CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21535

21535 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-43567	Adobe Connect \| Cross-site Scripting (Reflected XSS) (CWE-79) — Adobe Connect	9.3	Critical	2025-05-13
CVE-2024-51446	Siemens Polarion 跨站脚本漏洞 — Polarion V2310	6.5	Medium	2025-05-13
CVE-2025-4647	A user with elevated privileges can bypass sanitization measures by replacing the content of an existing SVG — web	8.4	High	2025-05-13
CVE-2025-43006	Cross-Site Scripting (XSS) vulnerability in SAP Supplier Relationship Management (Master Data Management Catalog) — SAP Supplier Relationship Management (Master Data Management Catalog)	6.1	Medium	2025-05-13
CVE-2025-30009	Multiple vulnerabilities in SAP Supplier Relationship Management (Live Auction Cockpit) — SAP Supplier Relationship Management (Live Auction Cockpit)	6.1	Medium	2025-05-13
CVE-2025-26662	Cross-Site Scripting (XSS) vulnerability in the SAP Data Services Management Console — SAP Data Services Management Console	4.4	Medium	2025-05-13
CVE-2025-46825	Kanboard has stored Cross-site Scripting vulnerability in project name — kanboard	6.1^AI	Medium^AI	2025-05-12
CVE-2025-46749	Improper Neutralization of Input — SEL Blueframe OS	4.3	Medium	2025-05-12
CVE-2025-47578	WordPress BNS Twitter Follow Button plugin <= 0.3.8 - Cross Site Scripting (XSS) vulnerability — BNS Twitter Follow Button	6.5	Medium	2025-05-12
CVE-2025-40627	Reflected Cross-Site Scripting (XSS) in AbanteCart — AbanteCart	6.1^AI	Medium^AI	2025-05-12
CVE-2025-40626	Reflected Cross-Site Scripting (XSS) in AbanteCart — AbanteCart	6.1^AI	Medium^AI	2025-05-12
CVE-2025-46729	phpDVDProfiler Cross-site Scripting vulnerability — phpDVDProfiler	4.7^AI	Medium^AI	2025-05-12
CVE-2025-41393	Ricoh Web Image Monitor 跨站脚本漏洞 — Multiple laser printers and MFPs which implement Web Image Monitor	6.1^AI	Medium^AI	2025-05-12
CVE-2025-4551	ContiNew Admin file cross site scripting — ContiNew Admin	3.5	Low	2025-05-11
CVE-2025-4547	SourceCodester Web-based Pharmacy Product Management System Add User Page cross site scripting — Web-based Pharmacy Product Management System	2.4	Low	2025-05-11
CVE-2025-47828	H5P-Nodejs-library 安全漏洞 — H5P-Nodejs-library	6.4	Medium	2025-05-11
CVE-2025-4512	Inetum IODAS app.jsp cross site scripting — IODAS	4.3	Medium	2025-05-10
CVE-2025-3878	SMS Alert Order Notifications – WooCommerce <= 3.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via sa_verify Shortcode — SMS Alert – SMS & OTP for WooCommerce, Order Notifications & Abandoned Cart Recovery	6.4	Medium	2025-05-10
CVE-2025-2944	Jeg Elementor Kit <= 2.6.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Button and Countdown Widgets — Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress	6.4	Medium	2025-05-10
CVE-2025-4495	JAdmin-JAVA JAdmin save cross site scripting — JAdmin	3.5	Low	2025-05-10
CVE-2025-3794	WPForms Lite <= 1.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'start_timestamp' Parameter — WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More	5.4	Medium	2025-05-09
CVE-2025-4470	SourceCodester Online Student Clearance System add-student.php cross site scripting — Online Student Clearance System	2.4	Low	2025-05-09
CVE-2025-4469	SourceCodester Online Student Clearance System add-admin.php cross site scripting — Online Student Clearance System	2.4	Low	2025-05-09
CVE-2025-4461	TOTOLINK N150RT Virtual Server Page cross site scripting — N150RT	2.4	Low	2025-05-09
CVE-2025-4460	TOTOLINK N150RT URL Filtering Page cross site scripting — N150RT	2.4	Low	2025-05-09
CVE-2025-46812	Trix vulnerable to Cross-site Scripting on copy & paste — trix	6.1^AI	Medium^AI	2025-05-08
CVE-2025-2806	tagDiv Composer <= 5.3 - Reflected Cross-Site Scripting via 'data' — tagDiv Composer	6.1	Medium	2025-05-08
CVE-2025-3468	NEX-Forms – Ultimate Form Builder – Contact forms and much more <= 8.9.1 - Authenticated (Custom) Stored Cross-Site Scripting — NEX-Forms – Ultimate Forms Plugin for WordPress	6.4	Medium	2025-05-08
CVE-2025-3862	Contest Gallery <= 26.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter — Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe	6.4	Medium	2025-05-08
CVE-2025-4127	WP SEO Structured Data Schema <= 2.7.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Plugin Settings — WP SEO Structured Data Schema	6.4	Medium	2025-05-08

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21535 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21535