Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21531

21531 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-40980 ddd — UltimatePOS 5.4AIMediumAI2025-07-31
CVE-2025-24854 Apache JSPWiki: Cross-Site Scripting (XSS) in JSPWiki Image plugin — Apache JSPWiki 6.1AIMediumAI2025-07-31
CVE-2025-24853 Apache JSPWiki: Cross-Site Scripting (XSS) in JSPWiki Header Link processing — Apache JSPWiki 4.7AIMediumAI2025-07-31
CVE-2025-36563 Alfasado PowerCMS 跨站脚本漏洞 — PowerCMS 6.1 Medium2025-07-31
CVE-2025-41391 Alfasado PowerCMS 跨站脚本漏洞 — PowerCMS 5.4 Medium2025-07-31
CVE-2025-7205 GiveWP – Donation Plugin and Fundraising Platform <= 4.5.0 - Authenticated (GiveWP worker+) Stored Cross-Site Scripting — GiveWP – Donation Plugin and Fundraising Platform 5.4 Medium2025-07-31
CVE-2025-8370 Portabilis i-Educar educar_escolaridade_lst.php cross site scripting — i-Educar 4.3 Medium2025-07-31
CVE-2025-8369 Portabilis i-Educar educar_avaliacao_desempenho_lst.php cross site scripting — i-Educar 4.3 Medium2025-07-31
CVE-2025-8368 Portabilis i-Educar pesquisa_pessoa_lst.php cross site scripting — i-Educar 4.3 Medium2025-07-31
CVE-2025-8367 Portabilis i-Educar funcionario_vinculo_lst.php cross site scripting — i-Educar 4.3 Medium2025-07-31
CVE-2025-8366 Portabilis i-Educar educar_servidor_lst.php cross site scripting — i-Educar 4.3 Medium2025-07-31
CVE-2025-5720 Customer Reviews for WooCommerce <= 5.80.2 - Unauthenticated Stored Cross-Site Scripting via `author` Parameter — Customer Reviews for WooCommerce 6.4 Medium2025-07-31
CVE-2025-8365 Portabilis i-Educar atendidos_cad.php cross site scripting — i-Educar 3.5 Low2025-07-31
CVE-2025-8346 Portabilis i-Educar educar_aluno_lst.php cross site scripting — i-Educar 4.3 Medium2025-07-31
CVE-2025-8340 code-projects Intern Membership Management System Error Message fill_details.php cross site scripting — Intern Membership Management System 4.3 Medium2025-07-31
CVE-2025-8337 code-projects Simple Car Rental System add_vehicles.php cross site scripting — Simple Car Rental System 2.4 Low2025-07-30
CVE-2025-47001 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) — Adobe Experience Manager 5.4 Medium2025-07-30
CVE-2025-5684 MetForm <= 4.0.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via `mf-template` DOM Element — MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor 6.4 Medium2025-07-29
CVE-2025-53541 Tuleap is vulnerable to XSS attacks when displaying the children of a parent artifact — tuleap 5.4 Medium2025-07-29
CVE-2025-6060 XSS in DECE Software's Geodi — Geodi 5.4 Medium2025-07-29
CVE-2025-40686 Reflected Cross-Site Scripting (XSS) vulnerability in Human Resource Management System — Human Resource Management System 6.1AIMediumAI2025-07-29
CVE-2025-40685 Reflected Cross-Site Scripting (XSS) vulnerability in Human Resource Management System — Human Resource Management System 6.1AIMediumAI2025-07-29
CVE-2025-40684 Reflected Cross-Site Scripting (XSS) vulnerability in Human Resource Management System — Human Resource Management System 6.1AIMediumAI2025-07-29
CVE-2025-40683 Reflected Cross-Site Scripting (XSS) vulnerability in Human Resource Management System — Human Resource Management System 6.1AIMediumAI2025-07-29
CVE-2025-5587 Appzend <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via progressbarLayout Parameter — Appzend 6.4 Medium2025-07-29
CVE-2025-6692 YouTube Embed <= 10.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via instance Parameter — YouTube Embed – YouTube Gallery, Vimeo Gallery – WordPress Plugin 6.4 Medium2025-07-29
CVE-2025-6681 Fan Page <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter — Fan Page 6.4 Medium2025-07-29
CVE-2025-8196 Magical Addons For Elementor <= 1.3.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Attributes — Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) 6.4 Medium2025-07-29
CVE-2025-8216 Sky Addons for Elementor <= 3.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets — Sky Addons – Elementor Addons with Widgets & Templates 6.4 Medium2025-07-29
CVE-2025-4566 Elementor <= 3.30.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Text Path Widget — Elementor Website Builder – more than just a page builder 6.4 Medium2025-07-29

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21531 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.