CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21538

21538 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-22496	WordPress Notif Bell Plugin <= 0.9.8 - Cross Site Scripting (XSS) vulnerability — Notif Bell	5.9	Medium	2025-03-27
CVE-2025-22497	WordPress Simple Google Calendar Outlook Events Block Widget plugin <= 2.5.0 - Cross Site Scripting (XSS) vulnerability — Simple Google Calendar Outlook Events Block Widget	6.5	Medium	2025-03-27
CVE-2025-22628	WordPress Filled In Plugin <= 1.9.2 - CSRF to Stored XSS vulnerability — Filled In	7.1	High	2025-03-27
CVE-2025-22638	WordPress Product Table For WooCommerce Plugin <= 1.2.3 - Cross Site Scripting (XSS) vulnerability — Product Table For WooCommerce	6.5	Medium	2025-03-27
CVE-2025-22640	WordPress Paytm Payment Donation Plugin <= 2.3.3 - Cross Site Scripting (XSS) vulnerability — Paytm Payment Donation	5.9	Medium	2025-03-27
CVE-2025-22644	WordPress Vayu Blocks – Gutenberg Blocks plugin <= 1.4.7 - Cross Site Scripting (XSS) vulnerability — Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce	6.5	Medium	2025-03-27
CVE-2025-22646	WordPress aThemes Addons for Elementor plugin <= 1.0.8 - Stored Cross Site Scripting (XSS) vulnerability — aThemes Addons for Elementor	6.5	Medium	2025-03-27
CVE-2025-22648	WordPress Blog, Posts and Category Filter for Elementor plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability — Blog, Posts and Category Filter for Elementor	6.5	Medium	2025-03-27
CVE-2025-22649	WordPress WP Project Manager plugin <= 2.6.22 - Cross Site Scripting (XSS) vulnerability — WP Project Manager	5.9	Medium	2025-03-27
CVE-2025-22659	WordPress Orbit Fox by ThemeIsle plugin <= 2.10.44 - Cross Site Scripting (XSS) vulnerability — Orbit Fox by ThemeIsle	6.5	Medium	2025-03-27
CVE-2025-22660	WordPress Include Mastodon Feed plugin <= 1.9.9 - Cross Site Scripting (XSS) vulnerability — Include Mastodon Feed	6.5	Medium	2025-03-27
CVE-2025-22816	WordPress Power Mag theme <= 1.1.5 - Cross Site Scripting (XSS) vulnerability — Power Mag	6.5	Medium	2025-03-27
CVE-2025-26731	WordPress ARPrice plugin <= 4.1.3 - Cross Site Scripting (XSS) vulnerability — ARPrice	6.5	Medium	2025-03-27
CVE-2025-26732	WordPress StoreBiz plugin <= 1.0.32 - Cross Site Scripting (XSS) vulnerability — StoreBiz	6.5	Medium	2025-03-27
CVE-2025-26734	WordPress Hester plugin <= 1.1.10 - Cross Site Scripting (XSS) vulnerability — Hester	6.5	Medium	2025-03-27
CVE-2025-26736	WordPress MorningTime Lite theme <= 1.3.2 - Stored Cross Site Scripting (XSS) vulnerability — MorningTime Lite	6.5	Medium	2025-03-27
CVE-2025-26737	WordPress City Store theme <= 1.4.5 - Cross Site Scripting (XSS) vulnerability — City Store	6.5	Medium	2025-03-27
CVE-2025-26738	WordPress Quick Interest Slider plugin <= 3.1.5 - Cross Site Scripting (XSS) vulnerability — Quick Interest Slider	6.5	Medium	2025-03-27
CVE-2025-26619	Vega Cross-Site Scripting (XSS) via event filter when not using CSP mode `expressionInterpeter` — vega	7.1^AI	High^AI	2025-03-27
CVE-2025-0811	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLab	8.7	High	2025-03-27
CVE-2025-2255	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLab	8.7	High	2025-03-27
CVE-2025-31140	JetBrains TeamCity 跨站脚本漏洞 — TeamCity	4.6	Medium	2025-03-27
CVE-2025-30925	WordPress The Pack Elementor addons plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability — The Pack Elementor addons	6.5	Medium	2025-03-27
CVE-2025-30922	WordPress Simplebooklet PDF Viewer and Embedder plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability — Simplebooklet PDF Viewer and Embedder	6.5	Medium	2025-03-27
CVE-2025-30920	WordPress WP Posts Carousel plugin <= 1.3.7 - Cross Site Scripting (XSS) vulnerability — WP Posts Carousel	6.5	Medium	2025-03-27
CVE-2025-30918	WordPress Structured Content plugin <= 1.6.3 - Cross Site Scripting (XSS) vulnerability — Structured Content	6.5	Medium	2025-03-27
CVE-2025-30907	WordPress SecuPress Free plugin <= 2.2.5.3 - Cross Site Scripting (XSS) vulnerability — SecuPress Free	6.5	Medium	2025-03-27
CVE-2025-30904	WordPress Chartify plugin <= 3.1.7 - Cross Site Scripting (XSS) vulnerability — Chartify	5.9	Medium	2025-03-27
CVE-2025-30903	WordPress SyntaxHighlighter Evolved plugin <= 3.7.1 - Cross Site Scripting (XSS) vulnerability — SyntaxHighlighter Evolved	6.5	Medium	2025-03-27
CVE-2025-30900	WordPress Zoho Billing – Embed Payment Form plugin <= 4.0 - Stored Cross Site Scripting (XSS) vulnerability — Zoho Billing – Embed Payment Form	6.5	Medium	2025-03-27

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21538 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21538