Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21547

21547 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-13805 Advanced File Manager <= 5.2.14 - Authenticated (Subscriber+) Stored Cross-Site Scripting via SVG File Upload — Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution 6.4 Medium2025-03-07
CVE-2024-13431 Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin <= 1.6.8.3 - Reflected Cross-Site Scripting — Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin 6.1 Medium2025-03-07
CVE-2025-0863 Flexmls® IDX <= 3.14.27 - Authenticated (Contributor+) Stored Cross-Site Scripting — Flexmls® IDX Plugin 6.4 Medium2025-03-07
CVE-2024-12809 Wishlist <= 1.0.43 - Authenticated (Contributor+) Stored Cross-Site Scripting — Wishlist 6.4 Medium2025-03-07
CVE-2025-2061 code-projects Online Ticket Reservation System passenger.php cross site scripting — Online Ticket Reservation System 4.3 Medium2025-03-07
CVE-2025-27824 Backdrop CMS 跨站脚本漏洞 — Link iframe formatter 6.4 Medium2025-03-07
CVE-2025-27826 Backdrop CMS 跨站脚本漏洞 — Bootstrap Lite theme 6.4 Medium2025-03-07
CVE-2025-27825 Backdrop CMS 跨站脚本漏洞 — Bootstrap 5 Lite theme 6.4 Medium2025-03-07
CVE-2025-27823 Backdrop CMS 跨站脚本漏洞 — Mail Disguise 6.4 Medium2025-03-07
CVE-2025-2049 code-projects Blood Bank System AB+.php cross site scripting — Blood Bank System 3.5 Low2025-03-06
CVE-2025-2047 PHPGurukul Art Gallery Management System search.php cross site scripting — Art Gallery Management System 3.5 Low2025-03-06
CVE-2025-27506 NocoDB Vulnerable to Reflected Cross-Site Scripting on Reset Password Page — nocodb 5.4 Medium2025-03-06
CVE-2025-25191 Group-Office has a Stored XSS Vulnerability via user's name field — groupoffice 5.4 -2025-03-06
CVE-2025-0877 XSS in AtaksAPP's Reservation Management System — Reservation Management System 4.7 Medium2025-03-06
CVE-2024-13902 huang-yk student-manage Edit a Student Information Page cross site scripting — student-manage 2.4 Low2025-03-06
CVE-2025-1672 Notibar <= 2.1.5 - Authenticated (Administrator+) Stored Cross-Site Scripting — Notibar – Notification Bar for WordPress 5.5 Medium2025-03-06
CVE-2025-22623 Ad Inserter - Reflected cross-site scripting (XSS) — Ad Inserter 6.5 -2025-03-06
CVE-2025-20208 Cisco TelePresence Management Suite 跨站脚本漏洞 — Cisco TelePresence Management Suite (TMS) 4.6 Medium2025-03-05
CVE-2025-27412 REDAXO allows Authenticated Reflected Cross Site Scripting - packages installation — redaxo 6.1 Medium2025-03-05
CVE-2024-11731 Master Slider – Responsive Touch Slider <= 3.10.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via ms_slider Shortcode — Master Slider – Responsive Touch Slider 6.4 Medium2025-03-05
CVE-2024-12815 Point Maker <= 0.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting — Point Maker 6.4 Medium2025-03-05
CVE-2024-13839 Company Directory <= 4.3 - Reflected Cross-Site Scripting via add_query_arg Function — Staff Directory Plugin: Company Directory 6.1 Medium2025-03-05
CVE-2024-13757 Master Slider – Responsive Touch Slider <= 3.10.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via ms_layer Shortcode — Master Slider – Responsive Touch Slider 6.4 Medium2025-03-05
CVE-2024-5667 Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Featherlight.js JavaScript Library — WP Featherlight – A Simple jQuery Lightbox 6.4 Medium2025-03-05
CVE-2024-13779 Hero Mega Menu - Responsive WordPress Menu Plugin <= 1.16.5 - Reflected Cross-Site Scripting — Hero Mega Menu - Responsive WordPress Menu Plugin 6.1 Medium2025-03-05
CVE-2025-1008 Recently Purchased Products For Woo <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via view Parameter — Recently Purchased Products For Woo 6.4 Medium2025-03-05
CVE-2024-13866 Simple Notification <= 1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting — Simple Notification 6.4 Medium2025-03-05
CVE-2024-13350 SearchIQ – The Search Solution <= 4.7 - Authenticated (Contributor+) Stored Cross-Site Scripting — SearchIQ – The Search Solution 6.4 Medium2025-03-05
CVE-2024-13827 Razorpay Subscription Button Elementor Plugin <= 1.0.3 - Reflected Cross-Site Scripting via add_query_arg and remove_query_arg Functions — Razorpay Subscription Button Elementor Plugin 6.1 Medium2025-03-05
CVE-2025-1967 code-projects Blood Bank Management System donor.php cross site scripting — Blood Bank Management System 3.5 Low2025-03-05

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21547 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.