CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21532

21532 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-5366	Stored XSS — Exchange Reporter Plus	8.1	High	2025-06-26
CVE-2025-6212	Ultra Addons for Contact Form 7 3.5.11 - 3.5.19 - Unauthenticated Stored Cross-Site Scripting via Database module — Ultra Addons for Contact Form 7	7.2	High	2025-06-26
CVE-2025-5338	Royal Elementor Addons <= 1.7.1028 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Multiple Widgets — Royal Addons for Elementor – Addons and Templates Kit for Elementor	6.4	Medium	2025-06-26
CVE-2025-5842	Modern Design Library <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via class Parameter — Modern Design Library	6.4	Medium	2025-06-26
CVE-2025-6546	Drive Folder Embedder <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via tablecssclass Parameter — Drive Folder Embedder	6.4	Medium	2025-06-26
CVE-2025-6540	web-cam <= 3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via slug Parameter — web-cam	6.4	Medium	2025-06-26
CVE-2025-5275	Charitable <= 1.8.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin's Privacy Settings — Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More	4.4	Medium	2025-06-26
CVE-2025-6537	Namasha By Mdesign <= 1.2.00 - Authenticated (Contributor+) Stored Cross-Site Scripting via playicon_title Parameter — Namasha By Mdesign	6.4	Medium	2025-06-26
CVE-2025-5929	The Countdown <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via clientId Parameter — The Countdown – Block Countdown Timer	6.4	Medium	2025-06-26
CVE-2025-6258	WP SoundSystem <= 3.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpsstm-track Shortcode — WP SoundSystem	6.4	Medium	2025-06-26
CVE-2025-5559	TimeZoneCalculator <= 3.37 - Authenticated (Contributor+) Stored Cross-Site Scripting — TimeZoneCalculator	6.4	Medium	2025-06-26
CVE-2025-5540	Event RSVP and Simple Event Management Plugin <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Event RSVP and Simple Event Management Plugin	6.4	Medium	2025-06-26
CVE-2025-5564	GC Social wall <= 1.15 - Authenticated (Contributor+) Stored Cross-Site Scripting — GC Social Wall	6.4	Medium	2025-06-26
CVE-2025-6383	WP-PhotoNav <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via photonav Shortcode — WP-PhotoNav	6.4	Medium	2025-06-26
CVE-2025-6290	Tournament Bracket Generator <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via bracket Shortcode — Tournament Bracket Generator	6.4	Medium	2025-06-26
CVE-2025-6378	Responsive Food and Drink Menu <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via display_pdf_menus Shortcode — Responsive Food and Drink Menu	6.4	Medium	2025-06-26
CVE-2025-6538	Post Rating and Review <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via class Parameter — Post Rating and Review	6.4	Medium	2025-06-26
CVE-2025-5488	WP Masonry & Infinite Scroll <= 2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — WP Masonry & Infinite Scroll	6.4	Medium	2025-06-26
CVE-2025-5535	e.nigma buttons <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — e.nigma buttons	6.4	Medium	2025-06-26
CVE-2025-5588	Image Editor by Pixo <= 2.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via download Parameter — Image Editor by Pixo	6.4	Medium	2025-06-26
CVE-2025-5015	Parsons AccuWeather Widget Cross-site Scripting — Parsons Utility Enterprise Data Management	8.8	High	2025-06-25
CVE-2025-48954	Discourse vulnerable to XSS via user-provided query parameter in oauth failure flow — discourse	8.1	High	2025-06-25
CVE-2025-6613	PHPGurukul Hospital Management System manage-patient.php cross site scripting — Hospital Management System	3.5	Low	2025-06-25
CVE-2025-5585	SiteOrigin Widgets Bundle <= 1.68.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via `data-url` DOM Element Attribute — SiteOrigin Widgets Bundle	6.4	Medium	2025-06-25
CVE-2025-6569	code-projects School Fees Payment System student.php cross site scripting — School Fees Payment System	4.3	Medium	2025-06-24
CVE-2025-5258	Conference Scheduler <= 2.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via className Parameter — Conference Scheduler	6.4	Medium	2025-06-24
CVE-2025-43877	Elecom WRC-1167GHBK2-S 跨站脚本漏洞 — WRC-1167GHBK2-S	5.4^AI	Medium^AI	2025-06-24
CVE-2025-47943	Gogs stored XSS in PDF renderer — gogs	6.3	Medium	2025-06-24
CVE-2025-6551	java-aodeng Hope-Boot WebController.java login cross site scripting — Hope-Boot	3.5	Low	2025-06-24
CVE-2025-34032	Moodle LMS Jmol Plugin Cross-site Scripting (XSS) — Jmol Plugin	6.1^AI	Medium^AI	2025-06-24

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21532 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21532