Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21535

21535 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-47449 WordPress Meow Gallery plugin <= 5.2.7 - Cross Site Scripting (XSS) Vulnerability — Meow Gallery 5.9 Medium2025-05-07
CVE-2025-47443 WordPress Widget Countdown plugin <= 2.7.4 - Cross Site Scripting (XSS) Vulnerability — Widget Countdown 6.5 Medium2025-05-07
CVE-2025-47442 WordPress CC BMI Calculator plugin <= 2.1.0 - Cross Site Scripting (XSS) Vulnerability — CC BMI Calculator 6.5 Medium2025-05-07
CVE-2025-47441 WordPress Progress Bar plugin <= 2.2.3 - Cross Site Scripting (XSS) Vulnerability — Progress Bar 6.5 Medium2025-05-07
CVE-2025-39361 WordPress Royal Elementor Addons plugin <= 1.7.1017 - Cross Site Scripting (XSS) vulnerability — Royal Elementor Addons 6.5 Medium2025-05-07
CVE-2025-0667 BOINC Server Stored XSS Injection in pm.php — BOINC Server 5.4AIMediumAI2025-05-07
CVE-2025-0666 BOINC Server Stored XSS Injection in host_venue_action.php — BOINC Server 5.4AIMediumAI2025-05-07
CVE-2024-12120 Royal Elementor Addons and Templates <= 1.7.1017 - Authenticated (Contributor+) Stored Cross-Site Scripting — Royal Addons for Elementor – Addons and Templates Kit for Elementor 5.4 Medium2025-05-07
CVE-2025-4171 WZ Followed Posts – Display what visitors are reading <= 3.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — WZ Followed Posts – Display what visitors are reading 6.4 Medium2025-05-07
CVE-2025-4054 Relevanssi <= 4.24.3 (Free) and <= 2.27.4 (Premium) - Unauthenticated Stored Cross-Site Scripting via Search Highlights — Relevanssi Premium 6.1 Medium2025-05-07
CVE-2025-3860 CarDealerPress <= 6.8.2505.00 - Authenticated (Contributor+) Stored Cross-Site Scripting via saleclass Parameter — CarDealerPress 6.4 Medium2025-05-07
CVE-2025-4220 Xavin's List Subpages <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — Xavin&#039;s List Subpages 6.4 Medium2025-05-07
CVE-2025-4055 Multiple Post Type Order <= 1.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via mpto Shortcode — Multiple Post Type Order 6.4 Medium2025-05-07
CVE-2025-4388 Liferay Portal和Liferay DXP 跨站脚本漏洞 — Portal 6.1AIMediumAI2025-05-06
CVE-2025-23379 Dell Storage Manager 跨站脚本漏洞 — Dell Storage Center - Dell Storage Manager 3.5 Low2025-05-06
CVE-2025-3782 Cision Block <= 4.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter — Cision Block 6.4 Medium2025-05-06
CVE-2025-3020 Wiesemann & Theis: Multiple W&T Products are vulnerable to cross-site-scripting — ERP-Gateway 12x Digital Input, 6x Digital Relais 5.4 Medium2025-05-06
CVE-2025-4326 MRCMS Add Fragment Page add.do cross site scripting — MRCMS 2.4 Low2025-05-06
CVE-2025-4325 MRCMS Category Management Page add.do cross site scripting — MRCMS 2.4 Low2025-05-06
CVE-2025-4324 MRCMS External Link Management Page edit.do cross site scripting — MRCMS 2.4 Low2025-05-06
CVE-2025-4323 MRCMS Edit Article Page cross site scripting — MRCMS 2.4 Low2025-05-06
CVE-2025-4293 MRCMS Group Edit Page edit.do cross site scripting — MRCMS 2.4 Low2025-05-05
CVE-2025-4292 MRCMS Edit User Page edit.do cross site scripting — MRCMS 2.4 Low2025-05-05
CVE-2025-46734 league/commonmark Cross-site Scripting vulnerability in Attributes extension — commonmark 6.4 Medium2025-05-05
CVE-2025-46719 Open WebUI vulnerable to stored XSS via unescaped markdown token in MarkdownTokens.svelte leading to full account takeover and RCE via functions — open-webui 8.2AIHighAI2025-05-05
CVE-2025-46571 Open WebUI vulnerable to limited stored XSS vila uploaded html file — open-webui 5.4AIMediumAI2025-05-05
CVE-2025-46335 Mobile Security Framework (MobSF) Allows Stored Cross Site Scripting (XSS) via malicious SVG Icon Upload — Mobile-Security-Framework-MobSF 5.4AIMediumAI2025-05-05
CVE-2025-39363 WordPress Custom Login and Registration <= 1.0.0 - Cross Site Scripting (XSS) Vulnerability — Custom Login and Registration 6.5 Medium2025-05-05
CVE-2025-4257 SeaCMS admin_pay.php cross site scripting — SeaCMS 3.5 Low2025-05-05
CVE-2025-4256 SeaCMS admin_paylog.php cross site scripting — SeaCMS 3.5 Low2025-05-05

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21535 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.