Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21570

21570 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-5944 Element Pack Addons for Elementor <= 8.0.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via data-caption Attribute — Element Pack Elementor Addons and Templates 6.4 Medium2025-07-03
CVE-2025-52842 Laundry 2.3.0 - Account Takeover via Reflected XSS — Laundry 9.6AICriticalAI2025-07-02
CVE-2025-52559 Zulip XSS in digest preview URL — zulip 6.8 Medium2025-07-02
CVE-2025-20307 Cisco BroadWorks Application Delivery Platform Cross-Site Scripting Vulnerability — Cisco BroadWorks 4.8 Medium2025-07-02
CVE-2025-20310 Cisco Enterprise Chat and Email Stored Cross-Site Scripting Vulnerability — Cisco Enterprise Chat and Email 6.1 Medium2025-07-02
CVE-2025-53492 Stored XSS in MintyDocs — Mediawiki - MintyDocs Extension 6.1AIMediumAI2025-07-02
CVE-2025-6725 Cross-Site Scripting (XSS) in PdfViewer — Kendo UI for jQuery 5.4 Medium2025-07-02
CVE-2025-53493 Stored XSS in MintyDocs — Mediawiki - MintyDocs Extension 6.1AIMediumAI2025-07-02
CVE-2025-53494 Stored XSS in TwoColConflict — Mediawiki - TwoColConflict Extension 6.1AIMediumAI2025-07-02
CVE-2025-2330 All-in-One Addons for Elementor – WidgetKit <= 2.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via button+modal Widget — All-in-One Addons for Elementor – WidgetKit 6.4 Medium2025-07-02
CVE-2025-52462 Qualitia Active! mail 跨站脚本漏洞 — Active! mail 6 6.1AIMediumAI2025-07-02
CVE-2024-11405 WP Front-end login and register <= 2.1.0 - Reflected Cross-Site Scripting — WP Front-end login and register 6.1 Medium2025-07-02
CVE-2025-6686 Magic Buttons for Elementor <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via magic-button Shortcode — Magic Buttons for Elementor 6.4 Medium2025-07-02
CVE-2025-6687 Magic Buttons for Elementor <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via magic-button Shortcode — Magic Buttons for Elementor 6.4 Medium2025-07-02
CVE-2025-34080 CONPROSYS HMI System (CHS) < 3.7.7 Reflected Cross-Site Scripting — CONPROSYS HMI System (CHS) 6.1AIMediumAI2025-07-01
CVE-2025-5314 Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer <= 2.3.65 - DOM-Based Reflected Cross-Site Scripting via 'pdf-source' — Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer 6.1 Medium2025-07-01
CVE-2025-6756 Ultra Addons for Contact Form 7 <= 3.5.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via UACF7_CUSTOM_FIELDS Shortcode — Ultra Addons for Contact Form 7 6.4 Medium2025-07-01
CVE-2025-5967 Trellix Endpoint Security HX 跨站脚本漏洞 — Endpoint Security HX 5.4AIMediumAI2025-07-01
CVE-2025-2141 IBM System Storage Virtualization Engine TS7700 cross-site scripting — System Storage Virtualization Engine TS7700 6.1 Medium2025-07-01
CVE-2025-36056 IBM System Storage Virtualization Engine TS7700 cross-site scripting — System Storage Virtualization Engine TS7700 5.4 Medium2025-07-01
CVE-2025-52896 Frappe authenticated XSS via data import — frappe 5.4AIMediumAI2025-06-30
CVE-2024-12915 Reflected XSS in Devinim Software's Modified Koha Library Software — Library Software 4.6 Medium2025-06-30
CVE-2025-41439 Ricoh Streamline NX Client Tool 跨站脚本漏洞 — RICOH Streamline NX 6.1AIMediumAI2025-06-30
CVE-2025-40734 Reflected Cross-Site Scripting (XSS) vulnerability in Daily Expense Manager — Daily Expense Manager 6.1AIMediumAI2025-06-30
CVE-2025-40733 Reflected Cross-Site Scripting (XSS) vulnerability in Daily Expense Manager — Daily Expense Manager 6.1AIMediumAI2025-06-30
CVE-2025-6849 code-projects Simple Forum forum_edit1.php cross site scripting — Simple Forum 3.5 Low2025-06-29
CVE-2025-6462 EZ SQL Reports Shortcode Widget and DB Backup <= 5.25.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via SQLREPORT Shortcode — EZ SQL Reports Shortcode Widget and DB Backup 6.4 Medium2025-06-29
CVE-2025-6252 Qi Addons For Elementor <= 1.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Qi Addons For Elementor 6.4 Medium2025-06-28
CVE-2025-6350 WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress <= 8.5.32 - Authenticated (Contributor+) Stored Cross-Site Scripting — WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress 6.4 Medium2025-06-28
CVE-2024-52900 IBM Cognos Analytics cross-site scripting — Cognos Analytics 6.4 Medium2025-06-28

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21570 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.