CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21546

21546 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-30219	RabbitMQ has XSS Vulnerability in an Error Message in Management UI — rabbitmq-server	6.1	Medium	2025-03-25
CVE-2025-26742	WordPress Gallery for Social Photo plugin <= 1.0.0.35 - Cross Site Scripting (XSS) vulnerability — Gallery for Social Photo	6.5	Medium	2025-03-25
CVE-2025-27633	Hitachi Energy TRMTracker 跨站脚本漏洞 — TRMTracker	6.1	Medium	2025-03-25
CVE-2024-53679	Apache VCL: XSS vulnerability in User Lookup impacting user privileges — Apache VCL	5.4^AI	Medium^AI	2025-03-25
CVE-2025-2635	Digital License Manager <= 1.7.3 - Reflected Cross-Site Scripting via remove_query_arg Function — Digital License Manager	6.1	Medium	2025-03-25
CVE-2025-2542	Your Simple SVG Support <= 1.0.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload — Your Simple SVG Support	6.4	Medium	2025-03-25
CVE-2024-13731	Alert Box Block – Display notice/alerts in the front end <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Alert Box Block — Alert Box Block – Display Custom Alerts and Messages	6.4	Medium	2025-03-25
CVE-2024-13690	WP Church Donation <= 1.7 - Unauthenticated Stored Cross-Site Scripting — WP Church Donation	7.2	High	2025-03-25
CVE-2025-2510	Frndzk Expandable Bottom Bar <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via text Parameter — Frndzk Expandable Bottom Bar	5.5	Medium	2025-03-25
CVE-2024-12623	DICOM Support <= 0.10.6 - Authenticated (Contributor+) Stored Cross-Site Scripting — DICOM Support	6.4	Medium	2025-03-25
CVE-2025-0845	DesignThemes Core Features <= 4.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — DesignThemes Core Features	6.4	Medium	2025-03-25
CVE-2024-10208	Cross Site Scripting vulnerability in APROL Web Portal — APROL	5.4^AI	Medium^AI	2025-03-25
CVE-2025-2715	timschofield webERP Confirm Dispatch and Invoice Page ConfirmDispatch_Invoice.php cross site scripting — webERP	3.5	Low	2025-03-24
CVE-2025-2714	JoomlaUX JUX Real Estate addagent cross site scripting — JUX Real Estate	4.3	Medium	2025-03-24
CVE-2025-2712	Yonyou UFIDA ERP-NC top.jsp cross site scripting — UFIDA ERP-NC	4.3	Medium	2025-03-24
CVE-2025-2711	Yonyou UFIDA ERP-NC systop.jsp cross site scripting — UFIDA ERP-NC	4.3	Medium	2025-03-24
CVE-2025-2710	Yonyou UFIDA ERP-NC menu.jsp cross site scripting — UFIDA ERP-NC	4.3	Medium	2025-03-24
CVE-2025-2709	Yonyou UFIDA ERP-NC login.jsp cross site scripting — UFIDA ERP-NC	4.3	Medium	2025-03-24
CVE-2025-2748	Kentico Xperience stored cross-site scripting in multiple-file upload functionality — Xperience	6.1	Medium	2025-03-24
CVE-2025-30623	WordPress wA11y – The Web Accessibility Toolbox plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability — wA11y – The Web Accessibility Toolbox	5.9	Medium	2025-03-24
CVE-2025-30610	WordPress WP Social Widget plugin <= 2.2.7 - Cross Site Scripting (XSS) Vulnerability — WP Social Widget	6.5	Medium	2025-03-24
CVE-2025-30606	WordPress Easy Page Transition plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability — Easy Page Transition	5.9	Medium	2025-03-24
CVE-2025-30602	WordPress Related Posts via Categories plugin <= 2.1.2 - CSRF to Stored XSS vulnerability — Related Posts via Categories	7.1	High	2025-03-24
CVE-2025-30600	WordPress WP Hotjar plugin <= 0.0.3 - Cross Site Scripting (XSS) vulnerability — WP Hotjar	5.9	Medium	2025-03-24
CVE-2025-30599	WordPress WP Parallax Content Slider plugin <= 0.9.8 - Cross Site Scripting (XSS) vulnerability — WP Parallax Content Slider	5.9	Medium	2025-03-24
CVE-2025-30597	WordPress IG Shortcodes plugin <= 3.1 Cross Site Scripting (XSS) Vulnerability — IG Shortcodes	6.5	Medium	2025-03-24
CVE-2025-30595	WordPress include-file plugin <= 1 Cross Site Scripting (XSS) Vulnerability — include-file	6.5	Medium	2025-03-24
CVE-2025-30593	WordPress Include URL plugin <= 0.3.5 Cross Site Scripting (XSS) Vulnerability — Include URL	6.5	Medium	2025-03-24
CVE-2025-30574	WordPress Mobile Navigation plugin <= - 1.5 Cross Site Scripting (XSS) Vulnerability — Mobile Navigation	5.9	Medium	2025-03-24
CVE-2025-30575	WordPress Login Redirect plugin <= - 1.0.5 Cross Site Scripting (XSS) Vulnerability — Login Redirect	5.9	Medium	2025-03-24

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21546 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21546