Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21535

21535 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-32598 WordPress WP Table Builder plugin <= 2.0.5 - Reflected Cross Site Scripting (XSS) vulnerability — WP Table Builder 7.1 High2025-04-11
CVE-2025-32586 WordPress ABA PayWay Payment Gateway for WooCommerce Plugin <= 2.1.4 - Reflected Cross Site Scripting (XSS) vulnerability — ABA PayWay Payment Gateway for WooCommerce 7.1 High2025-04-11
CVE-2025-32551 WordPress Connector to CiviCRM with CiviMcRestFace plugin <= 1.0.8 - Reflected Cross Site Scripting (XSS) vulnerability — Connector to CiviCRM with CiviMcRestFace 7.1 High2025-04-11
CVE-2025-32553 WordPress RestroPres plugin <= 3.2.8.4 - Reflected Cross Site Scripting (XSS) vulnerability — RestroPress 7.1 High2025-04-11
CVE-2025-32537 WordPress Lock Your Updates Plugin <= 1.1 - Reflected Cross Site Scripting (XSS) vulnerability — Lock Your Updates 7.1 High2025-04-11
CVE-2025-32541 WordPress WooCommerce Sales MIS Report Plugin <= 4.0.3 - Reflected Cross Site Scripting (XSS) vulnerability — WooCommerce Sales MIS Report 7.1 High2025-04-11
CVE-2025-32538 WordPress Easy Post Duplicator Plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability — Easy Post Duplicator 7.1 High2025-04-11
CVE-2025-32539 WordPress WooCommerce – Store Exporter plugin <= 2.7.4 - Cross Site Scripting (XSS) vulnerability — Store Exporter 7.1 High2025-04-11
CVE-2025-32536 WordPress HTML5 Video Player with Playlist Plugin <= 2.50 - Reflected Cross Site Scripting (XSS) vulnerability — HTML5 Video Player with Playlist 7.1 High2025-04-11
CVE-2025-32534 WordPress Workbox Video from Vimeo & Youtube Plugin Plugin <= 3.2.2 - Reflected Cross Site Scripting (XSS) vulnerability — Workbox Video from Vimeo & Youtube 7.1 High2025-04-11
CVE-2025-32525 WordPress Interactive Geo Maps plugin <= 1.6.24 - Reflected Cross Site Scripting (XSS) vulnerability — Interactive Geo Maps 7.1 High2025-04-11
CVE-2025-32523 WordPress WooCommerce – Payphone Gateway plugin <= 3.2.0 - Reflected Cross Site Scripting (XSS) vulnerability — WooCommerce – Payphone Gateway 7.1 High2025-04-11
CVE-2025-32524 WordPress MyWorks WooCommerce Sync for QuickBooks Online plugin <= 2.9.1 - Reflected Cross Site Scripting (XSS) vulnerability — MyWorks WooCommerce Sync for QuickBooks Online 7.1 High2025-04-11
CVE-2025-32517 WordPress MultiMailer plugin <= 1.0.3 - Reflected Cross Site Scripting (XSS) vulnerability — MultiMailer 7.1 High2025-04-11
CVE-2025-31379 WordPress Insert HTML Here plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability — Insert HTML Here 7.1 High2025-04-11
CVE-2025-31028 WordPress WP Hide Categories plugin <= 1.0 - Cross Site Scripting (XSS) Vulnerability — WP Hide Categories 7.1 High2025-04-11
CVE-2025-31378 WordPress Oppso Unit Converter plugin <= 1.1.1 - Reflected Cross Site Scripting (XSS) vulnerability — Oppso Unit Converter 7.1 High2025-04-11
CVE-2025-31021 WordPress Mobile Smart plugin <= v1.3.16 - Reflected Cross Site Scripting (XSS) vulnerability — Mobile Smart 7.1 High2025-04-11
CVE-2025-3434 SMTP for Amazon SES – YaySMTP <= 1.8 - Unauthenticated Stored Cross-Site Scripting via Email Logs — SMTP for Amazon SES – YaySMTP 7.2 High2025-04-11
CVE-2025-32809 W. W. Norton InQuizitive 安全漏洞 — InQuizitive 6.4 Medium2025-04-11
CVE-2025-32699 Potential javascript injection attack enabled by Unicode normalization in Action API — MediaWiki 9.1AICriticalAI2025-04-10
CVE-2025-3469 i18n XSS vulnerability in HTMLMultiSelectField when sections are used — MediaWiki 6.1AIMediumAI2025-04-10
CVE-2025-32027 Yii does not prevent XSS in scenarios where fallback error renderer is used — yii 6.1 Medium2025-04-10
CVE-2023-42007 IBM Sterling Control Center cross-site scripting — Sterling Control Center 5.4 Medium2025-04-10
CVE-2025-32391 HedgeDoc allows XSS possibility through malicious SVG uploads — hedgedoc 6.4 Medium2025-04-10
CVE-2025-30148 Silverstripe Framework has a XSS vulnerability in HTML editor — silverstripe-framework 5.4 Medium2025-04-10
CVE-2025-25197 Silverstripe Elemental enables XSS attacks in elemental "Content blocks in use" reports — silverstripe-elemental 5.4 Medium2025-04-10
CVE-2025-27350 WordPress Vice Versa plugin <= 2.2.3 - Reflected Cross Site Scripting (XSS) vulnerability — Vice Versa 7.1 High2025-04-10
CVE-2025-32214 WordPress Hive Support plugin <= 1.2.11 - Cross Site Scripting (XSS) vulnerability — Hive Support 6.5 Medium2025-04-10
CVE-2025-32199 WordPress Contact Form Builder by vcita plugin <= 4.10.2 - Cross Site Scripting (XSS) vulnerability — Contact Form Builder by vcita 6.5 Medium2025-04-10

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21535 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.