Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21530

21530 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-49065 WordPress Visit Counter Plugin <= 1.0 - Cross Site Scripting (XSS) Vulnerability — Visit Counter 7.1 High2025-08-14
CVE-2025-49433 WordPress Supermalink <= 1.1 - Cross Site Scripting (XSS) Vulnerability — Supermalink 6.5 Medium2025-08-14
CVE-2025-49437 WordPress WP LOL Rotation <= 1.0 - Cross Site Scripting (XSS) Vulnerability — WP LOL Rotation 6.5 Medium2025-08-14
CVE-2025-50040 WordPress CF7 Spreadsheets Plugin <= 2.3.2 - Cross Site Scripting (XSS) Vulnerability — CF7 Spreadsheets 6.5 Medium2025-08-14
CVE-2025-52730 WordPress WordPress Event Manager, Event Calendar and Booking Plugin Plugin <= 4.0.24 - Cross Site Scripting (XSS) Vulnerability — WordPress Event Manager, Event Calendar and Booking Plugin 6.5 Medium2025-08-14
CVE-2025-52788 WordPress CaptionPix <= 1.8 - Cross Site Scripting (XSS) Vulnerability — CaptionPix 7.1 High2025-08-14
CVE-2025-7761 Reflected XSS in Lepszy BIP — Lepszy BIP 6.1AIMediumAI2025-08-14
CVE-2025-8934 1000 Projects Sales Management System sales.php cross site scripting — Sales Management System 4.3 Medium2025-08-14
CVE-2025-8933 1000 Projects Sales Management System sales.php cross site scripting — Sales Management System 4.3 Medium2025-08-14
CVE-2025-8920 Portabilis i-Diario Dicionário de Termos BNCC dicionario-de-termos-bncc cross site scripting — i-Diario 2.4 Low2025-08-13
CVE-2025-8919 Portabilis i-Diario History objetivos-de-aprendizagem-e-habilidades cross site scripting — i-Diario 2.4 Low2025-08-13
CVE-2025-6186 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLab 8.7 High2025-08-13
CVE-2025-7739 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLab 8.7 High2025-08-13
CVE-2025-7734 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLab 8.7 High2025-08-13
CVE-2025-8918 Portabilis i-Educar Editar educar_instituicao_cad.php cross site scripting — i-Educar 2.4 Low2025-08-13
CVE-2025-8911 WellChoose|Organization Portal System - Reflected Cross-site Scripting — Organization Portal System 6.1 Medium2025-08-13
CVE-2025-8910 WellChoose|Organization Portal System - Reflected Cross-site Scripting — Organization Portal System 6.1 Medium2025-08-13
CVE-2025-55170 WeGIA reflected XSS via `verificacao` and `redir_config` param at endpoint `/html/alterar_senha.php` — WeGIA 6.5 Medium2025-08-12
CVE-2025-36000 IBM WebSphere Application Server Liberty cross-site scripting — WebSphere Application Server Liberty 4.4 Medium2025-08-12
CVE-2025-32932 Fortinet FortiSOAR 跨站脚本漏洞 — FortiSOAR 6.2 Medium2025-08-12
CVE-2025-43734 Liferay Portal和Liferay DXP 跨站脚本漏洞 — Portal 5.4AIMediumAI2025-08-12
CVE-2025-49557 Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79) — Adobe Commerce 8.7 High2025-08-12
CVE-2025-49745 Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability — Microsoft Dynamics 365 (on-premises) version 9.1 5.4 Medium2025-08-12
CVE-2025-55166 svg-sanitizer By-Passing Attribute Sanitization — svg-sanitizer 6.1AIMediumAI2025-08-12
CVE-2025-54800 Hydra persistent XSS in build metrics — hydra 6.1AIMediumAI2025-08-12
CVE-2025-43735 Liferay Portal和Liferay DXP 跨站脚本漏洞 — Portal 6.1AIMediumAI2025-08-12
CVE-2025-8874 Master Addons – Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations <= 2.0.8.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via fancyBox — Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits 6.4 Medium2025-08-12
CVE-2025-8314 Software Issue Manager <= 5.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via noaccess_msg Parameter — Project Management, Bug and Issue Tracking Plugin – Software Issue Manager 6.4 Medium2025-08-12
CVE-2025-8688 Inline Stock Quotes <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via stock Shortcode — Inline Stock Quotes 6.4 Medium2025-08-12
CVE-2025-8568 GMap - Venturit <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'h' Parameter — GMap Generator 6.4 Medium2025-08-12

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21530 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.