CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21535

21535 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-39382	WordPress ACF: Google Font Selector plugin <= 3.0.1 - Cross Site Scripting (XSS) vulnerability — ACF: Google Font Selector	7.1	High	2025-04-24
CVE-2025-39397	WordPress Anything Popup plugin <= 7.3 - Reflected Cross Site Scripting (XSS) vulnerability — Anything Popup	7.1	High	2025-04-24
CVE-2025-39400	WordPress User Registration plugin < 4.2.0 - Reflected Cross Site Scripting (XSS) vulnerability — User Registration	7.1	High	2025-04-24
CVE-2025-39408	WordPress BruteGuard – Brute Force Login Protection plugin <= 0.1.4 - Reflected Cross Site Scripting (XSS) vulnerability — BruteGuard – Brute Force Login Protection	7.1	High	2025-04-24
CVE-2025-46234	WordPress Control Listings plugin <= 1.0.4.1 - Reflected Cross Site Scripting (XSS) vulnerability — Control Listings	7.1	High	2025-04-24
CVE-2025-46260	WordPress Sky Addons for Elementor plugin <= 3.0.1 - Cross Site Scripting (XSS) vulnerability — Sky Addons for Elementor	6.5	Medium	2025-04-24
CVE-2025-46261	WordPress Seriously Simple Podcasting plugin <= 3.9.0 - Cross Site Scripting (XSS) vulnerability — Seriously Simple Podcasting	5.9	Medium	2025-04-24
CVE-2025-3832	FuseDesk <= 6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via successredirect Parameter — FuseDesk	6.4	Medium	2025-04-24
CVE-2025-2579	Lottie Player <= 1.1.8 - Authenticated (Author+) Stored Cross-Site Scripting via File Upload — Lottie Player – Add Interactive Lottie Animations with Block Support	6.4	Medium	2025-04-24
CVE-2025-2543	Advanced Accordion Gutenberg Block <= 5.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload — Advanced Accordion Gutenberg Block – Create Beautiful FAQs, Content Accordions & Interactive Tabs	6.4	Medium	2025-04-24
CVE-2025-3435	MangBoard WP <= 1.8.6 - Authenticated (Administrator+) Stored Cross-Site Scripting via Board Header And Footer — Mang Board WP	4.4	Medium	2025-04-24
CVE-2025-3902	Block Class - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-043 — Block Class	6.1	-	2025-04-23
CVE-2025-3901	Bootstrap Site Alert - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-042 — Bootstrap Site Alert	6.1	-	2025-04-23
CVE-2025-3900	Colorbox - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-041 — Colorbox	6.1	-	2025-04-23
CVE-2025-2767	Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Execution Vulnerability — NG Firewall	8.8	-	2025-04-23
CVE-2025-2703	Grafana 安全漏洞 — Grafana	6.8	Medium	2025-04-23
CVE-2025-1054	UiCore Elements – Free Elementor widgets and templates <= 1.0.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets — UiCore Elements – Free widgets and templates for Elementor	6.4	Medium	2025-04-23
CVE-2025-32961	CUBA JPA Web API Vulnerable to Cross-Site Scripting (XSS) in the /download Endpoint — jpawebapi	6.4	Medium	2025-04-22
CVE-2025-32960	CUBA Generic REST API Vulnerable to Cross-Site Scripting (XSS) in the /files Endpoint — restapi	6.4	Medium	2025-04-22
CVE-2025-32951	io.jmix.rest:jmix-rest allows XSS in the /files Endpoint of the Generic REST API — jmix	6.4	Medium	2025-04-22
CVE-2025-23175	Tecnick - Multiple XSS (CWE-79) — TCExam	6.1	Medium	2025-04-22
CVE-2025-3458	Ocean Extra <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ocean_gallery_id' — Ocean Extra	6.4	Medium	2025-04-22
CVE-2025-3457	Ocean Extra <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Ocean Extra	6.4	Medium	2025-04-22
CVE-2025-46254	WordPress Visual Composer Website Builder plugin <= 45.10.0 - Cross Site Scripting (XSS) vulnerability — Visual Composer Website Builder	6.5	Medium	2025-04-22
CVE-2025-46253	WordPress GutenKit plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability — GutenKit	6.5	Medium	2025-04-22
CVE-2025-46250	WordPress VForm plugin <= 3.1.14 - Cross Site Scripting (XSS) Vulnerability — VPSUForm	5.9	Medium	2025-04-22
CVE-2025-46240	WordPress Simple Download Counter plugin <= 2.2 - Cross Site Scripting (XSS) Vulnerability — Simple Download Counter	6.5	Medium	2025-04-22
CVE-2025-46239	WordPress Theme Switcha plugin <= 3.4 - Cross Site Scripting (XSS) Vulnerability — Theme Switcha	6.5	Medium	2025-04-22
CVE-2025-46238	WordPress List Last Changes plugin <= 1.2.1 - Cross Site Scripting (XSS) Vulnerability — List Last Changes	6.5	Medium	2025-04-22
CVE-2025-46237	WordPress Link Library plugin <= 7.8 - Cross Site Scripting (XSS) Vulnerability — Link Library	6.5	Medium	2025-04-22

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21535 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21535