Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21535

21535 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-3643 Moodle: reflected xss risk in policy tool 5.4 Medium2025-04-25
CVE-2025-46618 JetBrains TeamCity 跨站脚本漏洞 — TeamCity 3.5 Low2025-04-25
CVE-2025-2986 IBM Maximo Asset Management cross-site scripting — Maximo Asset Management 5.5 Medium2025-04-25
CVE-2025-3870 1 Decembrie 1918 <= 1.dec.2012 - Cross-Site Request Forgery to Stored Cross-Site Scripting — 1 Decembrie 1918 6.1 Medium2025-04-25
CVE-2025-46482 WordPress WP Quiz plugin <= 2.0.10 - Cross Site Scripting (XSS) vulnerability — WP Quiz 6.5 Medium2025-04-25
CVE-2025-3868 Custom Admin-Bar Favorites <= 0.1 - Reflected Cross-Site Scripting — Custom Admin-Bar Favorites 6.1 Medium2025-04-25
CVE-2025-3867 Ajax Comment Form CST <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Ajax Comment Form CST 6.1 Medium2025-04-25
CVE-2025-3866 Add Google +1 (Plus one) social share Button <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Add Google +1 (Plus one) social share Button 6.1 Medium2025-04-25
CVE-2025-2580 Contact Form by Bit Form <= 2.18.3 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload — Bit Form – Custom Contact Form, Multi Step, Conversational Form & Payment Form builder 4.9 Medium2025-04-25
CVE-2025-3752 Able Player, accessible HTML5 media player <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via preload Parameter — Able Player, accessible HTML5 media player 6.4 Medium2025-04-25
CVE-2025-46595 Backdrop CMS 跨站脚本漏洞 — Flag 6.4 Medium2025-04-25
CVE-2025-46545 Sherpa Orchestrator 跨站脚本漏洞 — Orchestrator 4.4 Medium2025-04-25
CVE-2025-1294 eForm <= 4.18.0 - Unauthenticated Stored Cross-Site Scripting — eForm - WordPress Form Builder 7.2 High2025-04-24
CVE-2025-3749 Breeze Display <= 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via cal_size Parameter — Breeze Display 6.4 Medium2025-04-24
CVE-2025-43861 ManageWiki Vulnerable to Self-XSS in review dialog via unsanitized field reflection — ManageWiki 4.4 Medium2025-04-24
CVE-2022-44759 HCL Leap is affected by Cross-site scripting (XSS) — HCL Leap 4.6 Medium2025-04-24
CVE-2023-37534 HCL Leap is affected by a Cross-site scripting (XSS) vulnerability — HCL Leap 7.1 High2025-04-24
CVE-2024-30113 HCL Leap is affected by a cross-site scripting (XSS) vulnerability — HCL Leap 6.3 Medium2025-04-24
CVE-2024-30114 HCL Leap is affected by a cross-site scripting (XSS) vulnerability — HCL Leap 3.7 Low2025-04-24
CVE-2024-30147 HCL Leap is affected by a cross-site scripting (XSS) vulnerability — HCL Leap 6.5 Medium2025-04-24
CVE-2025-46523 WordPress COVID-19 (Coronavirus) Update Your Customers plugin <= 1.5.1 - Cross Site Scripting (XSS) Vulnerability — COVID-19 (Coronavirus) Update Your Customers 5.9 Medium2025-04-24
CVE-2025-46447 WordPress Fable Extra plugin <= 1.0.6 - Cross Site Scripting (XSS) Vulnerability — Fable Extra 6.5 Medium2025-04-24
CVE-2025-46477 WordPress WP Customize Login Page plugin <= 1.6.5 - Cross Site Scripting (XSS) Vulnerability — WP Customize Login Page 5.9 Medium2025-04-24
CVE-2025-46459 WordPress Confirm User Registration plugin <= 2.1.5 - Cross Site Scripting (XSS) Vulnerability — Confirm User Registration 5.9 Medium2025-04-24
CVE-2025-46469 WordPress Send From plugin <= 2.2 - Cross Site Scripting (XSS) Vulnerability — Send From 5.9 Medium2025-04-24
CVE-2025-46451 WordPress Floating Social Bar plugin <= 1.1.7 - Cross Site Scripting (XSS) Vulnerability — Floating Social Bar 5.9 Medium2025-04-24
CVE-2025-46541 WordPress WP-reCAPTCHA-bp plugin <= 4.1 - Cross Site Scripting (XSS) Vulnerability — WP-reCAPTCHA-bp 5.9 Medium2025-04-24
CVE-2025-46529 WordPress Business Contact Widget plugin <= 2.7.0 - Cross Site Scripting (XSS) Vulnerability — Business Contact Widget 5.9 Medium2025-04-24
CVE-2025-46533 WordPress Landing pages and Domain aliases for WordPress plugin <= 0.8 - Cross Site Scripting (XSS) Vulnerability — Landing pages and Domain aliases for WordPress 5.9 Medium2025-04-24
CVE-2025-46525 WordPress WP Cookie Consent plugin <= 1.0 - Cross Site Scripting (XSS) Vulnerability — WP Cookie Consent 5.9 Medium2025-04-24

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21535 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.