CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21551

21551 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-22631	WordPress Marketing Automation Plugin <= 1.2.6.8 - Reflected Cross Site Scripting (XSS) vulnerability — Marketing Automation	7.1	High	2025-02-23
CVE-2025-1592	SourceCodester Best Employee Management System Add Role Page Role.php cross site scripting — Best Employee Management System	2.4	Low	2025-02-23
CVE-2025-1591	SourceCodester Employee Management System Department Page department.php cross site scripting — Employee Management System	2.4	Low	2025-02-23
CVE-2025-1589	SourceCodester E-Learning System User Registration register.php cross site scripting — E-Learning System	4.3	Medium	2025-02-23
CVE-2025-1467	tarteaucitron.js 安全漏洞 — tarteaucitronjs	6.1	Medium	2025-02-23
CVE-2025-1586	code-projects Blood Bank System A-.php cross site scripting — Blood Bank System	3.5	Low	2025-02-23
CVE-2025-1585	otale header.html OptionsService cross site scripting — tale	2.4	Low	2025-02-23
CVE-2025-1579	code-projects Blood Bank System user.php cross site scripting — Blood Bank System	2.4	Low	2025-02-23
CVE-2025-1577	code-projects Blood Bank System prostatus.php cross site scripting — Blood Bank System	3.5	Low	2025-02-23
CVE-2024-13728	Accept Donations with PayPal & Stripe <= 1.4.4 - Reflected Cross-Site Scripting — Accept Donations with PayPal & Stripe	6.1	Medium	2025-02-23
CVE-2025-26774	WordPress Responsive Modal Builder for High Conversion – Easy Popups plugin <= 1.5.0 - Cross Site Scripting (XSS) vulnerability — Responsive Modal Builder for High Conversion – Easy Popups	7.1	High	2025-02-22
CVE-2025-26756	WordPress Magic the Gathering Card Tooltips plugin <= 3.5.0 - Cross Site Scripting (XSS) vulnerability — Magic the Gathering Card Tooltips	7.1	High	2025-02-22
CVE-2025-26973	WordPress Social Warfare Plugin <= 4.5.5 - Cross Site Scripting (XSS) vulnerability — Social Warfare	6.5	Medium	2025-02-22
CVE-2025-0957	Vulnerability: SMTP for Amazon SES <= 1.8 - Unauthenticated Stored Cross-Site Scripting via Email Logs — SMTP for Amazon SES – YaySMTP	7.2	High	2025-02-22
CVE-2025-0953	SMTP for Sendinblue – YaySMTP <= 1.2 - Unauthenticated Stored Cross-Site Scripting via Email Logs — SMTP for Sendinblue – YaySMTP	7.2	High	2025-02-22
CVE-2025-0918	SMTP for SendGrid – YaySMTP <= 1.4 - Unauthenticated Stored Cross-Site Scripting via Email Logs — SMTP for SendGrid – YaySMTP	7.2	High	2025-02-22
CVE-2025-1553	pankajindevops scale project cross site scripting — scale	3.5	Low	2025-02-22
CVE-2024-13564	Rife Elementor Extensions & Templates <= 1.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Writing Effect Headline Shortcode — Rife Extensions & Templates for Elementor	6.4	Medium	2025-02-22
CVE-2024-12038	Frontend Content Forms for User Submissions (UGC) <= 2.8.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'buddyforms_nav' Shortcode — Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC)	6.4	Medium	2025-02-22
CVE-2024-12467	Pago por Redsys <= 1.0.12 - Reflected Cross-Site Scripting — Pago por Redsys	6.1	Medium	2025-02-22
CVE-2025-27108	Cross-site Scripting vulnerability due to improper use of string.replace in dom-expressions — dom-expressions	7.3	High	2025-02-21
CVE-2025-1548	iteachyou Dreamer CMS edit cross site scripting — Dreamer CMS	3.5	Low	2025-02-21
CVE-2024-10222	SVG Support <= 2.5.10 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload — SVG Support	6.4	Medium	2025-02-21
CVE-2025-1489	WP-Appbox <= 4.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via appbox Shortcode — WP-Appbox	6.4	Medium	2025-02-21
CVE-2024-13455	igumbi Online Booking <= 1.40 - Authenticated (Contributor+) Stored Cross-Site Scripting — igumbi Online Booking	6.4	Medium	2025-02-21
CVE-2024-12452	Ziggeo <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Ziggeo	6.4	Medium	2025-02-21
CVE-2024-13648	Maps for WP <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting — Maps for WP	6.4	Medium	2025-02-21
CVE-2024-13461	Autoship Cloud for WooCommerce Subscription Products <= 2.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Autoship Cloud for WooCommerce Subscription Products	6.4	Medium	2025-02-21
CVE-2025-1410	Events Calendar Made Simple – Pie Calendar <= 1.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via piecal Shortcode — Pie Calendar – Events Calendar Made Simple	6.4	Medium	2025-02-21
CVE-2024-13751	3D Photo Gallery <= 1.3 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting — 3D Photo Gallery	6.4	Medium	2025-02-21

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21551 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21551