Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21532

21532 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-53599 Naver Whale browser for iOS 安全漏洞 — NAVER Whale browser 9.3 -2025-07-04
CVE-2025-6944 Uncode Core <= 2.9.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes — Uncode Core 6.4 Medium2025-07-04
CVE-2025-5567 Shortcodes Ultimate <= 7.4.0 - Authenticted (Contributor+) Stored Cross-Site Scripting via 'data-url' Attribute — WP Shortcodes Plugin — Shortcodes Ultimate 6.4 Medium2025-07-04
CVE-2025-7053 Cockpit save cross site scripting — Cockpit 3.5 Low2025-07-04
CVE-2025-6039 ProcessingJS for WordPress <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — ProcessingJS for WordPress 6.4 Medium2025-07-04
CVE-2025-6787 Smart Docs <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Smart Docs 6.4 Medium2025-07-04
CVE-2025-7046 Portfolio for Elementor & Image Gallery | PowerFolio <= 3.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom JS — PowerFolio – Portfolio & Image Gallery for Elementor 6.4 Medium2025-07-04
CVE-2025-53369 Citizen Short Description stored XSS vulnerability through wikitext — mediawiki-extensions-ShortDescription 8.6 High2025-07-03
CVE-2025-53370 Citizen stored XSS vulnerability through short descriptions — mediawiki-skins-Citizen 8.6 High2025-07-03
CVE-2025-53368 Citizen is vulnerable to stored XSS attack in the legacy search bar — mediawiki-skins-Citizen 8.6 High2025-07-03
CVE-2025-53500 Stored XSS in MassEditRegex — Mediawiki - MassEditRegex Extension 6.1AIMediumAI2025-07-03
CVE-2025-53489 XSS in GoogleDocs4MW — Mediawiki - GoogleDocs4MW Extension 6.1AIMediumAI2025-07-03
CVE-2025-53490 Multiple XSS in CampaignEvents — Mediawiki - CampaignEvents Extension 6.1AIMediumAI2025-07-03
CVE-2025-2537 Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via ThickBox JavaScript Library — YouTube Embed, Playlist and Popup by WpDevArt 6.4 Medium2025-07-03
CVE-2025-49032 WordPress Gutenberg Blocks plugin <= 3.3.1 - Cross Site Scripting (XSS) vulnerability — Gutenberg Blocks 6.5 Medium2025-07-03
CVE-2025-40723 Stored Cross-Site Scripting (XSS) vulnerability on Flatboard — Flatboard 5.4AIMediumAI2025-07-03
CVE-2025-40722 Stored Cross-Site Scripting (XSS) vulnerability on Flatboard — Flatboard 5.4AIMediumAI2025-07-03
CVE-2025-27448 CVE-2025-27448 — Endress+Hauser MEAC300-FNADE4 6.8 Medium2025-07-03
CVE-2025-27447 CVE-2025-27447 — Endress+Hauser MEAC300-FNADE4 7.4 High2025-07-03
CVE-2025-2540 Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via prettyPhoto JavaScript Library — Awesome Wp Image Gallery 6.4 Medium2025-07-03
CVE-2024-5647 Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library — BlossomThemes Social Feed 6.4 Medium2025-07-03
CVE-2024-9017 PeepSo Core: Groups <= 6.4.6.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Group Description — PeepSo Core: Groups 6.4 Medium2025-07-03
CVE-2025-5944 Element Pack Addons for Elementor <= 8.0.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via data-caption Attribute — Element Pack Elementor Addons and Templates 6.4 Medium2025-07-03
CVE-2025-52842 Laundry 2.3.0 - Account Takeover via Reflected XSS — Laundry 9.6AICriticalAI2025-07-02
CVE-2025-52559 Zulip XSS in digest preview URL — zulip 6.8 Medium2025-07-02
CVE-2025-20307 Cisco BroadWorks Application Delivery Platform Cross-Site Scripting Vulnerability — Cisco BroadWorks 4.8 Medium2025-07-02
CVE-2025-20310 Cisco Enterprise Chat and Email Stored Cross-Site Scripting Vulnerability — Cisco Enterprise Chat and Email 6.1 Medium2025-07-02
CVE-2025-53492 Stored XSS in MintyDocs — Mediawiki - MintyDocs Extension 6.1AIMediumAI2025-07-02
CVE-2025-6725 Cross-Site Scripting (XSS) in PdfViewer — Kendo UI for jQuery 5.4 Medium2025-07-02
CVE-2025-53493 Stored XSS in MintyDocs — Mediawiki - MintyDocs Extension 6.1AIMediumAI2025-07-02

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21532 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.