Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21535

21535 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-4224 wpForo + wpForo Advanced Attachments <= 3.1.3 - Unauthenticated Stored Cross-Site Scripting — wpForo + wpForo Advanced Attachments 7.2 High2025-06-03
CVE-2025-3919 WordPress Comments Import & Export <= 2.4.3 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting — Comments Import & Export 6.4 Medium2025-06-02
CVE-2025-20297 Reflected Cross-Site Scripting (XSS) on Splunk Enterprise through dashboard PDF generation component — Splunk Enterprise 4.3 Medium2025-06-02
CVE-2024-8008 Reflected Cross-Site Scripting (XSS) in Multiple WSO2 Products via JDBC User Store Connection Validation — WSO2 Enterprise Integrator 5.2 Medium2025-06-02
CVE-2024-3509 Stored Cross-Site Scripting (XSS) in Management Console of Multiple WSO2 Products via Rich Text Editor — WSO2 Enterprise Integrator 4.3 Medium2025-06-02
CVE-2025-48958 Froxlor has an HTML Injection Vulnerability — Froxlor 5.5 Medium2025-06-02
CVE-2025-48495 Gokapi has stored XSS vulnerability in friendly name for API keys — Gokapi 4.6AIMediumAI2025-06-02
CVE-2025-48494 Gokapi vulnerable to stored XSS via uploading file with malicious file name — Gokapi 5.4AIMediumAI2025-06-02
CVE-2025-5420 juzaweb CMS Profile Page upload cross site scripting — CMS 3.5 Low2025-06-02
CVE-2024-57783 Dot 跨站脚本漏洞 — Dot 8.1 High2025-06-02
CVE-2025-5412 Mist Community Edition Authentication Endpoint views.py login cross site scripting — Community Edition 3.5 Low2025-06-01
CVE-2025-5411 Mist Community Edition views.py tag_resources cross site scripting — Community Edition 3.5 Low2025-06-01
CVE-2025-5407 chaitak-gorai Blogbook register_script.php cross site scripting — Blogbook 2.4 Low2025-06-01
CVE-2025-5405 chaitak-gorai Blogbook post.php cross site scripting — Blogbook 3.5 Low2025-06-01
CVE-2025-2896 IBM Planning Analytics Local cross-site scripting — Planning Analytics Local 4.8 Medium2025-06-01
CVE-2025-25044 IBM Planning Analytics Local cross-site scripting — Planning Analytics Local 5.4 Medium2025-06-01
CVE-2025-5383 Yifang CMS Article Management Module cross site scripting — CMS 2.4 Low2025-05-31
CVE-2025-5378 Astun Technology iShare Maps mycouncil2.aspx cross site scripting — iShare Maps 4.3 Medium2025-05-31
CVE-2025-5377 Astun Technology iShare Maps historic1.asp cross site scripting — iShare Maps 4.3 Medium2025-05-31
CVE-2025-3813 Royal Elementor Addons and Templates <= 1.7.1020 - Authenticated (Contributor+) Stored Cross-Site Scripting — Royal Addons for Elementor – Addons and Templates Kit for Elementor 6.4 Medium2025-05-31
CVE-2025-5290 Borderless – Elementor Addons and Templates <= 1.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Borderless – Addons and Templates for Elementor 6.4 Medium2025-05-31
CVE-2025-4595 FastSpring <= 3.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — FastSpring 6.4 Medium2025-05-31
CVE-2025-5285 Product Subtitle for WooCommerce <= 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via htmlTag Parameter — Product Subtitle for WooCommerce 6.4 Medium2025-05-31
CVE-2025-5292 Element Pack Addons for Elementor – Best Elementor addons with Ready Templates, Blocks, Widgets and WooCommerce Builder <= 5.11.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting — Element Pack – Widgets, Templates & Addons for Elementor 6.4 Medium2025-05-31
CVE-2025-4590 Daisycon prijsvergelijkers <= 4.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Daisycon prijsvergelijkers 6.4 Medium2025-05-31
CVE-2025-5016 Relevanssi <= 4.24.5 (Free) and <= 2.27.6 (Premium) - Unauthenticated Stored Cross-Site Scripting via Excerpt Highlights — Relevanssi Premium 4.7 Medium2025-05-31
CVE-2025-48883 Chrome PHP is missing encoding in `CssSelector` — chrome 6.1AIMediumAI2025-05-30
CVE-2025-0602 Stored Cross-site Scripting (XSS) vulnerability affecting Compare in Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x — Collaborative Industry Innovator 8.7 High2025-05-30
CVE-2025-4983 Stored Cross-site Scripting (XSS) vulnerability affecting City Referential in City Referential Manager on Release 3DEXPERIENCE R2025x — City Referential Manager 8.7 High2025-05-30
CVE-2025-4984 Stored Cross-site Scripting (XSS) vulnerability affecting City Discover in City Referential Manager on Release 3DEXPERIENCE R2025x — City Referential Manager 8.7 High2025-05-30

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21535 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.