Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21532

21532 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-6301 PHPGurukul Notice Board System Add Notice manage-notices.php cross site scripting — Notice Board System 2.4 Low2025-06-20
CVE-2025-6288 PHPGurukul Bus Pass Management System Profile Page admin-profile.php cross site scripting — Bus Pass Management System 2.4 Low2025-06-20
CVE-2025-6287 PHPGurukul COVID19 Testing Management System Take Action test-details.php cross site scripting — COVID19 Testing Management System 3.5 Low2025-06-19
CVE-2025-6285 PHPGurukul COVID19 Testing Management System search-report-result.php cross site scripting — COVID19 Testing Management System 4.3 Medium2025-06-19
CVE-2025-6268 Luna Imaging search cross site scripting — Imaging 4.3 Medium2025-06-19
CVE-2025-5234 Gutenverse News <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via elementId Parameter — Gutenverse News – Advanced News Magazine Blog Gutenberg Blocks Addons 6.4 Medium2025-06-19
CVE-2025-4965 WPBakery Page Builder <= 8.4.1 - Authenticated (Author+) Stored Cross-Site Scripting via Grid Builder — WPBakery Page Builder 6.4 Medium2025-06-19
CVE-2025-5490 Football Pool <= 2.12.4 - Authenticated (Administrator+) Stored Cross-Site Scripting — Football Pool 5.5 Medium2025-06-19
CVE-2025-5524 OceanWP <= 4.0.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Select HTML Tag — OceanWP 4.9 Medium2025-06-19
CVE-2025-4479 ElementsKit Lite <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison Widget — ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor 6.4 Medium2025-06-19
CVE-2025-50183 OpenList (frontend) allows XSS Attacks in the built-in Markdown Viewer — OpenList 6.5 Medium2025-06-19
CVE-2025-6201 Pixel Manager for WooCommerce (PRO) <= 1.49.0 - Authenticated (Contributor+) Cross-Site Scripting via Shortcode — Pixel Manager for WooCommerce – Conversion Tracking, Google Ads, GA4, TikTok, Dynamic Remarketing 6.4 Medium2025-06-19
CVE-2025-1349 IBM Sterling B2B Integrator and IBM Sterling File Gateway cross-site scripting — Sterling B2B Integrator 5.5 Medium2025-06-18
CVE-2024-54183 IBM Sterling B2B Integrator and IBM Sterling File Gateway cross-site scripting — Sterling B2B Integrator 5.4 Medium2025-06-18
CVE-2025-5237 Target Video Easy Publish <= 3.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via width Parameter — Target Video Easy Publish 6.4 Medium2025-06-18
CVE-2025-49149 Dify has XSS vulnerability — dify 6.1AIMediumAI2025-06-17
CVE-2025-48333 WordPress eForm - WordPress Form Builder < 4.19.1 - Cross Site Scripting (XSS) Vulnerability — eForm - WordPress Form Builder 7.1 High2025-06-17
CVE-2025-30988 WordPress Elite Video Player plugin <= 10.0.5 - Cross Site Scripting (XSS) Vulnerability — Elite Video Player 7.1 High2025-06-17
CVE-2025-39508 WordPress Nasa Core Plugin <= 6.4.4 - Cross Site Scripting (XSS) vulnerability — Nasa Core 7.1 High2025-06-17
CVE-2025-48145 WordPress Track, Analyze & Optimize by WP Tao plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability — Track, Analyze & Optimize by WP Tao 7.1 High2025-06-17
CVE-2025-49266 WordPress Ultimate Reviews plugin <= 3.2.14 - Reflected Cross Site Scripting (XSS) vulnerability — Ultimate Reviews 7.1 High2025-06-17
CVE-2025-49312 WordPress Echo RSS Feed Post Generator Plugin for WordPress plugin <= 5.4.8.1 - Reflected Cross Site Scripting (XSS) vulnerability — Echo RSS Feed Post Generator Plugin for WordPress 7.1 High2025-06-17
CVE-2025-49316 WordPress WP2LEADS plugin <= 3.5.0 - Reflected Cross Site Scripting (XSS) vulnerability — WP2LEADS 7.1 High2025-06-17
CVE-2025-49855 WordPress Meks Flexible Shortcodes plugin <= 1.3.7 - Cross Site Scripting (XSS) Vulnerability — Meks Flexible Shortcodes 6.5 Medium2025-06-17
CVE-2025-49859 WordPress WP Views Counter plugin <= 2.0.3 - Cross Site Scripting (XSS) Vulnerability — WP Views Counter 6.5 Medium2025-06-17
CVE-2025-49858 WordPress Arconix Shortcodes plugin <= 2.1.17 - Cross Site Scripting (XSS) Vulnerability — Arconix Shortcodes 6.5 Medium2025-06-17
CVE-2025-49861 WordPress Kama Click Counter plugin <= 4.0.3 - Cross Site Scripting (XSS) vulnerability — Kama Click Counter 6.5 Medium2025-06-17
CVE-2025-49862 WordPress Ebook Store plugin <= 5.8008 - Cross Site Scripting (XSS) Vulnerability — Ebook Store 5.9 Medium2025-06-17
CVE-2025-49863 WordPress Advanced Sermons plugin <= 3.6 - Cross Site Scripting (XSS) Vulnerability — Advanced Sermons 6.5 Medium2025-06-17
CVE-2025-49871 WordPress Noptin plugin <= 3.8.7 - Cross Site Scripting (XSS) Vulnerability — Noptin 5.9 Medium2025-06-17

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21532 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.