Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21530

21530 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-8511 Portabilis i-Diario Observações diario-de-observacoes cross site scripting — i-Diario 3.5 Low2025-08-03
CVE-2025-8510 Portabilis i-Educar educar_matricula_lst.php Gerar cross site scripting — i-Educar 3.5 Low2025-08-03
CVE-2025-8509 Portabilis i-Educar educar_servidor_cad.php cross site scripting — i-Educar 3.5 Low2025-08-03
CVE-2025-8508 Portabilis i-Educar educar_avaliacao_desempenho_cad.php cross site scripting — i-Educar 3.5 Low2025-08-03
CVE-2024-41177 Apache Zeppelin: XSS in the Helium module — Apache Zeppelin 6.1 -2025-08-03
CVE-2025-8507 Portabilis i-Educar educar_funcao_lst.php cross site scripting — i-Educar 3.5 Low2025-08-03
CVE-2025-8506 495300897 wx-shop editUI cross site scripting — wx-shop 3.5 Low2025-08-03
CVE-2025-8501 code-projects Human Resource Integrated System action.php cross site scripting — Human Resource Integrated System 3.5 Low2025-08-03
CVE-2025-52132 XWiki Contrib Mocca Calendar Application 跨站脚本漏洞 — Mocca Calendar 6.4 Medium2025-08-03
CVE-2025-52131 XWiki Contrib Mocca Calendar Application 跨站脚本漏洞 — Mocca Calendar 6.4 Medium2025-08-03
CVE-2025-52133 XWiki Contrib Mocca Calendar Application 跨站脚本漏洞 — Mocca Calendar 6.4 Medium2025-08-03
CVE-2025-7500 Ocean Social Sharing <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Ocean Social Sharing 6.4 Medium2025-08-02
CVE-2025-8400 Image Gallery <= 1.0.0 - Reflected Cross-Site Scripting — Image Gallery 6.1 Medium2025-08-02
CVE-2025-8391 Magic Edge – Lite <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via height Parameter — Magic Edge – Lite 6.4 Medium2025-08-02
CVE-2025-6832 All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier <= 2.0 - Reflected Cross-Site Scripting — All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier 6.1 Medium2025-08-02
CVE-2025-8399 Mmm Unity Loader <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via attributes Parameter — Mmm Unity Loader 6.4 Medium2025-08-02
CVE-2025-8317 Custom Word Cloud <= 0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via angle Parameter — Custom Word Cloud 6.4 Medium2025-08-02
CVE-2025-8212 Medical Addon for Elementor <= 1.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Typewriter Widget — Medical Addon for Elementor 6.4 Medium2025-08-02
CVE-2025-4588 360 Photo Spheres <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — 360 Photo Spheres 6.4 Medium2025-08-02
CVE-2025-6626 ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization <= 3.10.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via API URL — ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization 4.4 Medium2025-08-02
CVE-2025-8146 Qi Addons for Elementor <= 1.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via TypeOut Text Widget — Qi Addons For Elementor 6.4 Medium2025-08-02
CVE-2025-33118 IBM QRadar SIEM cross-site scripting — QRadar SIEM 6.4 Medium2025-08-01
CVE-2025-6228 Sina Extension for Elementor <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via `Sina Posts`, `Sina Blog Post` and `Sina Table` Widgets — Sina Extension for Elementor 6.4 Medium2025-08-01
CVE-2025-4684 BlockSpare: Gutenberg Blocks & Patterns for Blogs, Magazines, Business Sites <= 3.2.13.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Carousel and Image Slider Widgets — BlockSpare — News, Magazine and Blog Addons for (Gutenberg) Block Editor 6.4 Medium2025-08-01
CVE-2025-7646 The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce <= 6.3.10 - Authenticated (Contributor+) Stored Cross-Site Scripting — The Plus Addons for Elementor – Addons for Elementor, Page Templates, Widgets, Mega Menu, WooCommerce 6.4 Medium2025-08-01
CVE-2025-7845 Stratum – Elementor Widgets <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Advanced Google Maps and Image Hotspot Widgets — Stratum Widgets for Elementor 6.4 Medium2025-08-01
CVE-2025-7725 Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons, OpenAI <= 26.1.0 - Unauthenticated Stored Cross-Site Scripting — Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe 7.2 High2025-08-01
CVE-2025-54589 copyparty Reflected XSS via Filter Parameter — copyparty 6.3 Medium2025-07-31
CVE-2025-8380 Campcodes Online Hotel Reservation System add_query_account.php cross site scripting — Online Hotel Reservation System 3.5 Low2025-07-31
CVE-2025-40980 ddd — UltimatePOS 5.4AIMediumAI2025-07-31

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21530 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.