-58197 WordPress Simple Download Monitor Plugin <= 3.9.34 - Cross Site Scripting (XSS) Vulnerability — Simple Download Monitor 6.5 Medium2025-08-27
CVE-2025-58196 WordPress UiCore Elements Plugin <= 1.3.4 - Cross Site Scripting (XSS) Vulnerability — UiCore Elements 6.5 Medium2025-08-27
CVE-2025-58195 WordPress Xpro Elementor Addons Plugin <= 1.4.17 - Cross Site Scripting (XSS) Vulnerability — Xpro Elementor Addons 6.5 Medium2025-08-27
CVE-2025-58194 WordPress Bold Page Builder Plugin <= 5.4.3 - Cross Site Scripting (XSS) Vulnerability — Bold Page Builder 6.5 Medium2025-08-27
CVE-2025-34157 Coolify Stored Cross-Site Scripting (XSS) in Project Name Field — Coolify 5.4AIMediumAI2025-08-27
CVE-2025-20296 Cisco UCS Manager Software Stored Software Stored Cross-Site Scripting Vulnerability — Cisco Unified Computing System (Managed) 5.4 -2025-08-27
CVE-2025-30036 Stored XSS permitting session takeover of arbitrary user — CGM CLININET 7.6AIHighAI2025-08-27
CVE-2025-49035 WordPress Admin Menu Groups plugin <= 0.1.2 - Cross Site Scripting (XSS) vulnerability — Admin Menu Groups 5.9 Medium2025-08-27
CVE-2025-49039 WordPress Link View plugin <= 0.8.0 - Cross Site Scripting (XSS) vulnerability — Link View 5.9 Medium2025-08-27
CVE-2025-7732 Lazy Load for Videos <= 2.18.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via data-video-title and href Attributes — Lazy Load for Videos 6.4 Medium2025-08-27
CVE-2025-8490 All-in-One WP Migration and Backup <= 7.97 - Authenticated (Administrator+) Stored Cross-Site Scripting via Import — All-in-One WP Migration and Backup 4.4 Medium2025-08-26
CVE-2025-9277 SiteSEO – SEO Simplified <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Broken Regex Expression — SiteSEO – SEO Simplified 6.4 Medium2025-08-26
CVE-2025-9440 1000projects Online Project Report Submission and Evaluation System add_title.php cross site scripting — Online Project Report Submission and Evaluation System 4.3 Medium2025-08-26
CVE-2025-9439 1000projects Online Project Report Submission and Evaluation System edit_faculty.php cross site scripting — Online Project Report Submission and Evaluation System 4.3 Medium2025-08-26

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21530 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.