CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21535

21535 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-48240	WordPress Cost of Goods for WooCommerce plugin <= 3.7.0 - Cross Site Scripting (XSS) Vulnerability — Cost of Goods for WooCommerce	6.5	Medium	2025-05-19
CVE-2025-48239	WordPress Product Notes Tab & Private Admin Notes for WooCommerce plugin <= 3.1.0 - Cross Site Scripting (XSS) Vulnerability — Product Notes Tab & Private Admin Notes for WooCommerce	6.5	Medium	2025-05-19
CVE-2025-48237	WordPress Wishlist for WooCommerce plugin <= 3.2.2 - Cross Site Scripting (XSS) Vulnerability — Wishlist for WooCommerce	6.5	Medium	2025-05-19
CVE-2025-48235	WordPress WP Image Mask plugin <= 3.1.2 - Cross Site Scripting (XSS) Vulnerability — WP Image Mask	6.5	Medium	2025-05-19
CVE-2025-48236	WordPress bunny.net plugin <= 2.3.0 - Cross Site Scripting (XSS) Vulnerability — bunny.net	8.5	High	2025-05-19
CVE-2025-48234	WordPress Ultimate Blocks plugin <= 3.3.0 - Cross Site Scripting (XSS) Vulnerability — Ultimate Blocks	6.5	Medium	2025-05-19
CVE-2025-48232	WordPress Xpro Addons For Beaver Builder – Lite plugin <= 1.5.5 - Cross Site Scripting (XSS) Vulnerability — Xpro Addons For Beaver Builder – Lite	6.5	Medium	2025-05-19
CVE-2025-32999	appleple a-blog cms 跨站脚本漏洞 — a-blog cms	5.4	Medium	2025-05-19
CVE-2025-2892	All in One SEO Pack <= 4.8.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Meta Description and Canonical URL — All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic	6.4	Medium	2025-05-19
CVE-2025-4862	PHPGurukul Directory Management System searchdata.php cross site scripting — Directory Management System	4.3	Medium	2025-05-18
CVE-2025-3715	Bold Page Builder <= 5.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'data-text' Parameter — Bold Page Builder	6.4	Medium	2025-05-18
CVE-2025-4860	D-Link DAP-2695 Static Pool Settings Page adv_dhcps.php cross site scripting — DAP-2695	2.4	Low	2025-05-18
CVE-2025-4859	D-Link DAP-2695 MAC Bypass Settings Page adv_macbypass.php cross site scripting — DAP-2695	2.4	Low	2025-05-18
CVE-2025-4858	D-Link DAP-2695 ARP Spoofing Prevention Page adv_arpspoofing.php cross site scripting — DAP-2695	2.4	Low	2025-05-18
CVE-2025-4852	TOTOLINK A3002R VPN Page cross site scripting — A3002R	2.4	Low	2025-05-18
CVE-2025-47931	LibreNMS stored Cross-site Scripting vulnerability in poller group name — librenms	5.4^AI	Medium^AI	2025-05-17
CVE-2025-3888	Jupiterx Core <= 4.8.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Inline SVG — Jupiter X Core	6.4	Medium	2025-05-17
CVE-2025-4669	Booking Calendar <= 10.11.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpbc Shortcode — Booking Calendar	6.4	Medium	2025-05-17
CVE-2025-4610	WP-Members <= 3.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpmem_user_memberships Shortcode — WP-Members Membership Plugin	6.4	Medium	2025-05-17
CVE-2025-4805	WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Acces Portal Configuration — Fireware OS	4.8^AI	Medium^AI	2025-05-16
CVE-2025-4804	WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Hotpot Configuration — Fireware OS	4.8^AI	Medium^AI	2025-05-16
CVE-2025-32180	WordPress Product Carousel For WooCommerce – WoorouSell plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability — Product Carousel For WooCommerce – WoorouSell	6.5	Medium	2025-05-16
CVE-2025-39509	WordPress TNC FlipBook plugin <= 12.1.0 - Cross Site Scripting (XSS) vulnerability — TNC FlipBook	6.5	Medium	2025-05-16
CVE-2025-39537	WordPress Better Customer List for WooCommerce Plugin <= 1.2.3 - Reflected Cross Site Scripting (XSS) vulnerability — Better Customer List for WooCommerce	7.1	High	2025-05-16
CVE-2025-46464	WordPress Ads Pro plugin <= 5.0 - Cross Site Scripting (XSS) vulnerability — Ads Pro	6.5	Medium	2025-05-16
CVE-2025-47557	WordPress MapSVG plugin <= 8.5.31 - Cross Site Scripting (XSS) vulnerability — MapSVG	6.5	Medium	2025-05-16
CVE-2025-48135	WordPress Aptivada for WP plugin <= 2.0.0 - Cross Site Scripting (XSS) Vulnerability — Aptivada for WP	6.5	Medium	2025-05-16
CVE-2025-48131	WordPress UltraAddons Elementor Lite plugin <= 2.0.2 - Cross Site Scripting (XSS) vulnerability — UltraAddons Elementor Lite	6.5	Medium	2025-05-16
CVE-2025-48132	WordPress X Addons for Elementor plugin <= 1.0.16 - Cross Site Scripting (XSS) Vulnerability — X Addons for Elementor	6.5	Medium	2025-05-16
CVE-2025-48121	WordPress WP Notes Widget plugin <= 1.0.6 - Cross Site Scripting (XSS) Vulnerability — WP Notes Widget	6.5	Medium	2025-05-16

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21535 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21535