Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21532

21532 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-4216 DIOT SCADA with MQTT <= 1.0.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — DIOT SCADA with MQTT 6.4 Medium2025-06-14
CVE-2025-48915 COOKiES Consent Management - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-076 — COOKiES Consent Management 6.1AIMediumAI2025-06-13
CVE-2025-48914 COOKiES Consent Management - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-075 — COOKiES Consent Management 6.1AIMediumAI2025-06-13
CVE-2025-48920 etracker - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-074 — etracker 6.1AIMediumAI2025-06-13
CVE-2025-48919 Simple Klaro - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-073 — Simple Klaro 6.1AIMediumAI2025-06-13
CVE-2025-48917 EU Cookie Compliance (GDPR Compliance) - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-072 — EU Cookie Compliance (GDPR Compliance) 6.1AIMediumAI2025-06-13
CVE-2025-48918 Simple Klaro - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-071 — Simple Klaro 6.1AIMediumAI2025-06-13
CVE-2025-6012 Auto Attachments <= 1.8.5 - Authenticated (Administrator+) Stored Cross-Site Scripting — Auto Attachments 5.5 Medium2025-06-13
CVE-2025-5923 Game Review Block <= 4.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via className Parameter — Game Review Block 6.4 Medium2025-06-13
CVE-2025-5123 Contact Us Page – Contact People <= 3.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via style Parameter — Contact Us Page – Contact People 6.4 Medium2025-06-13
CVE-2025-5939 Telegram for WP <= 1.6.1 - Authenticated (Admin+) Stored Cross-Site Scripting — Telegram for WP 4.4 Medium2025-06-13
CVE-2025-4586 IRM Newsroom <= 1.2.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'irmcalendarview' Shortcode — IRM Newsroom 6.4 Medium2025-06-13
CVE-2025-5841 ACF Onyx Poll <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via class Parameter — ACF Onyx Poll 6.4 Medium2025-06-13
CVE-2025-5233 Color Palette <= 4.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via hex Parameter — Color Palette 6.4 Medium2025-06-13
CVE-2025-5950 IndieBlocks <= 0.13.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via kind Parameter — IndieBlocks 6.4 Medium2025-06-13
CVE-2025-4584 IRM Newsroom <= 1.2.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'irmeventlist' Shortcode — IRM Newsroom 6.4 Medium2025-06-13
CVE-2025-4585 IRM Newsroom <= 1.2.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'irmflat' Shortcode — IRM Newsroom 6.4 Medium2025-06-13
CVE-2025-2745 AVEVA PI Web API Cross-site Scripting — PI Web API 6.5 Medium2025-06-12
CVE-2025-4417 AVEVA PI Connector for CygNet Cross-site Scripting — PI Connector for CygNet 5.5 Medium2025-06-12
CVE-2025-49576 Citizen allows stored XSS in search no result messages — mediawiki-skins-Citizen 6.5 Medium2025-06-12
CVE-2025-49578 Citizen allows stored XSS in user registration date message — mediawiki-skins-Citizen 6.5 Medium2025-06-12
CVE-2025-49579 Citizen allows stored XSS in menu heading message — mediawiki-skins-Citizen 6.5 Medium2025-06-12
CVE-2025-49575 Citizen allows stored XSS in Command Palette tip messages — mediawiki-skins-Citizen 6.5 Medium2025-06-12
CVE-2025-49577 Citizen allows stored XSS in preference menu headings — mediawiki-skins-Citizen 6.5 Medium2025-06-12
CVE-2025-49185 Stored Cross-Site-Script — SICK Field Analytics 5.5 Medium2025-06-12
CVE-2025-2254 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLab 8.7 High2025-06-12
CVE-2025-5301 Reflected Cross-Site Scripting in ONLYOFFICE Docs (DocumentServer) — Docs (DocumentServer) 6.1AIMediumAI2025-06-12
CVE-2025-32465 Extension - rsjoomla.com - Stored XSS vulnerability in RSTickets! component 1.9.12 - 3.3.0 for Joomla — RSTickets! component for Joomla 5.4AIMediumAI2025-06-11
CVE-2025-0917 IBM Cognos Analytics cross-site scripting — Cognos Analytics 5.5 Medium2025-06-11
CVE-2025-48447 Lightgallery - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-069 — Lightgallery 6.1AIMediumAI2025-06-11

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21532 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.