CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21535

21535 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2024-5962	Reflected Cross-Site Scripting (XSS) in Authentication Endpoint of Multiple WSO2 Products Due to Missing Output Encoding — WSO2 API Manager	6.1	Medium	2025-05-22
CVE-2024-7103	Reflected Cross-Site Scripting (XSS) in WSO2 Identity Server 7.0.0 Sub-Organization Login Flow — WSO2 Identity Server	4.6	Medium	2025-05-22
CVE-2024-13958	Stored Cross Site Scripting — ASPECT-Enterprise	4.8	Medium	2025-05-22
CVE-2024-13950	Log Injection — ASPECT-Enterprise	6.8	Medium	2025-05-22
CVE-2025-48369	GroupOffice vulnerable to Stored XSS in Tasks Comment Section — groupoffice	5.4^AI	Medium^AI	2025-05-22
CVE-2025-48368	GroupOffice's DOM-Based XSS in all Date Input Fields Allows Arbitrary JavaScript Execution — groupoffice	6.1^AI	Medium^AI	2025-05-22
CVE-2025-48366	GroupOffice's Blind Stored XSS in Phone Number Field Enables Forced Redirect and Unauthorized Actions — groupoffice	5.4^AI	Medium^AI	2025-05-22
CVE-2025-4405	Hot Random Image <= 1.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via link Parameter — Hot Random Image	4.9	Medium	2025-05-22
CVE-2025-4123	Grafana 安全漏洞 — Grafana	7.6	High	2025-05-22
CVE-2025-5062	WooCommerce <= 9.4.2 - PostMessage-Based Cross-Site Scripting — WooCommerce	6.1	Medium	2025-05-22
CVE-2025-2261	TIBCO BPM Enterprise XSS Vulnerability — TIBCO BPM Enterprise	5.4^AI	Medium^AI	2025-05-21
CVE-2025-20250	Cisco Webex 跨站脚本漏洞 — Cisco Webex Meetings	6.1	Medium	2025-05-21
CVE-2025-20247	Cisco Webex 跨站脚本漏洞 — Cisco Webex Meetings	6.1	Medium	2025-05-21
CVE-2025-20246	Cisco Webex 跨站脚本漏洞 — Cisco Webex Meetings	6.1	Medium	2025-05-21
CVE-2025-4415	Piwik PRO - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-058 — Piwik PRO	6.1^AI	Medium^AI	2025-05-21
CVE-2025-1420	XSS in Proget MDM — Proget	4.8^AI	Medium^AI	2025-05-21
CVE-2025-1419	XSS in Proget MDM — Proget	4.8^AI	Medium^AI	2025-05-21
CVE-2025-4221	Animated Buttons <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Animated Buttons	6.4	Medium	2025-05-21
CVE-2025-4219	DPEPress <= 0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — DPEPress	6.4	Medium	2025-05-21
CVE-2025-3750	Network Posts Extended <= 7.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via post_height Parameter — Network Posts Extended	6.4	Medium	2025-05-21
CVE-2025-4217	WP YouTube Video Optimizer <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — WP YouTube Video Optimizer	6.4	Medium	2025-05-21
CVE-2025-4611	Slim SEO <= 4.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via slim_seo_breadcrumbs Shortcode — Slim SEO – A Fast & Automated SEO Plugin For WordPress	6.4	Medium	2025-05-21
CVE-2025-3781	Raisely Donation Form <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via raisely_donation_form Shortcode — Raisely Donation Form	6.4	Medium	2025-05-21
CVE-2025-5013	HkCms Search index.html cross site scripting — HkCms	4.3	Medium	2025-05-21
CVE-2025-5011	moonlightL hexo-boot Dynamic List Page index.html cross site scripting — hexo-boot	2.4	Low	2025-05-21
CVE-2025-48206	TYPO3 安全漏洞 — ns backup extension	6.1^AI	Medium^AI	2025-05-21
CVE-2025-48203	TYPO3 cs_seo 安全漏洞 — cs seo extension	6.4	Medium	2025-05-21
CVE-2025-5010	moonlightL hexo-boot Blog Backend index.html cross site scripting — hexo-boot	2.4	Low	2025-05-20
CVE-2025-5007	Part-DB Profile Picture Feature AttachmentSubmitHandler.php handleUpload cross site scripting — Part-DB	3.5	Low	2025-05-20
CVE-2025-4996	Intelbras RF 301K Add Static IP cross site scripting — RF 301K	2.4	Low	2025-05-20

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21535 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21535