Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21546

21546 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-10719 Stored Cross-site Scripting (XSS) in phpipam/phpipam — phpipam/phpipam 5.4 -2025-03-20
CVE-2024-4023 Stored XSS in flatpressblog/flatpress — flatpressblog/flatpress 5.4 -2025-03-20
CVE-2024-9699 Cross-Site Scripting (XSS) in flatpressblog/flatpress — flatpressblog/flatpress 5.4 -2025-03-20
CVE-2024-10724 Stored XSS in IPV6 Section in phpipam/phpipam — phpipam/phpipam 5.4 -2025-03-20
CVE-2024-10723 Stored XSS in phpipam/phpipam — phpipam/phpipam 5.4 -2025-03-20
CVE-2024-8029 Stored XSS in imartinez/privategpt — imartinez/privategpt 6.1 -2025-03-20
CVE-2024-10725 Stored Cross-site Scripting (XSS) in phpipam/phpipam — phpipam/phpipam 5.4 -2025-03-20
CVE-2024-9900 Cross-Site Scripting (XSS) in mudler/localai — mudler/localai 6.1 -2025-03-20
CVE-2024-11824 Stored XSS in langgenius/dify — langgenius/dify 5.4 -2025-03-20
CVE-2024-7990 Stored Cross-Site Scripting in open-webui/open-webui — open-webui/open-webui 5.4 -2025-03-20
CVE-2024-12374 Stored XSS in automatic1111/stable-diffusion-webui — automatic1111/stable-diffusion-webui 5.4 -2025-03-20
CVE-2024-11441 Stored XSS in Serge in serge-chat/serge — serge-chat/serge 5.4 -2025-03-20
CVE-2025-2108 140+ Widgets | Xpro Addons For Elementor – FREE <= 1.4.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'Site Title' widget — Xpro Addons — 140+ Widgets for Elementor 6.4 Medium2025-03-20
CVE-2025-27705 Absolute Secure Access 安全漏洞 — Secure Access 4.8 -2025-03-19
CVE-2025-27704 Absolute Secure Access 安全漏洞 — Secure Access 4.8 -2025-03-19
CVE-2025-2536 Liferay Portal 跨站脚本漏洞 — Portal 6.1 -2025-03-19
CVE-2024-53967 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) — Adobe Experience Manager 5.4 Medium2025-03-19
CVE-2024-53968 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) — Adobe Experience Manager 5.4 Medium2025-03-19
CVE-2024-53969 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) — Adobe Experience Manager 5.4 Medium2025-03-19
CVE-2024-53970 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) — Adobe Experience Manager 5.4 Medium2025-03-19
CVE-2025-29790 Contao allows cross-site scripting through SVG uploads — contao 4.6 -2025-03-18
CVE-2025-2491 Dromara ujcms Edit Template File Page WebFileTemplateController.java update cross site scripting — ujcms 2.4 Low2025-03-18
CVE-2025-2490 Dromara ujcms File Upload WebFileUploadController.java upload cross site scripting — ujcms 2.4 Low2025-03-18
CVE-2025-2495 Stored Cross-Site Scripting (XSS) vulnerability in Softdial Contact Center — Softdial Contact Center 5.4 -2025-03-18
CVE-2025-0833 Stored Cross-site Scripting (XSS) vulnerability affecting Route Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2024x — ENOVIA Collaborative Industry Innovator 8.7 High2025-03-17
CVE-2025-0832 Stored Cross-site Scripting (XSS) vulnerability affecting Project Gantt in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x — ENOVIA Collaborative Industry Innovator 8.7 High2025-03-17
CVE-2025-0830 Stored Cross-site Scripting (XSS) vulnerability affecting Meeting Management in ENOVIA Change Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x — ENOVIA Change Manager 8.7 High2025-03-17
CVE-2025-0829 Stored Cross-site Scripting (XSS) vulnerability affecting 3D Markup in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x — ENOVIA Collaborative Industry Innovator 8.7 High2025-03-17
CVE-2025-0828 Stored Cross-site Scripting (XSS) vulnerability affecting Engineering Release in ENOVIA Product Engineering Specialist from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x — ENOVIA Product Engineering Specialist 8.7 High2025-03-17
CVE-2025-0827 Stored Cross-site Scripting (XSS) vulnerability affecting 3DPlay in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x — 3DSwymer 8.7 High2025-03-17

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21546 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.