Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21532

21532 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-7653 EPay.bg Payments <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — EPay.bg Payments 6.4 Medium2025-07-19
CVE-2025-7658 Temporarily Hidden Content <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting — Temporarily Hidden Content 6.4 Medium2025-07-19
CVE-2025-7661 Partnerský systém Martinus <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Partnerský systém Martinus 6.4 Medium2025-07-19
CVE-2025-7655 Live Stream Badger <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — Live Stream Badger 6.4 Medium2025-07-19
CVE-2025-7803 descreekert wx-discuz wx.php validToken cross site scripting — wx-discuz 3.5 Low2025-07-18
CVE-2025-7802 PHPGurukul Complaint Management System complaint-search.php cross site scripting — Complaint Management System 3.5 Low2025-07-18
CVE-2025-7800 cgpandey hotelmis HTTP GET Request admin.php cross site scripting — hotelmis 3.5 Low2025-07-18
CVE-2025-54078 WeGIA Reflected Cross-Site Scripting (XSS) vulnerability in endpoint 'personalizacao_imagem.php' parameter 'err' — WeGIA 6.5 Medium2025-07-18
CVE-2025-54077 WeGIA Reflected Cross-Site Scripting (XSS) vulnerability in endpoint 'personalizacao.php' parameter 'err' — WeGIA 6.5 Medium2025-07-18
CVE-2025-54076 WeGIA Reflected Cross-Site Scripting (XSS) vulnerability in endpoint 'pre_cadastro_atendido.php' parameter 'msg_e' — WeGIA 6.5 Medium2025-07-18
CVE-2025-54075 mdc vulnerable to XSS in markdown rendering bypassing HTML filter. (N°4) — mdc 8.3 High2025-07-18
CVE-2025-7791 PHPGurukul Online Security Guards Hiring System search.php cross site scripting — Online Security Guards Hiring System 3.5 Low2025-07-18
CVE-2025-7786 Gnuboard g6 Post Reply qa cross site scripting — g6 3.5 Low2025-07-18
CVE-2025-50126 Extension - rsjoomla.com - Stored XSS vulnerability RSBlog! component 1.11.6-1.14.5 for Joomla — RSBlog! component for Joomla 5.4 -2025-07-18
CVE-2025-50058 Extension - rsjoomla.com - Stored XSS vulnerability in RSDirectory! component 1.16.3-1.17.7 for Joomla — RSDirectory! component for Joomla 5.4 -2025-07-18
CVE-2025-50056 Extension - rsjoomla.com - Reflected XSS vulnerability RSMail! component 1.19.20-1.22.28 for Joomla — RSMail! component for Joomla 6.1 -2025-07-18
CVE-2025-49486 Extension - balbooa.com - Stored XSS in Balbooa Gallery component version 1.0.0 - 2.4.0 for Joomla — Balbooa Gallery component for Joomla 4.8 -2025-07-18
CVE-2025-5800 Testimonial Post type <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via auto_play Parameter — Testimonial Post type 6.4 Medium2025-07-18
CVE-2025-5752 Vertical scroll image slideshow gallery <= 11.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter — Vertical scroll image slideshow gallery 6.4 Medium2025-07-18
CVE-2025-5767 Crowdfunding for WooCommerce <= 3.1.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter — Crowdfunding for WooCommerce 6.4 Medium2025-07-18
CVE-2025-6719 Terms descriptions <= 3.4.8 - Authenticated (Admin+) Stored Cross-Site Scripting — Terms descriptions 4.4 Medium2025-07-18
CVE-2025-5754 Useful Tab Block – Responsive & AMP-Compatible <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via className Parameter — Useful Tab Block – Responsive & AMP-Compatible 6.4 Medium2025-07-18
CVE-2025-7660 Map My Locations <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Map My Locations 6.4 Medium2025-07-18
CVE-2025-7648 Ruven Themes: Shortcodes <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Ruven Themes: Shortcodes 6.4 Medium2025-07-18
CVE-2025-7431 Knowledge Base <= 2.3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Slug — Knowledge Base 4.4 Medium2025-07-18
CVE-2025-7767 PHPGurukul Art Gallery Management System edit-art-medium-detail.php cross site scripting — Art Gallery Management System 3.5 Low2025-07-18
CVE-2025-6185 Leviton AcquiSuite and Energy Monitoring Hub Cross-site Scripting — AcquiSuite 9.3 Critical2025-07-17
CVE-2025-6248 Lenovo Browser 安全漏洞 — Browser 7.4 High2025-07-17
CVE-2025-7748 ZCMS Create Article Page cross site scripting — ZCMS 3.5 Low2025-07-17
CVE-2025-53941 Hollo renders posts received with form elements and allows submission — hollo 6.1 Medium2025-07-17

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21532 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.