Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21550

21550 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-1405 Product Catalog Simple <= 1.7.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via show_products Shortcode — Product Catalog Simple 6.4 Medium2025-02-28
CVE-2024-12820 MK Google Directions <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — MK Google Directions 6.4 Medium2025-02-28
CVE-2025-1513 Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons <= 26.0.0.1 - Unauthenticated Stored Cross-Site Scripting — Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe 7.2 High2025-02-28
CVE-2025-1511 User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.0.4 - Reflected Cross-Site Scripting — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder 6.1 Medium2025-02-28
CVE-2025-1505 Advanced AJAX Product Filters <= 1.6.8.1 - Reflected Cross-Site Scripting — Advanced AJAX Product Filters 6.1 Medium2025-02-28
CVE-2025-1757 WordPress Portfolio Builder – Portfolio Gallery <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — WordPress Portfolio Builder – Portfolio Gallery 6.4 Medium2025-02-28
CVE-2025-22624 FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry and Carousel 2.4.29 - Reflected cross-site scripting (XSS) — FooGallery - Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel 6.5 -2025-02-27
CVE-2025-1742 pihome-shc PiHome home.php cross site scripting — PiHome 4.3 Medium2025-02-27
CVE-2024-9285 Tu Yafeng Via Browser Javascript Bridge cross site scripting — Via Browser 4.3 Medium2025-02-27
CVE-2025-23687 WordPress Woo Store Mode plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability — Woo Store Mode 7.1 High2025-02-27
CVE-2024-13402 BuddyBoss Platform <= 2.7.70 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'link_title' — BuddyBoss Platform 6.4 Medium2025-02-27
CVE-2025-1450 Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button, WhatsApp – Chaty <= 3.3.5 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting — Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line Messenger, WeChat, Email, SMS, Call Button – Chaty 6.4 Medium2025-02-27
CVE-2024-13734 Card Elements for Elementor <= 1.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Profile Card Widget — Card Elements for Elementor 6.4 Medium2025-02-27
CVE-2025-1690 ThemeMakers Stripe Checkout <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — ThemeMakers Stripe Checkout 6.4 Medium2025-02-27
CVE-2024-5848 Reflected Cross-Site Scripting (XSS) in Multiple WSO2 Products Due to Improper Input Validation — WSO2 API Manager 6.1 Medium2025-02-27
CVE-2025-1689 ThemeMakers PayPal Express Checkout <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — ThemeMakers PayPal Express Checkout 6.4 Medium2025-02-27
CVE-2024-6261 Image Photo Gallery Final Tiles Grid <= 3.6.0 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting — Image Photo Gallery Final Tiles Grid 6.4 Medium2025-02-27
CVE-2025-0469 Forminator <= 1.39.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — Forminator Forms – Contact Form, Payment Form & Custom Form Builder 6.4 Medium2025-02-27
CVE-2025-20116 Cisco Application Policy Infrastructure Controller Stored Cross-Site Scripting Vulnerability — Cisco Application Policy Infrastructure Controller (APIC) 4.8 Medium2025-02-26
CVE-2025-0719 IBM Cloud Pak for Data cross-site scripting — Cloud Pak for Data 6.1 Medium2025-02-26
CVE-2024-6810 Quiz Organizer <= 2.9.1 - Authenticated (Administrator+) Stored Cross-Site Scripting — Quiz Organizer 4.4 Medium2025-02-26
CVE-2025-1517 Sina Extension for Elementor <= 3.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Fancy Text, Countdown Widget, and Login Form Shortcodes — Sina Extension for Elementor 6.4 Medium2025-02-26
CVE-2024-13803 Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates <= 5.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns 6.4 Medium2025-02-26
CVE-2025-27139 Combodo iTop vulnerable to stored self Cross-site Scripting in preferences — iTop 6.8 Medium2025-02-25
CVE-2025-21627 GLPI Cross-site Scripting vulnerability — glpi 6.5 Medium2025-02-25
CVE-2025-26993 WordPress Visual Website Collaboration Atarim plugin <= 4.1.0 - Reflected Cross Site Scripting (XSS) vulnerability — Atarim 7.1 High2025-02-25
CVE-2025-26991 WordPress WPPizza plugin <= 3.19.4 - Reflected Cross Site Scripting (XSS) vulnerability — WPPizza 7.1 High2025-02-25
CVE-2025-26980 WordPress Wired Impact Volunteer Management plugin <= 2.5 - Stored Cross Site Scripting (XSS) vulnerability — Wired Impact Volunteer Management 6.5 Medium2025-02-25
CVE-2025-26981 WordPress Web Accessibility By accessiBe plugin <= 2.5 - Reflected Cross Site Scripting (XSS) vulnerability — Web Accessibility By accessiBe 7.1 High2025-02-25
CVE-2025-26962 WordPress Contact Form Plugin plugin <= 1.1.25 - Cross Site Scripting (XSS) vulnerability — Easy Contact Form Lite 6.5 Medium2025-02-25

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21550 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.