Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21534

21534 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-27754 Extension - rsjoomla.com - A stored XSS vulnerability RSBlog! component 1.11.6 - 1.14.4 for Joomla — RSBlog component for Joomla 5.4AIMediumAI2025-06-05
CVE-2025-30084 Extension - rsjoomla.com - Reflected XSS vulnerability RSMail! component 1.19.20-1.22.26 for Joomla — RSMail! component for Joomla 5.4AIMediumAI2025-06-05
CVE-2025-5341 Forminator <= 1.44.1 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via id and data-size Parameters — Forminator Forms – Contact Form, Payment Form & Custom Form Builder 6.4 Medium2025-06-05
CVE-2025-5651 code-projects Traffic Offense Reporting System saveuser.php cross site scripting — Traffic Offense Reporting System 3.5 Low2025-06-05
CVE-2025-5628 SourceCodester Food Menu Manager Add Menu index.php cross site scripting — Food Menu Manager 3.5 Low2025-06-05
CVE-2025-32015 FreshRSS vulnerable to Cross-site Scripting by embedding <script> tag inside <iframe srcdoc> — FreshRSS 6.7 Medium2025-06-04
CVE-2025-31136 FreshRSS vulnerable to Cross-site Scripting by <iframe>'ing a vulnerable same-origin page in a feed entry — FreshRSS 6.7 Medium2025-06-04
CVE-2025-20279 Cisco Unifed Contact Center Express Stored Cross-Site Scripting Vulnerability — Cisco Unified Contact Center Express 4.8 Medium2025-06-04
CVE-2025-20273 Cisco Unified Intelligent Contact Management Enterprise Cross-Site Scripting vulnerability — Cisco Unified Intelligent Contact Management Enterprise 6.1 Medium2025-06-04
CVE-2025-5584 PHPGurukul Hospital Management System POST Parameter edit-patient.php cross site scripting — Hospital Management System 2.4 Low2025-06-04
CVE-2025-27444 Extension - rsjoomla.com - A reflected XSS vulnerability RSform!Pro component 3.0.0 - 3.3.13 for Joomla — RSform!Pro component for Joomla 4.8AIMediumAI2025-06-04
CVE-2025-5539 Simplify Contact Management: WP Easy Contact <= 4.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Simple Contact Form Plugin for WordPress – WP Easy Contact 6.4 Medium2025-06-04
CVE-2025-5532 Faculty Staff and Student Directory Plugin – Campus Directory <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Campus Directory – Faculty, Staff & Student Directory Plugin for WordPress 6.4 Medium2025-06-04
CVE-2025-5531 Staff Directory – Employee Directory for WordPress <= 4.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Employee Directory – Staff & Team Directory 6.4 Medium2025-06-04
CVE-2025-5543 TOTOLINK X2000R Parent Controls Page cross site scripting — X2000R 2.4 Low2025-06-03
CVE-2025-5542 TOTOLINK X2000R Virtual Server Page formPortFw cross site scripting — X2000R 2.4 Low2025-06-03
CVE-2025-5523 enilu web-flash File Upload upload fileService.upload cross site scripting — web-flash 3.5 Low2025-06-03
CVE-2025-5516 TOTOLINK X2000R URL Filtering Page formFilter cross site scripting — X2000R 2.4 Low2025-06-03
CVE-2025-5513 quequnlong shiyi-blog add cross site scripting — shiyi-blog 3.5 Low2025-06-03
CVE-2025-5508 TOTOLINK A3002RU IP Port Filtering Page cross site scripting — A3002RU 2.4 Low2025-06-03
CVE-2025-5507 TOTOLINK A3002RU MAC Filtering Page cross site scripting — A3002RU 2.4 Low2025-06-03
CVE-2025-5506 TOTOLINK A3002RU NAT Mapping Page cross site scripting — A3002RU 2.4 Low2025-06-03
CVE-2025-5505 TOTOLINK A3002RU Virtual Server Page formPortFw cross site scripting — A3002RU 2.4 Low2025-06-03
CVE-2025-4671 Profile Builder <= 3.13.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via user_meta and compare Shortcodes — User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor 6.4 Medium2025-06-03
CVE-2025-4205 Popup Maker <= 1.20.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via popupID Parameter — Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popup Builder 6.4 Medium2025-06-03
CVE-2025-5340 Music Player for Elementor <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via album_buy_url Parameter — Music Player for Elementor – Audio Player & Podcast Player 6.4 Medium2025-06-03
CVE-2025-4392 Shared Files <= 1.7.48 - Unauthenticated Stored Cross-Site Scripting via sanitize_file Function — Shared Files – Frontend File Upload Form & Secure File Sharing 7.2 High2025-06-03
CVE-2025-5116 WP Plugin Info Card <= 5.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via containerid Parameter — WP Plugin Info Card 6.4 Medium2025-06-03
CVE-2025-4420 Vayu Blocks <= 1.3.1 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via containerWidth Parameter — Vayu Blocks – Website Builder for the Block Editor 6.4 Medium2025-06-03
CVE-2025-4224 wpForo + wpForo Advanced Attachments <= 3.1.3 - Unauthenticated Stored Cross-Site Scripting — wpForo + wpForo Advanced Attachments 7.2 High2025-06-03

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21534 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.