Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21535

21535 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-4985 Stored Cross-site Scripting (XSS) vulnerability affecting Risk Management in Project Portfolio Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x — Project Portfolio Manager 8.7 High2025-05-30
CVE-2025-4986 Stored Cross-site Scripting (XSS) vulnerability affecting Model Definition in Product Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x — Product Manager 8.7 High2025-05-30
CVE-2025-4988 Stored Cross-site Scripting (XSS) vulnerability affecting Results Analytics in Multidisciplinary Optimization Engineer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x — Multidisciplinary Optimization Engineer 8.7 High2025-05-30
CVE-2025-4989 Stored Cross-site Scripting (XSS) vulnerability affecting Requirements in Product Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x — Product Manager 8.7 High2025-05-30
CVE-2025-4990 Stored Cross-site Scripting (XSS) vulnerability affecting Change Governance in Product Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x — Product Manager 8.7 High2025-05-30
CVE-2025-4991 Stored Cross-site Scripting (XSS) vulnerability affecting 3D Markup in Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x — Collaborative Industry Innovator 8.7 High2025-05-30
CVE-2025-4992 Stored Cross-site Scripting (XSS) vulnerability affecting Service Items Management in Service Process Engineer from Release 3DEXPERIENCE R2024x through Release 3DEXPERIENCE R2025x — Service Process Engineer 8.7 High2025-05-30
CVE-2025-4944 LA-Studio Element Kit for Elementor <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Compare and Google Maps Widgets — LA-Studio Element Kit for Elementor 6.4 Medium2025-05-30
CVE-2025-1763 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLab 8.7 High2025-05-30
CVE-2025-5235 OpenSheetMusicDisplay <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via className Parameter — OpenSheetMusicDisplay 6.4 Medium2025-05-30
CVE-2025-5236 NinjaTeam Chat for Telegram <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via username Parameter — WP Telegram Chat Widget 6.4 Medium2025-05-30
CVE-2025-4943 LA-Studio Element Kit for Elementor <= 1.5.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via data-lakit-element-link Parameter — LA-Studio Element Kit for Elementor 6.4 Medium2025-05-30
CVE-2025-41406 Uchida Yoko wivia 跨站脚本漏洞 — wivia 5 5.4AIMediumAI2025-05-30
CVE-2025-48488 FreeScout Vulnerable to Stored XSS — freescout 5.4AIMediumAI2025-05-30
CVE-2025-48875 FreeScout Vulnerable to Stored XSS — freescout 5.4AIMediumAI2025-05-30
CVE-2025-48489 FreeScout Vulnerable to Stored XSS — freescout 5.4AIMediumAI2025-05-30
CVE-2025-48487 FreeScout Vulnerable to Stored XSS — freescout 5.4AIMediumAI2025-05-30
CVE-2025-48486 FreeScout Vulnerable to Stored XSS — freescout 5.4AIMediumAI2025-05-30
CVE-2025-48485 FreeScout Vulnerable to Stored XSS — freescout 5.4AIMediumAI2025-05-30
CVE-2025-5259 Minimal Share Buttons <= 1.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Parameter — Minimal Share Buttons 6.4 Medium2025-05-30
CVE-2025-48484 FreeScout Vulnerable to Stored XSS — freescout 5.4AIMediumAI2025-05-30
CVE-2025-48483 FreeScout Stored XSS leads to CSRF — freescout 6.1AIMediumAI2025-05-30
CVE-2025-47933 Argo CD allows cross-site scripting on repositories page — argo-cd 9.1 Critical2025-05-29
CVE-2025-5286 Bold Builder <= 5.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via additional_settings Parameter — Bold Page Builder 6.4 Medium2025-05-29
CVE-2025-4670 Easy Digital Downloads <= 3.3.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via edd_receipt Shortcode — Easy Digital Downloads – eCommerce Payments and Subscriptions made easy 6.4 Medium2025-05-29
CVE-2025-5122 Map Block Leaflet <= 3.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Parameter — Map Block Leaflet 6.4 Medium2025-05-29
CVE-2025-4583 Smash Balloon Instagram Feed <= 6.9.0 (Free) & <= 6.8.0 (Pro) - Authenticated (Contributor+) Stored Cross-Site Scripting via `data-plugin` Attribute — Smash Balloon Instagram Feed Pro 5.4 Medium2025-05-29
CVE-2025-1461 Vuetify XSS through 'eventMoreText' prop of VCalendar — Vuetify 5.6 Medium2025-05-28
CVE-2025-40651 Reflected Cross Site Scripting (XSS) in Real Easy Store — Real Easy Store 6.1AIMediumAI2025-05-28
CVE-2025-4963 WP Extended <= 3.0.15 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload — The Ultimate WordPress Toolkit – WP Extended 6.4 Medium2025-05-28

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21535 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.