CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21532

21532 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-53494	Stored XSS in TwoColConflict — Mediawiki - TwoColConflict Extension	6.1^AI	Medium^AI	2025-07-02
CVE-2025-2330	All-in-One Addons for Elementor – WidgetKit <= 2.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via button+modal Widget — All-in-One Addons for Elementor – WidgetKit	6.4	Medium	2025-07-02
CVE-2025-52462	Qualitia Active! mail 跨站脚本漏洞 — Active! mail 6	6.1^AI	Medium^AI	2025-07-02
CVE-2024-11405	WP Front-end login and register <= 2.1.0 - Reflected Cross-Site Scripting — WP Front-end login and register	6.1	Medium	2025-07-02
CVE-2025-6686	Magic Buttons for Elementor <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via magic-button Shortcode — Magic Buttons for Elementor	6.4	Medium	2025-07-02
CVE-2025-6687	Magic Buttons for Elementor <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via magic-button Shortcode — Magic Buttons for Elementor	6.4	Medium	2025-07-02
CVE-2025-34080	CONPROSYS HMI System (CHS) < 3.7.7 Reflected Cross-Site Scripting — CONPROSYS HMI System (CHS)	6.1^AI	Medium^AI	2025-07-01
CVE-2025-5314	Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer <= 2.3.65 - DOM-Based Reflected Cross-Site Scripting via 'pdf-source' — Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer	6.1	Medium	2025-07-01
CVE-2025-6756	Ultra Addons for Contact Form 7 <= 3.5.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via UACF7_CUSTOM_FIELDS Shortcode — Ultra Addons for Contact Form 7	6.4	Medium	2025-07-01
CVE-2025-5967	Trellix Endpoint Security HX 跨站脚本漏洞 — Endpoint Security HX	5.4^AI	Medium^AI	2025-07-01
CVE-2025-2141	IBM System Storage Virtualization Engine TS7700 cross-site scripting — System Storage Virtualization Engine TS7700	6.1	Medium	2025-07-01
CVE-2025-36056	IBM System Storage Virtualization Engine TS7700 cross-site scripting — System Storage Virtualization Engine TS7700	5.4	Medium	2025-07-01
CVE-2025-52896	Frappe authenticated XSS via data import — frappe	5.4^AI	Medium^AI	2025-06-30
CVE-2024-12915	Reflected XSS in Devinim Software's Modified Koha Library Software — Library Software	4.6	Medium	2025-06-30
CVE-2025-41439	Ricoh Streamline NX Client Tool 跨站脚本漏洞 — RICOH Streamline NX	6.1^AI	Medium^AI	2025-06-30
CVE-2025-40734	Reflected Cross-Site Scripting (XSS) vulnerability in Daily Expense Manager — Daily Expense Manager	6.1^AI	Medium^AI	2025-06-30
CVE-2025-40733	Reflected Cross-Site Scripting (XSS) vulnerability in Daily Expense Manager — Daily Expense Manager	6.1^AI	Medium^AI	2025-06-30
CVE-2025-6849	code-projects Simple Forum forum_edit1.php cross site scripting — Simple Forum	3.5	Low	2025-06-29
CVE-2025-6462	EZ SQL Reports Shortcode Widget and DB Backup <= 5.25.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via SQLREPORT Shortcode — EZ SQL Reports Shortcode Widget and DB Backup	6.4	Medium	2025-06-29
CVE-2025-6252	Qi Addons For Elementor <= 1.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Qi Addons For Elementor	6.4	Medium	2025-06-28
CVE-2025-6350	WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress <= 8.5.32 - Authenticated (Contributor+) Stored Cross-Site Scripting — WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress	6.4	Medium	2025-06-28
CVE-2024-52900	IBM Cognos Analytics cross-site scripting — Cognos Analytics	6.4	Medium	2025-06-28
CVE-2025-6778	code-projects Food Distributor Site save_settings.php cross site scripting — Food Distributor Site	2.4	Low	2025-06-27
CVE-2025-53093	TabberNeue vulnerable to Stored XSS through wikitext — mediawiki-extensions-TabberNeue	8.6	High	2025-06-27
CVE-2025-53336	WordPress My Resume Builder plugin <= 1.0.3 - Cross Site Scripting (XSS) Vulnerability — My Resume Builder	6.5	Medium	2025-06-27
CVE-2025-53325	WordPress Beauty Contact Popup Form plugin <= 6.0 - Cross Site Scripting (XSS) Vulnerability — Beauty Contact Popup Form	5.9	Medium	2025-06-27
CVE-2025-53321	WordPress Raise The Money plugin <= 5.2 - Cross Site Scripting (XSS) Vulnerability — Raise The Money	6.5	Medium	2025-06-27
CVE-2025-53320	WordPress Free Downloads EDD plugin <= 1.0.4 - Cross Site Scripting (XSS) Vulnerability — Free Downloads EDD	6.5	Medium	2025-06-27
CVE-2025-53301	WordPress Theme Junkie Team Content plugin <= 0.1.1 - Cross Site Scripting (XSS) Vulnerability — Theme Junkie Team Content	6.5	Medium	2025-06-27
CVE-2025-53300	WordPress Podcast Feed Player Widget and Shortcode plugin <= 2.2.0 - Cross Site Scripting (XSS) Vulnerability — Podcast Feed Player Widget and Shortcode	6.5	Medium	2025-06-27

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21532 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21532