Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21535

21535 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-26749 WordPress Additional Custom Product Tabs for WooCommerce plugin <= 1.7.0 - Cross Site Scripting (XSS) vulnerability — Additional Custom Product Tabs for WooCommerce 6.5 Medium2025-04-15
CVE-2025-26880 WordPress SKT Skill Bar plugin <= 2.3 - Cross Site Scripting (XSS) vulnerability — SKT Skill Bar 6.5 Medium2025-04-15
CVE-2025-26870 WordPress JetEngine plugin <= 3.6.4.1 - Cross Site Scripting (XSS) vulnerability — JetEngine 6.5 Medium2025-04-15
CVE-2025-26740 WordPress SpaBiz plugin <= 1.0.18 - Cross Site Scripting (XSS) vulnerability — SpaBiz 6.5 Medium2025-04-15
CVE-2025-26746 WordPress Advanced Custom Fields: Link Picker Field plugin <= 1.2.8 - Reflected Cross Site Scripting (XSS) vulnerability — Advanced Custom Fields: Link Picker Field 7.1 High2025-04-15
CVE-2025-22268 WordPress Uncanny Toolkit for LearnDash plugin <= 3.7.0.1 - Cross Site Scripting (XSS) vulnerability — Uncanny Toolkit for LearnDash 6.5 Medium2025-04-15
CVE-2025-22269 WordPress Real Testimonials plugin <= 3.1.6 - Cross Site Scripting (XSS) vulnerability — Real Testimonials 6.5 Medium2025-04-15
CVE-2025-22263 WordPress Global Gallery plugin <= 8.8.0 - Reflected Cross Site Scripting (XSS) vulnerability — Global Gallery 7.1 High2025-04-15
CVE-2025-24297 Growatt Cloud portal Cross-site Scripting — Cloud portal 9.8 Critical2025-04-15
CVE-2025-30511 Growatt Cloud Applications Cross-site Scripting — Cloud portal 8.8 High2025-04-15
CVE-2024-42200 HCL BigFix Web Reports is potentially susceptible to a Stored Cross-Site Scripting (XSS) attack — HCL BigFix Platform 5.4AIMediumAI2025-04-15
CVE-2025-31011 WordPress SimplyRETS Real Estate IDX plugin <= 3.2.2 - Cross Site Scripting (XSS) vulnerability — SimplyRETS Real Estate IDX 7.1 High2025-04-15
CVE-2025-26982 WordPress DSGVO Youtube plugin <= 1.5.1 - Cross Site Scripting (XSS) vulnerability — DSGVO Youtube 6.5 Medium2025-04-15
CVE-2025-30962 WordPress FS Poster plugin <= 6.5.8 - Reflected Cross Site Scripting (XSS) vulnerability — FS Poster 7.1 High2025-04-15
CVE-2025-26954 WordPress ZooEffect plugin <= 1.11 - Reflected Cross Site Scripting (XSS) vulnerability — ZooEffect 7.1 High2025-04-15
CVE-2025-26744 WordPress JetBlog plugin <= 2.4.3 - Cross Site Scripting (XSS) vulnerability — JetBlog 6.5 Medium2025-04-15
CVE-2025-26743 WordPress Advance WP Query Search Filter plugin <= 1.0.10 - Reflected Cross Site Scripting (XSS) vulnerability — Advance WP Query Search Filter 7.1 High2025-04-15
CVE-2025-26745 WordPress RS Elements Elementor Addon plugin <= 1.1.5 - Stored Cross Site Scripting (XSS) vulnerability — RS Elements Elementor Addon 6.5 Medium2025-04-15
CVE-2025-26992 WordPress Landing Page Cat plugin <= 1.7.8 - Reflected Cross Site Scripting (XSS) vulnerability — Landing Page Cat 7.1 High2025-04-15
CVE-2025-2083 Logo Carousel Gutenberg Block <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via sliderId Parameter — Awesome Logo Carousel Block 6.4 Medium2025-04-15
CVE-2024-45712 SolarWinds Serv-U Client-Side Cross-Site Scripting Vulnerability — Serv-U 2.6 Low2025-04-15
CVE-2025-2225 Responsive Addons for Elementor – Free Elementor Addons Plugin and Elementor Templates <= 1.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'rael_title_tag' — Responsive Addons for Elementor – Free Elementor Addons, Kits and Elementor Templates 6.4 Medium2025-04-15
CVE-2025-3573 jquery-validation 安全漏洞 — jquery-validation 6.1 Medium2025-04-15
CVE-2025-3613 Demtec Graphytics visualization cross site scripting — Graphytics 3.5 Low2025-04-15
CVE-2025-3612 Demtec Graphytics HTTP GET Parameter visualization cross site scripting — Graphytics 4.3 Medium2025-04-15
CVE-2025-3592 ZHENFENG13/code-projects My-Blog-layui edit cross site scripting — My-Blog-layui 3.5 Low2025-04-14
CVE-2025-3591 ZHENFENG13/code-projects My-Blog-layui edit cross site scripting — My-Blog-layui 3.5 Low2025-04-14
CVE-2022-43850 IBM Aspera Console cross-site scripting — Aspera Console 5.4 Medium2025-04-14
CVE-2025-22373 XSS, HTML and Style injection on login page — BASEC 6.1AIMediumAI2025-04-14
CVE-2025-3570 JamesZBL/code-projects db-hospital-drug ContentController.java save cross site scripting — db-hospital-drug 3.5 Low2025-04-14

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21535 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.