CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21535

21535 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-22636	WordPress VR-Frases plugin <= 4.0.1 - Reflected XSS to SQL Injection vulnerability — VR-Frases	8.2	High	2025-04-17
CVE-2025-22651	WordPress Stylish Google Sheet Reader plugin <= 4.0 - Reflected Cross Site Scripting (XSS) vulnerability — Stylish Google Sheet Reader	7.1	High	2025-04-17
CVE-2025-22692	WordPress Sponsered Link plugin <= 4.0 - Reflected Cross Site Scripting (XSS) vulnerability — Sponsered Link	7.1	High	2025-04-17
CVE-2025-22771	WordPress The Great Firewords of China plugin <= 1.2 - Cross Site Scripting (XSS) vulnerability — The Great Firewords of China	6.5	Medium	2025-04-17
CVE-2025-22774	WordPress CRUDLab Scroll to Top Plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability — CRUDLab Scroll to Top	7.1	High	2025-04-17
CVE-2025-22796	WordPress WP-Asambleas Plugin <= 2.85.0 - Reflected Cross Site Scripting (XSS) vulnerability — WP-Asambleas	7.1	High	2025-04-17
CVE-2025-39420	WordPress WP Twitter Button plugin <= 1.4.1 - Cross Site Request Forgery (CSRF) vulnerability — WP Twitter Button	7.1	High	2025-04-17
CVE-2025-39427	WordPress WP Post to PDF Enhanced plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability — WP Post to PDF Enhanced	5.9	Medium	2025-04-17
CVE-2025-39428	WordPress Gravity Forms CSS Themes with Fontawesome and Placeholders plugin <= 8.5 - Cross Site Scripting (XSS) vulnerability — Gravity Forms CSS Themes with Fontawesome and Placeholders	5.9	Medium	2025-04-17
CVE-2025-39432	WordPress bbPress2 shortcode whitelist plugin <= 2.2.1 - CSRF to XSS vulnerability — bbPress2 shortcode whitelist	7.1	High	2025-04-17
CVE-2025-39444	WordPress MaxButtons plugin <= 9.8.3 - Cross Site Scripting (XSS) vulnerability — MaxButtons	5.9	Medium	2025-04-17
CVE-2025-39464	WordPress AdminQuickbar plugin <= 1.9.1 - Reflected Cross Site Scripting (XSS) vulnerability — AdminQuickbar	7.1	High	2025-04-17
CVE-2025-3760	Liferay Portal 跨站脚本漏洞 — Portal	5.4^AI	Medium^AI	2025-04-17
CVE-2025-3487	Forminator <= 1.42.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'limit' — Forminator Forms – Contact Form, Payment Form & Custom Form Builder	6.4	Medium	2025-04-17
CVE-2025-3615	Fluent Forms <= 6.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder	6.4	Medium	2025-04-17
CVE-2025-24909	Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') — Pentaho Business Analytics Server	4.4	Medium	2025-04-16
CVE-2025-0757	Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') — Pentaho Business Analytics Server	4.4	Medium	2025-04-16
CVE-2025-3733	baguetteBox.js - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-034 — baguetteBox.js	6.1^AI	Medium^AI	2025-04-16
CVE-2025-3692	SourceCodester Online Eyewear Shop Master.php cross site scripting — Online Eyewear Shop	2.4	Low	2025-04-16
CVE-2025-39514	WordPress Asgaros Forum plugin <= 3.2.1 - Cross Site Scripting (XSS) vulnerability — Asgaros Forum	6.5	Medium	2025-04-16
CVE-2025-39515	WordPress Attendance Manager plugin <= 0.6.2 - Cross Site Scripting (XSS) Vulnerability — Attendance Manager	6.5	Medium	2025-04-16
CVE-2025-39516	WordPress Author WIP Progress Bar plugin <= 1.0 - Cross Site Scripting (XSS) Vulnerability — Author WIP Progress Bar	6.5	Medium	2025-04-16
CVE-2025-39520	WordPress Checkout Files Upload for WooCommerce plugin <= 2.2.0 - Cross Site Scripting (XSS) Vulnerability — Checkout Files Upload for WooCommerce	6.5	Medium	2025-04-16
CVE-2025-39528	WordPress Rescue Shortcodes plugin <= 3.1 - Cross Site Scripting (XSS) vulnerability — Rescue Shortcodes	6.5	Medium	2025-04-16
CVE-2025-39525	WordPress Logo Carousel Slider plugin <= 2.1.3 - Cross Site Scripting (XSS) Vulnerability — Logo Carousel Slider	6.5	Medium	2025-04-16
CVE-2025-39529	WordPress Scriptless Social Sharing plugin <= 3.3.0 - Cross Site Scripting (XSS) Vulnerability — Scriptless Social Sharing	6.5	Medium	2025-04-16
CVE-2025-39540	WordPress WP Flipclock plugin <= 1.9.1 - Cross Site Scripting (XSS) vulnerability — WP Flipclock	6.5	Medium	2025-04-16
CVE-2025-39543	WordPress Royal Elementor Addons plugin <= 1.3.977 - Cross Site Scripting (XSS) vulnerability — Royal Elementor Addons	6.5	Medium	2025-04-16
CVE-2025-39549	WordPress Most And Least Read Posts Widget plugin <= 2.5.20 - Cross Site Scripting (XSS) Vulnerability — Most And Least Read Posts Widget	6.5	Medium	2025-04-16
CVE-2025-39555	WordPress Church Admin plugin <= 5.0.23 - Cross Site Scripting (XSS) vulnerability — Church Admin	6.5	Medium	2025-04-16

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21535 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21535