Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21535

21535 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-41753 IBM Cloud Pak for Business Automation cross-site scripting — Cloud Pak for Business Automation 6.1 Medium2025-05-03
CVE-2025-3815 SurveyJS <= 1.12.32 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter — SurveyJS: Drag & Drop Form Builder 6.4 Medium2025-05-03
CVE-2025-3779 Personizely <= 0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via widgetId Parameter — Personizely — A/B Testing, Personalization, Popups & CRO 6.4 Medium2025-05-03
CVE-2025-4170 Xavin's Review Ratings <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Xavin&#039;s Review Ratings 6.4 Medium2025-05-03
CVE-2025-4172 VerticalResponse Newsletter Widget <= 1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting — VerticalResponse Newsletter Widget 6.4 Medium2025-05-03
CVE-2025-2488 XSS in Profelis Informatics' SambaBox — SambaBox 6.1 Medium2025-05-02
CVE-2025-1301 Reflected XSS in Yordam Informatics' Library Automation System — Library Automation System 6.1 Medium2025-05-02
CVE-2024-13859 BuddyBoss Platform <= 2.8.50 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'bp_nouveau_ajax_media_save' function — BuddyBoss Platform 6.4 Medium2025-05-02
CVE-2024-13860 BuddyBoss Platform <= 2.8.50 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'bbp_topic_title' — BuddyBoss Platform 6.4 Medium2025-05-02
CVE-2024-13858 BuddyBoss Platform and BuddyBoss Theme <= Multiple Versions - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'invitee_name' — BuddyBoss Theme 6.4 Medium2025-05-02
CVE-2025-3488 WPML Multilingual CMS 3.6.0 - 4.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpml_language_switcher Shortcode — WPML 6.4 Medium2025-05-02
CVE-2025-3858 Formality <= 1.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via align Parameter — Formality 6.4 Medium2025-05-02
CVE-2025-3748 Taxonomy Chain Menu <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via pn_chain_menu Shortcode — Taxonomy Chain Menu 6.4 Medium2025-05-02
CVE-2025-3510 tagDiv Composer <= 5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes — tagDiv Composer 6.4 Medium2025-05-02
CVE-2025-3670 KiwiChat NextClient <= 6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via url Parameter — KiwiChat NextClient 6.4 Medium2025-05-02
CVE-2025-4131 GmapsMania <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — GmapsMania 6.4 Medium2025-05-02
CVE-2025-47201 Intrexx Portal Server 安全漏洞 — Portal Server 4.4 Medium2025-05-02
CVE-2025-3890 WordPress Simple PayPal Shopping Cart <= 5.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Simple Shopping Cart 6.4 Medium2025-05-01
CVE-2025-1529 AM LottiePlayer <= 3.5.3 - Authenticated (Author+) Stored Cross-Site Scripting via Uploaded Lottie File — AM LottiePlayer 6.4 Medium2025-05-01
CVE-2025-4100 Nautic Pages <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Nautic Pages 6.4 Medium2025-05-01
CVE-2025-4099 List Children <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — List Children 6.4 Medium2025-05-01
CVE-2024-30145 HCL Domino Volt and Domino Leap are affected by a cross-site scripting (XSS) vulnerability — HCL Domino Leap 6.5 Medium2025-04-30
CVE-2024-30115 HCL Domino Volt and Domino Leap are affected by a cross-site scripting (XSS) vulnerability — HCL Domino Leap 6.3 Medium2025-04-30
CVE-2023-37535 HCL Domino Volt and Domino Leap are affected by a Cross-site scripting (XSS) vulnerability — HCL Domino Leap 7.1 High2025-04-30
CVE-2022-42450 HCL Domino Volt is affected by Cross-site scripting (XSS) — HCL Domino Volt 4.6 Medium2025-04-30
CVE-2025-46558 org.xwiki.contrib.markdown:syntax-markdown-commonmark12 vulnerable to XSS via Markdown content — syntax-markdown 9.1 Critical2025-04-30
CVE-2025-46550 Yeswiki Vulnerable to Unauthenticated Reflected Cross-site Scripting — yeswiki 4.3 Medium2025-04-29
CVE-2025-46549 Yeswiki Vulnerable to Unauthenticated Reflected Cross-site Scripting — yeswiki 4.3 Medium2025-04-29
CVE-2025-4075 VMSMan login.php cross site scripting — VMSMan 4.3 Medium2025-04-29
CVE-2025-46350 Yeswiki Vulnerable to Authenticated Reflected Cross-site Scripting — yeswiki 3.5 Low2025-04-29

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21535 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.