Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21546

21546 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-2325 WP Test Email <= 1.1.8 - Unauthenticated Stored Cross-Site Scripting — WP Test Email 7.2 High2025-03-15
CVE-2025-1773 Traveler <= 3.1.8 - Reflected Cross-Site Scripting — Travel Booking WordPress Theme 6.1 Medium2025-03-15
CVE-2025-2164 pixelstats <= 0.8.2 - Reflected Cross-Site Scripting — pixelstats 6.1 Medium2025-03-15
CVE-2025-2163 Zoorum Comments <= 0.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Zoorum Comments 6.1 Medium2025-03-15
CVE-2025-29782 WeGIA Cross-Site Scripting (XSS) Stored in endpoint `adicionar_tipo_docs_atendido.php` parameter `tipo` — WeGIA 5.4 -2025-03-14
CVE-2025-29771 HtmlSanitizer vulnerable to XSS when used with contentEditable — HtmlSanitizer 6.1 -2025-03-14
CVE-2024-12020 Reflected Cross-Site Scripting (XSS) — LogicalDOC Enterprise 6.1 -2025-03-14
CVE-2025-1888 Reflected Cross Site Scripting in Aperio Eslide Manager — Aperio Eslide Manager 4.6 Medium2025-03-14
CVE-2025-26626 GLPI Inventory Plugin vulnerable to reflective Cross-site Scripting — glpi-inventory-plugin 6.5 Medium2025-03-14
CVE-2024-26006 Fortinet FortiOS 安全漏洞 — FortiProxy 6.9 High2025-03-14
CVE-2025-1526 DethemeKit for Elementor <= 2.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting — DethemeKit for Elementor 6.4 Medium2025-03-14
CVE-2025-2166 CM FAQ – Simplify support with an intuitive FAQ management tool <= 1.2.5 - Reflected Cross-Site Scripting — CM FAQ – Simplify support with an intuitive FAQ management tool 6.1 Medium2025-03-14
CVE-2025-1503 WP Recipe Maker <= 9.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — WP Recipe Maker 6.4 Medium2025-03-13
CVE-2025-1561 AppPresser – Mobile App Framework <= 4.4.10 - Unauthenticated Stored Cross-Site Scripting — AppPresser – Mobile App Framework 7.2 High2025-03-13
CVE-2025-1559 CC-IMG-Shortcode <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — CC-IMG-Shortcode 6.4 Medium2025-03-13
CVE-2025-27867 Apache Felix HTTP Webconsole Plugin: XSS in HTTP Webconsole Plugin — Apache Felix HTTP Webconsole Plugin 6.1 -2025-03-12
CVE-2025-1527 ShopLentor – WooCommerce Builder for Elementor & Gutenberg +20 Modules – All in One Solution (formerly WooLentor) <= 3.1.0 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Flash Sale Countdown Module — ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin 6.4 Medium2025-03-12
CVE-2024-12589 Finale Lite – Sales Countdown Timer & Discount for WooCommerce <= 2.19.0 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Countdown Timer — Finale Lite – Sales Countdown Timer & Discount for WooCommerce 6.4 Medium2025-03-12
CVE-2025-2077 Simple Amazon Affiliate <= 1.0.9 - Reflected Cross-Site Scripting — Simple Amazon Affiliate 6.1 Medium2025-03-12
CVE-2025-2078 BlogBuzzTime-for-wp <= 1.1 - Authenticated (Admin+) Stored Cross-Site Scripting — BlogBuzzTime for WP 4.4 Medium2025-03-12
CVE-2025-2205 GDPR Cookie Compliance <= 4.15.6 - Authenticated (Admin+) Stored Cross-Site Scripting — GDPR Cookie Compliance – Cookie Banner, Cookie Consent, Cookie Notice for CCPA, EU Cookie Law 4.4 Medium2025-03-12
CVE-2025-2076 binlayerpress <= 1.1 - Authenticated (Admin+) Stored Cross-Site Scripting — binlayerpress 4.4 Medium2025-03-12
CVE-2025-2214 Microweber Settings index.php cross site scripting — Microweber 3.5 Low2025-03-11
CVE-2025-2213 Castlenet CBW383G2N Wireless Menu wlanPrimaryNetwork.asp cross site scripting — CBW383G2N 2.4 Low2025-03-11
CVE-2025-2212 Castlenet CBW383G2N RgSwInfo.asp cross site scripting — CBW383G2N 2.4 Low2025-03-11
CVE-2025-2211 aitangbao springboot-manager add cross site scripting — springboot-manager 2.4 Low2025-03-11
CVE-2025-2210 aitangbao springboot-manager add cross site scripting — springboot-manager 2.4 Low2025-03-11
CVE-2025-2209 aitangbao springboot-manager add cross site scripting — springboot-manager 2.4 Low2025-03-11
CVE-2025-28943 WordPress DP ALTerminator - Missing ALT manager Plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability — DP ALTerminator - Missing ALT manager 5.9 Medium2025-03-11
CVE-2025-28937 WordPress Lava Ajax Search plugin <= 1.1.9 - Cross Site Scripting (XSS) vulnerability — Lava Ajax Search 5.9 Medium2025-03-11

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21546 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.