Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21535

21535 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-5082 WP Attachments <= 5.0.12 - Reflected Cross-Site Scripting via attachment_id Parameter — WP Attachments 6.1 Medium2025-05-28
CVE-2025-30087 Best Practical RT 跨站脚本漏洞 — RT 7.2 High2025-05-28
CVE-2025-31501 Best Practical RT 跨站脚本漏洞 — RT 7.2 High2025-05-28
CVE-2025-31500 Best Practical RT 跨站脚本漏洞 — RT 7.2 High2025-05-28
CVE-2024-45094 IBM DS8900F and DS8A00 Hardware Management Console (HMC) cross-site scripting — Hardware Management Console 5.5 Medium2025-05-27
CVE-2025-5198 Stackrox: xss in stackrox 5.0 Medium2025-05-27
CVE-2025-3704 WordPress Volunteer Sign Up Sheets plugin < 5.5.5 - Cross Site Scripting (XSS) vulnerability — Volunteer Sign Up Sheets 5.9 Medium2025-05-27
CVE-2024-47090 XSS via WYSIWYG editor — Nagvis 6.1AIMediumAI2025-05-27
CVE-2025-4682 Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Slider and Post Carousel Widgets — Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns 6.4 Medium2025-05-27
CVE-2025-4783 Exclusive Addons for Elementor <= 2.7.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Timer Widget — Exclusive Addons for Elementor 6.4 Medium2025-05-26
CVE-2025-40663 Stored Cross-Site Scripting (XSS) in i2A-Cronos by i2A — Cronos 5.4AIMediumAI2025-05-26
CVE-2025-40652 Cross-Site Scripting (XSS) in CoverManager — CoverManager 5.4AIMediumAI2025-05-26
CVE-2025-5181 Summer Pearl Group Vacation Rental Management Platform updateListing cross site scripting — Vacation Rental Management Platform 3.5 Low2025-05-26
CVE-2025-5179 Realce Tecnologia Queue Ticket Kiosk Cadastro de Administrador Page index.php cross site scripting — Queue Ticket Kiosk 2.4 Low2025-05-26
CVE-2025-5177 Realce Tecnologia Queue Ticket Kiosk Admin Login Page index.php cross site scripting — Queue Ticket Kiosk 4.3 Medium2025-05-26
CVE-2025-1985 PEPPERL+FUCHS: Profinet Gateway LB8122A.1.EL – Device is affected by XSS vulnerability — Profinet Gateway FB8122A.1.EL 6.1 Medium2025-05-26
CVE-2025-5153 CMS Made Simple Design Manager Module cross site scripting — CMS Made Simple 3.5 Low2025-05-25
CVE-2025-5138 Bitwarden PDF File cross site scripting — Bitwarden 3.5 Low2025-05-25
CVE-2025-5135 Tmall Demo Product Details Page admin cross site scripting — Demo 2.4 Low2025-05-24
CVE-2025-5134 Tmall Demo Buy Item Page cross site scripting — Demo 3.5 Low2025-05-24
CVE-2025-5133 Tmall Demo Search Box cross site scripting — Demo 4.3 Medium2025-05-24
CVE-2025-5127 Teledyne FLIR AX8 prod.php cross site scripting — AX8 3.5 Low2025-05-24
CVE-2025-4223 Page Builder: Pagelayer – Drag and Drop website builder <= 2.0.0 - Reflected Cross-Site Scripting via login_url Parameter — Page Builder: Pagelayer – Drag and Drop website builder 4.7 Medium2025-05-24
CVE-2025-5055 Smart Forms <= 2.6.98 - Authenticated (Admin+) Stored Cross-Site Scripting — Smart Forms – when you need more than just a contact form 4.4 Medium2025-05-24
CVE-2025-3869 4stats <= 2.0.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting — 4stats 6.1 Medium2025-05-24
CVE-2024-13427 Page Builder: Pagelayer – Drag and Drop website builder <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Link — Page Builder: Pagelayer – Drag and Drop website builder 6.4 Medium2025-05-24
CVE-2025-48377 Dnn.Platform vulnerable to Reflected Cross-Site Scripting (XSS) in module actions in edit mode — Dnn.Platform 6.1AIMediumAI2025-05-23
CVE-2025-48378 Dnn.Platform vulnerable to Stored Cross-Site Scripting (XSS) with svg files rendered inline — Dnn.Platform 5.4AIMediumAI2025-05-23
CVE-2025-43860 OpemEMR Vulnerable to Stored XSS Attack in the Additional Address Section of Patient Demographics — openemr 7.6 High2025-05-23
CVE-2025-32794 OpenEMR Stored XSS via Patient Name Field in Procedure Orders — openemr 7.6 High2025-05-23

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21535 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.