CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21536

21536 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-31483	Stored XSS in Miniflux Media Proxy due to improper Content-Security-Policy configuration — v2	6.1^AI	Medium^AI	2025-04-03
CVE-2025-3157	Intelbras WRN 150 Wireless Menu cross site scripting — WRN 150	2.4	Low	2025-04-03
CVE-2025-31907	WordPress Team Builder plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability — Team Builder	7.1	High	2025-04-03
CVE-2025-31902	WordPress Social Share And Social Locker Plugin <= 1.4.1 - Reflected Cross Site Scripting (XSS) vulnerability — Social Share And Social Locker	7.1	High	2025-04-03
CVE-2025-31903	WordPress XV Random Quotes plugin <= 2.0.0 - Cross Site Scripting (XSS) vulnerability — XV Random Quotes	7.1	High	2025-04-03
CVE-2025-31905	WordPress Team Rosters Plugin <= 4.7 - Reflected Cross Site Scripting (XSS) vulnerability — Team Rosters	7.1	High	2025-04-03
CVE-2025-31901	WordPress Digihood HTML Sitemap Plugin <= 3.1.1 - Reflected Cross Site Scripting (XSS) vulnerability — Digihood HTML Sitemap	7.1	High	2025-04-03
CVE-2025-31898	WordPress MediaView plugin <= 1.1.2 - Reflected Cross Site Scripting (XSS) vulnerability — MediaView	7.1	High	2025-04-03
CVE-2025-31900	WordPress Lexicata plugin <= 1.0.16 - Reflected Cross Site Scripting (XSS) vulnerability — Lexicata	7.1	High	2025-04-03
CVE-2025-31899	WordPress Awesome Logos plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability — Awesome Logos	7.1	High	2025-04-03
CVE-2025-31893	WordPress Botnet Attack Blocker plugin <= 2.0.0 - Stored Cross Site Scripting (XSS) vulnerability — Botnet Attack Blocker	6.5	Medium	2025-04-03
CVE-2025-31582	WordPress Contact Form vCard Generator plugin <= 2.4 - Cross Site Scripting (XSS) vulnerability — Contact Form vCard Generator	7.1	High	2025-04-03
CVE-2025-31622	WordPress Advanced Typekit plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability — Advanced Typekit	6.5	Medium	2025-04-03
CVE-2025-31626	WordPress Support Helpdesk Ticket System Lite plugin <= 4.5.2 - Reflected Cross Site Scripting (XSS) vulnerability — Support Helpdesk Ticket System Lite	7.1	High	2025-04-03
CVE-2025-31573	WordPress PeproDev CF7 Database plugin <= 2.0.0 - Cross Site Scripting (XSS) vulnerability — PeproDev CF7 Database	7.1	High	2025-04-03
CVE-2025-31442	WordPress Search engine keywords highlighter plugin <= 0.1.3 - Reflected Cross Site Scripting (XSS) vulnerability — Search engine keywords highlighter	7.1	High	2025-04-03
CVE-2025-31536	WordPress CF7 Spreadsheets plugin <= 2.3.2 - Reflected Cross Site Scripting (XSS) vulnerability — CF7 Spreadsheets	7.1	High	2025-04-03
CVE-2025-31467	WordPress Flickr Photostream plugin <= 3.1.8 - Reflected Cross Site Scripting (XSS) vulnerability — Flickr Photostream	7.1	High	2025-04-03
CVE-2025-31468	WordPress WP_Identicon plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability — WP_Identicon	7.1	High	2025-04-03
CVE-2025-31436	WordPress Blubrry PowerPress Podcasting plugin MultiSite add-on plugin <= 0.1.1 - Reflected Cross Site Scripting (XSS) vulnerability — Blubrry PowerPress Podcasting plugin MultiSite add-on	7.1	High	2025-04-03
CVE-2025-31091	WordPress CM Header and Footer plugin <= 1.2.4 - Cross Site Scripting (XSS) Vulnerability — CM Header and Footer	6.5	Medium	2025-04-03
CVE-2025-30858	WordPress Snow Storm plugin <= 1.4.6 - Reflected Cross Site Scripting (XSS) vulnerability — Snow Storm	7.1	High	2025-04-03
CVE-2025-30616	WordPress Latest Custom Post Type Updates plugin <= 1.3.0 - Reflected Cross Site Scripting (XSS) vulnerability — Latest Custom Post Type Updates	7.1	High	2025-04-03
CVE-2025-30611	WordPress Wptobe-signinup plugin <= 1.1.2 - Reflected Cross Site Scripting (XSS) vulnerability — Wptobe-signinup	7.1	High	2025-04-03
CVE-2024-9416	Modula Image Gallery <= 2.10.1 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox 5 JavaScript Library — Modula Image Gallery – Photo Grid & Video Gallery	6.4	Medium	2025-04-03
CVE-2025-2299	LuckyWP Table of Contents <= 2.1.10 - Cross-Site Request Forgery to Reflected Cross-Site Scripting — LuckyWP Table of Contents	6.1	Medium	2025-04-03
CVE-2025-3152	caipeichao ThinkOX Search search.html cross site scripting — ThinkOX	3.5	Low	2025-04-03
CVE-2025-3149	itning Student Homework Management System Edit Job Page fileupload cross site scripting — Student Homework Management System	2.4	Low	2025-04-03
CVE-2025-1663	Unlimited Elements For Elementor <= 1.5.142 - Authenticated (Contributor+) Stored Cross-Site Scripting — Unlimited Elements For Elementor	6.4	Medium	2025-04-03
CVE-2025-2874	User Submitted Posts <= 20241026 - Authenticated (Admin+) Stored Cross-Site Scripting — User Submitted Posts – Enable Users to Submit Posts from the Front End	4.4	Medium	2025-04-03

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21536 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21536