Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21550

21550 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-0475 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLab 8.7 High2025-03-03
CVE-2024-8186 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLab 5.4 Medium2025-03-03
CVE-2025-1842 FITSTATS Technologies AthleteMonitoring login.php cross site scripting — AthleteMonitoring 4.3 Medium2025-03-03
CVE-2025-1830 zj1983 zz Customer Information cross site scripting — zz 2.4 Low2025-03-02
CVE-2025-1817 Mini-Tmall Admin Name admin cross site scripting — Mini-Tmall 2.4 Low2025-03-02
CVE-2025-1810 Pixsoft Vivaz Login Endpoint servlet cross site scripting — Vivaz 4.3 Medium2025-03-02
CVE-2025-1491 WP Posts Carousel <= 1.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via auto_play_timeout Parameter — WP Posts Carousel 6.4 Medium2025-03-01
CVE-2025-1291 Gutenberg Blocks by Kadence Blocks <= 3.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'icon' — Kadence Blocks — Page Builder Toolkit for Gutenberg Editor 6.4 Medium2025-03-01
CVE-2025-1459 Page Builder by SiteOrigin <= 2.31.4 - Authenticated (Contributor+) Stored Cross-Site Scripting — Page Builder by SiteOrigin 6.4 Medium2025-03-01
CVE-2024-13901 Counter Box: Add Engaging Countdowns, Timers & Counters to Your WordPress Site <= 2.0.6 - Authenticated (Administrator+) DOM-Based Stored Cross-Site Scripting — Counter Box – Add Countdowns, Timers & Dynamic Counters to WordPress 4.4 Medium2025-03-01
CVE-2024-13559 TemplatesNext ToolKit <= 3.2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — TemplatesNext ToolKit 6.4 Medium2025-03-01
CVE-2024-9212 SKU Generator for WooCommerce <= 1.6.2 - Reflected Cross-Site Scripting — SKU Generator for WooCommerce 6.1 Medium2025-03-01
CVE-2025-0820 Clicface Trombi <= 2.08 - Authenticated (Contributor+) Stored Cross-Site Scripting via nom Parameter — Clicface Trombi 6.4 Medium2025-03-01
CVE-2024-9217 Currency Switcher for WooCommerce <= 2.16.2 - Reflected Cross-Site Scripting — Currency Switcher for WooCommerce 6.1 Medium2025-03-01
CVE-2025-20049 Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application Cross-site Scripting — Dario Application Database and Internet-based Server Infrastructure 5.8 Medium2025-02-28
CVE-2025-27400 Magento vulnerable to stored XSS in theme config fields — magento-lts 2.9 Low2025-02-28
CVE-2025-1776 Cross-Site Scripting (XSS) vulnerability in Soteshop — Soteshop 6.1 Medium2025-02-28
CVE-2025-1749 HTML injection vulnerability in OpenCart — OpenCart 4.7 Medium2025-02-28
CVE-2025-1748 HTML injection vulnerability in OpenCart — OpenCart 4.7 Medium2025-02-28
CVE-2025-1747 HTML injection vulnerability in OpenCart — OpenCart 4.7 Medium2025-02-28
CVE-2025-1746 Cross-Site Scripting vulnerability in OpenCart — OpenCart 6.1 Medium2025-02-28
CVE-2025-1319 Site Mailer <= 1.2.3 - Unauthenticated Stored Cross-Site Scripting — Site Mailer – SMTP Replacement, Email API Deliverability & Email Log 7.2 High2025-02-28
CVE-2025-22272 Self Reflected XSS in CyberArk Endpoint Privilege Manager — Endpoint Privilege Manager 8.2 -2025-02-28
CVE-2025-22270 Stored XSS in CyberArk Endpoint Privilege Manager — Endpoint Privilege Manager 4.8 -2025-02-28
CVE-2025-22491 Improper Input Validation in Foreseer Reporting Software (FRS) — Foreseer Reporting Software (FRS) 6.7 Medium2025-02-28
CVE-2024-13851 Modal Portfolio <= 1.7.4.2 - Authenticated (Administrator+) Stored Cross-Site Scripting — Modal Portfolio 5.5 Medium2025-02-28
CVE-2024-13469 Pricing Table by PickPlugins <= 1.12.10 - Authenticated (Contributor+) Stored Cross-Site Scripting — PickPlugins Pricing Table 6.4 Medium2025-02-28
CVE-2024-9019 SecuPress Free — WordPress Security <= 2.2.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via secupress_check_ban_ips_form Shortcode — SecuPress with Simple SSL – Simple and Performant Security 6.4 Medium2025-02-28
CVE-2025-1560 WOW Entrance Effects (WEE!) <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — WOW Entrance Effects (WEE!) 6.4 Medium2025-02-28
CVE-2025-1571 Exclusive Addons for Elementor <= 2.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Animated Text and Image Comparison Widgets — Exclusive Addons for Elementor 6.4 Medium2025-02-28

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21550 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.