Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21532

21532 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-49875 WordPress If-So Dynamic Content Personalization plugin <= 1.9.3.1 - Cross Site Scripting (XSS) Vulnerability — If-So Dynamic Content Personalization 6.5 Medium2025-06-17
CVE-2025-49878 WordPress WPAdverts plugin <= 2.2.4 - Cross Site Scripting (XSS) Vulnerability — WPAdverts 6.5 Medium2025-06-17
CVE-2025-49881 WordPress Responsive Blocks plugin <= 2.0.5 - Cross Site Scripting (XSS) Vulnerability — Responsive Blocks 6.5 Medium2025-06-17
CVE-2025-49882 WordPress CubeWP Framework plugin <= 1.1.23 - Cross Site Scripting (XSS) Vulnerability — CubeWP 6.5 Medium2025-06-17
CVE-2025-5291 Master Slider <= 3.10.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via masterslider_pb and ms_slide Shortcodes — Master Slider – Responsive Touch Slider 6.4 Medium2025-06-17
CVE-2025-5700 Simple Logo Carousel <= 1.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter — Simple Logo Carousel 6.4 Medium2025-06-17
CVE-2025-6050 Stored Cross-Site Scripting (XSS) in Mezzanine CMS Admin Interface — mezzanine 4.8AIMediumAI2025-06-17
CVE-2025-40674 Reflected Cross-Site Scripting (XSS) in osCommerce — osCommerce 6.1AIMediumAI2025-06-17
CVE-2025-4775 WordPress Infinite Scroll – Ajax Load More <= 7.4.0.1 - Authenticated(Contributor+) Stored Cross-Site Scripting — Ajax Load More – Infinite Scroll, Load More, & Lazy Load 6.4 Medium2025-06-17
CVE-2025-3774 Wise Chat <= 3.3.4 - Unauthenticated Stored Cross-Site Scripting via X-Forwarded-For Header — Wise Chat 7.2 High2025-06-17
CVE-2025-48993 Group-Office vulnerable to reflected XSS via Look and Feel Formatting input — groupoffice 6.1AIMediumAI2025-06-17
CVE-2025-48992 Group-Office vulnerable to blind XSS — groupoffice 5.4AIMediumAI2025-06-16
CVE-2025-6131 CodeAstro Food Ordering System POST Request Parameter edit cross site scripting — Food Ordering System 2.4 Low2025-06-16
CVE-2025-6127 PHPGurukul Nipah Virus Testing Management System search-report.php cross site scripting — Nipah Virus Testing Management System 3.5 Low2025-06-16
CVE-2025-6126 PHPGurukul Rail Pass Management System contact.php cross site scripting — Rail Pass Management System 4.3 Medium2025-06-16
CVE-2025-6125 PHPGurukul Rail Pass Management System aboutus.php cross site scripting — Rail Pass Management System 2.4 Low2025-06-16
CVE-2025-40729 Reflected Cross-Site Scripting (XSS) vulnerability in Customer Support System — Customer Support System 6.1AIMediumAI2025-06-16
CVE-2025-40726 Cross-Site Scripting (XSS) reflected in Nosto — Nosto 6.1AIMediumAI2025-06-16
CVE-2025-40727 Reflected Cross-Site Scripting (XSS) in Phoenix CMS — Phoenix CMS 6.1AIMediumAI2025-06-16
CVE-2025-4987 Stored Cross-site Scripting (XSS) vulnerability affecting Opportunity Management in Project Portfolio Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x — Project Portfolio Manager 8.7 High2025-06-16
CVE-2025-5990 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Crafty Controller — Crafty Controller 7.6 High2025-06-15
CVE-2025-6092 comfyanonymous comfyui Incomplete Fix CVE-2024-10099 image cross site scripting — comfyui 4.3 Medium2025-06-15
CVE-2024-25573 Stored Cross-Site Scripting in Administrative Console Context — PingFederate 5.4AIMediumAI2025-06-15
CVE-2025-5238 YITH WooCommerce Wishlist <= 4.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter — YITH WooCommerce Wishlist 6.4 Medium2025-06-14
CVE-2025-4667 Simply Schedule Appointments <= 1.6.8.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes — Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin 6.4 Medium2025-06-14
CVE-2025-5337 Slider, Gallery, and Carousel by MetaSlider <= 3.98.0 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via aria-label Parameter — Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider 6.4 Medium2025-06-14
CVE-2025-6061 kk Youtube Video <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — kk Youtube Video 6.4 Medium2025-06-14
CVE-2025-5336 Click to Chat <= 4.22 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via data-no_number Parameter — Click to Chat – HoliThemes 6.4 Medium2025-06-14
CVE-2025-5589 StreamWeasels Kick Integration <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via status-classic-offline-text Parameter — StreamWeasels Kick Integration 6.4 Medium2025-06-14
CVE-2025-6040 Easy Flashcards <= 0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Easy Flashcards 6.1 Medium2025-06-14

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21532 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.