CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21530

21530 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-43737	Liferay Portal和Liferay DXP 跨站脚本漏洞 — Portal	5.4^AI	Medium^AI	2025-08-19
CVE-2025-31988	HCL Digital Experience is susceptible to cross site scripting (XSS) — Digital Experience	4.9	Medium	2025-08-19
CVE-2025-55303	Unauthorized third-party images in Astro’s _image endpoint — astro	7.2^AI	High^AI	2025-08-19
CVE-2025-54881	Mermaid improperly sanitizes of sequence diagram labels leading to XSS — mermaid	5.4^AI	Medium^AI	2025-08-19
CVE-2025-54880	Mermaid does not properly sanitize architecture diagram iconText leading to XSS — mermaid	5.4^AI	Medium^AI	2025-08-19
CVE-2025-54411	Discourse welcome banner user name XSS — discourse	5.4^AI	Medium^AI	2025-08-19
CVE-2025-52478	Stored XSS in n8n Form Trigger allows Account Takeover via injected iframe and video/source — n8n	8.7	High	2025-08-19
CVE-2025-9147	jasonclark getsemantic index.php cross site scripting — getsemantic	3.5	Low	2025-08-19
CVE-2025-43738	Liferay Portal和Liferay DXP 跨站脚本漏洞 — Portal	5.4^AI	Medium^AI	2025-08-19
CVE-2025-9145	Scada-LTS SVG File view_edit.shtm cross site scripting — Scada-LTS	3.5	Low	2025-08-19
CVE-2025-9144	Scada-LTS publisher_edit.shtm cross site scripting — Scada-LTS	3.5	Low	2025-08-19
CVE-2025-9143	Scada-LTS mailing_lists.shtm cross site scripting — Scada-LTS	3.5	Low	2025-08-19
CVE-2025-43740	Liferay Portal和Liferay DXP 跨站脚本漏洞 — Portal	5.4^AI	Medium^AI	2025-08-19
CVE-2025-9138	Scada-LTS new cross site scripting — Scada-LTS	3.5	Low	2025-08-19
CVE-2025-9137	Scada-LTS scheduled_events.shtm cross site scripting — Scada-LTS	3.5	Low	2025-08-19
CVE-2025-8783	Contact Manager <= 8.6.5 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'title' — Contact Manager	4.4	Medium	2025-08-19
CVE-2025-8567	Nexter Blocks <= 4.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets — Nexter Blocks – Gutenberg Blocks, Page Builder & AI Website Builder	6.4	Medium	2025-08-19
CVE-2025-8622	Flexible Maps <= 1.18.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Flexible Maps Shortcode — Flexible Map	6.4	Medium	2025-08-19
CVE-2025-7496	WPC Smart Compare for WooCommerce <= 6.4.7 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting — WPC Smart Compare for WooCommerce	6.4	Medium	2025-08-19
CVE-2025-50891	Adform Site Tracking 安全漏洞 — server-side backend for Site Tracking	7.2	High	2025-08-19
CVE-2025-54759	Santesoft Sante PACS Server Cross-site Scripting — Sante PACS Server	6.1	Medium	2025-08-18
CVE-2025-54862	Santesoft Sante PACS Server Cross-site Scripting — Sante PACS Server	5.4	Medium	2025-08-18
CVE-2025-9119	Netis WF2419 Wireless Settings index.htm cross site scripting — WF2419	2.4	Low	2025-08-18
CVE-2025-43731	Liferay Portal和Liferay DXP 跨站脚本漏洞 — Portal	5.4^AI	Medium^AI	2025-08-18
CVE-2025-55300	Komari Allows Cross-site WebSocket Hijacking — komari	8.8^AI	High^AI	2025-08-18
CVE-2025-55296	LibreNMS allows stored XSS in Alert Template name field — librenms	5.5	Medium	2025-08-18
CVE-2025-55288	Genealogy has a Reflected XSS Vulnerability — genealogy	5.5	Medium	2025-08-18
CVE-2025-55287	Genealogy has a stored XSS vulnerability — genealogy	5.4^AI	Medium^AI	2025-08-18
CVE-2025-54421	NamelessMC allows Stored Cross Site Scripting (XSS) in SEO component — Nameless	7.2	High	2025-08-18
CVE-2025-43733	Liferay Portal和Liferay DXP 跨站脚本漏洞 — Portal	5.4^AI	Medium^AI	2025-08-18

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21530 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21530