Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21536

21536 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-3100 WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts <= 2.6.22 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Upload — Project Manager – AI Powered Project Management, Task Management, Kanban Board & Time Tracker 6.4 Medium2025-04-09
CVE-2025-30292 ColdFusion | Cross-site Scripting (Reflected XSS) (CWE-79) — ColdFusion 6.1 Medium2025-04-08
CVE-2025-27205 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) — Adobe Experience Manager 5.4 Medium2025-04-08
CVE-2025-32117 WordPress Widgetize Pages Light plugin <= 3.0 - Reflected Cross Site Scripting (XSS) vulnerability — Widgetize Pages Light 7.1 High2025-04-08
CVE-2025-32211 WordPress Broadstreet plugin <= 1.52.1 - Cross Site Scripting (XSS) vulnerability — Broadstreet Ads 6.5 Medium2025-04-08
CVE-2025-22466 Ivanti Endpoint Manager 跨站脚本漏洞 — Endpoint Manager 8.2 High2025-04-08
CVE-2025-22465 Ivanti Endpoint Manager 跨站脚本漏洞 — Endpoint Manager 6.1 Medium2025-04-08
CVE-2025-22855 Fortinet FortiClient 跨站脚本漏洞 — FortiClientEMS 2.6 Low2025-04-08
CVE-2025-30166 Pimcore's Admin Classic Bundle allows HTML Injection — admin-ui-classic-bundle 5.4AIMediumAI2025-04-08
CVE-2025-2808 Motors – Car Dealership & Classified Listings Plugin <= 1.4.63 - Authenticated (Subscriber+) Stored Cross-Site Scripting — Motors – Car Dealership & Classified Listings Plugin 5.4 Medium2025-04-08
CVE-2025-3432 AAWEP Obfuscator <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting — AAWP Obfuscator 6.4 Medium2025-04-08
CVE-2025-26653 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML) — SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML) 4.7 Medium2025-04-08
CVE-2025-3397 YzmCMS message.tpl cross site scripting — YzmCMS 4.3 Medium2025-04-08
CVE-2025-3393 mrcen springboot-ucan-admin Personal Settings Interface index cross site scripting — springboot-ucan-admin 3.5 Low2025-04-08
CVE-2025-3392 hailey888 oa_system Backend MailController.java save cross site scripting — oa_system 3.5 Low2025-04-08
CVE-2025-3391 hailey888 oa_system Backend AddrController. java outAddress cross site scripting — oa_system 3.5 Low2025-04-08
CVE-2025-3390 hailey888 oa_system Backend DaymanageController.java addandchangeday cross site scripting — oa_system 3.5 Low2025-04-08
CVE-2025-32413 Vulnerability-Lookup 跨站脚本漏洞 — Vulnerability-Lookup 6.4 Medium2025-04-08
CVE-2025-3389 hailey888 oa_system Backend InformManageController.java testMess cross site scripting — oa_system 3.5 Low2025-04-07
CVE-2025-3388 hailey888 oa_system Frontend LoginsController.java loginCheck cross site scripting — oa_system 4.3 Medium2025-04-07
CVE-2025-3387 renrenio renren-security JSON cross site scripting — renren-security 3.5 Low2025-04-07
CVE-2025-3386 LinZhaoguan pb-cms Friendship Link admin#links cross site scripting — pb-cms 2.4 Low2025-04-07
CVE-2025-3385 LinZhaoguan pb-cms Classification Management Page cross site scripting — pb-cms 2.4 Low2025-04-07
CVE-2025-31476 tarteaucitron.js allows url scheme injection via unfiltered inputs — tarteaucitron.js 4.8 Medium2025-04-07
CVE-2025-3327 iteaj iboot 物联网网关 File Upload batch cross site scripting — iboot 物联网网关 3.5 Low2025-04-07
CVE-2025-3326 iteaj iboot 物联网网关 File Upload upload cross site scripting — iboot 物联网网关 3.5 Low2025-04-06
CVE-2025-32369 Kentico Xperience 安全漏洞 — Xperience 6.4 Medium2025-04-06
CVE-2025-3297 SourceCodester Online Eyewear Shop Master.php cross site scripting — Online Eyewear Shop 3.5 Low2025-04-05
CVE-2025-0839 ZoomSounds <= 6.91 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — ZoomSounds - WordPress Wave Audio Player with Playlist 6.4 Medium2025-04-05
CVE-2025-2544 AI Content Pipelines <= 1.6 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload — AI Content Pipelines: Content Engine + Analytics 6.4 Medium2025-04-05

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21536 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.