Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21532

21532 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-2799 WP Event Manager <= 3.1.49 - Authenticated (Administrator+) Stored Cross-Site Scripting — WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce 4.4 Medium2025-07-16
CVE-2025-6977 ProfileGrid – User Profiles, Groups and Communities <= 5.9.5.4 - Reflected Cross-Site Scripting via 'pm_get_messenger_notification' function — ProfileGrid – User Profiles, Groups and Communities 6.1 Medium2025-07-16
CVE-2025-53903 The Scratch Channel Has Potential Cross-Site Scripting (XSS) Vulnerability — the-scratch-channel.github.io 6.1AIMediumAI2025-07-15
CVE-2025-33097 IBM QRadar SIEM cross-site scripting — QRadar SIEM 6.4 Medium2025-07-15
CVE-2025-4369 Companion Auto Update <= 3.9.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via update_delay_days parameter — Companion Auto Update 5.5 Medium2025-07-15
CVE-2025-7672 Stored-XSS possibility in Namo CrossEditor4 — CrossEditor4 4.3 Medium2025-07-15
CVE-2025-7367 Strong Testimonials <= 3.2.11 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Fields — Strong Testimonials 6.4 Medium2025-07-15
CVE-2025-53839 DRACOON Branding Service vulnerable to Cross-site Scripting — security-advisories 4.0 Medium2025-07-14
CVE-2025-53835 XWiki Rendering is vulnerable to XSS attacks through insecure XHTML syntax — xwiki-rendering 9.1 Critical2025-07-14
CVE-2025-53834 Caido Toast Vulnerable to Reflected Cross-site Scripting — caido 6.3 Medium2025-07-14
CVE-2025-53824 WeGIA ReflectedCross-Site Scripting (XSS) vulnerability in endpoint 'cadastro_pet.php' parameter 'msg' — WeGIA 6.1AIMediumAI2025-07-14
CVE-2025-53822 WeGIA vulnerable to Reflected Cross-Site Scripting in endpoint 'relatorio_geracao.php' parameter 'tipo_relatorio' — WeGIA 6.5 Medium2025-07-14
CVE-2025-53820 WeGIA vulnerable to Cross-Site Scripting (XSS) Reflected via endpoint 'index.php' parameter 'erro' — WeGIA 6.5 Medium2025-07-14
CVE-2025-7601 PHPGurukul Online Library Management System student-history.php cross site scripting — Online Library Management System 3.5 Low2025-07-14
CVE-2025-7618 A stored Cross-Site Scripting (XSS) vulnerability exists in the File Explorer and Text Editor of ADM — ADM 4.8AIMediumAI2025-07-14
CVE-2025-7380 A stored Cross-Site Scripting (XSS) vulnerability exists in the Access Control of ADM — ADM 5.4AIMediumAI2025-07-14
CVE-2025-7569 Bigotry OneBase think_exception.tpl parse_args cross site scripting — OneBase 3.5 Low2025-07-14
CVE-2025-7567 ShopXO header.html cross site scripting — ShopXO 4.3 Medium2025-07-14
CVE-2025-7554 Sapido RB-1802 URL Filtering Page urlfilter.asp cross site scripting — RB-1802 2.4 Low2025-07-14
CVE-2025-53865 Roundup 跨站脚本漏洞 — Roundup 6.4 Medium2025-07-13
CVE-2025-6068 FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel <= 2.4.31 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting — Gallery by FooGallery 6.4 Medium2025-07-11
CVE-2025-5530 WPC Smart Compare for WooCommerce <= 6.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting — WPC Smart Compare for WooCommerce 6.4 Medium2025-07-11
CVE-2025-6716 Contest Gallery <= 26.0.8 - Authenticated (Author+) Stored Cross-Site Scripting — Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe 6.4 Medium2025-07-11
CVE-2025-7435 LiveHelperChat lhc-php-resque Extension List list cross site scripting — lhc-php-resque Extension 3.5 Low2025-07-11
CVE-2025-41442 Advantech iView Cross-site Scripting — iView 5.4 Medium2025-07-10
CVE-2025-53519 Advantech iView Cross-site Scripting — iView 5.4 Medium2025-07-10
CVE-2025-53397 Advantech iView Cross-site Scripting — iView 5.4 Medium2025-07-10
CVE-2025-7408 SourceCodester Zoo Management System animal_form_template.php cross site scripting — Zoo Management System 3.5 Low2025-07-10
CVE-2025-6948 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLab 8.7 High2025-07-10
CVE-2025-7387 Lana Downloads Manager <= 1.10.0 - Authenticated (Administrator+) Stored Cross-Site Scripting — Lana Downloads Manager 5.5 Medium2025-07-10

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21532 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.