Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21551

21551 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-1406 Newpost Catch <= 1.3.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via npc Shortcode — Newpost Catch 6.4 Medium2025-02-21
CVE-2025-1407 AMO Team Showcase <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via amoteam_skills Shortcode — AMO Team Showcase 6.4 Medium2025-02-21
CVE-2024-13672 Mini Course Generator | Embed mini-courses and interactive content <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting — Mini Course Generator | Embed mini-courses and interactive content 6.4 Medium2025-02-21
CVE-2024-13379 C9 Admin Dashboard <= 1.3.5 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload — C9 Admin Dashboard 6.4 Medium2025-02-21
CVE-2024-13388 TCBD Tooltip <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — TCBD Tooltip 6.4 Medium2025-02-21
CVE-2025-27088 Reflected Cross-site Scripting (XSS) in template implementation in oxyno-zeta/s3-proxy — s3-proxy 6.1 -2025-02-20
CVE-2025-25299 Cross-site scripting (XSS) in the real-time collaboration package — ckeditor5 6.1 -2025-02-20
CVE-2025-1039 Lenix Elementor Leads addon <= 1.8.2 - Unauthenticated Stored Cross-Site Scripting via URL Form Field — Lenix Leads Collector 7.2 High2025-02-20
CVE-2025-1328 Typed JS: A typewriter style animation <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via typespeed Parameter — Typed JS: A typewriter style animation 6.4 Medium2025-02-20
CVE-2024-13802 Bandsintown Events <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Bandsintown Events 6.4 Medium2025-02-20
CVE-2024-6432 Content Blocks (Custom Post Widget) <= 3.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via content Parameter — Content Blocks (Custom Post Widget) 6.4 Medium2025-02-20
CVE-2024-13849 Cookie Notice Bar <= 1.3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting — Cookie Notice Bar 5.5 Medium2025-02-20
CVE-2024-13748 Ultimate Classified Listings <= 1.4 Authenticated (Administrator+) Stored Cross-Site Scripting via Title Parameter — Ultimate Classified Listings 4.4 Medium2025-02-20
CVE-2025-0897 Modal Window <= 6.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via iframeBox Shortcode — Modal Window – create popup modal window 6.4 Medium2025-02-20
CVE-2025-1064 Login/Signup Popup ( Inline Form + Woocommerce ) <= 2.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via xoo_el_action Shortcode — Login & Register Customizer – Popup | Slider | Inline | WooCommerce 6.4 Medium2025-02-20
CVE-2024-13155 Unlimited Elements For Elementor (Free Widgets, Addons, Templates) <= 1.5.140 - Authenticated (Contributor+) Stored Cross-Site Scripting via Transparent Split Hero Widget — Unlimited Elements For Elementor 6.4 Medium2025-02-20
CVE-2024-13445 Elementor Website Builder – More Than Just a Page Builder <= 3.27.4 - Authenticated (Contributor+) Stored Cross-Site Scripting — Elementor Website Builder – more than just a page builder 6.4 Medium2025-02-20
CVE-2024-37360 Hitachi Vantara Pentaho Business Analytics Server - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') — Pentaho Data Integration & Analytics 4.4 Medium2025-02-19
CVE-2024-53974 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) — Adobe Experience Manager 5.4 Medium2025-02-19
CVE-2025-20211 Cisco BroadWorks Application Delivery Platform Software Cross-Site Scripting Vulnerability — Cisco BroadWorks 6.1 Medium2025-02-19
CVE-2024-28776 IBM Cognos Controller cross-site scripting — Cognos Controller 5.4 Medium2025-02-19
CVE-2025-0916 YaySMTP 2.4.9 - 2.6.2 - Unauthenticated Stored Cross-Site Scripting — YaySMTP and Email Logs: Amazon SES, SendGrid, Outlook, Mailgun, Brevo, Google and Any SMTP Service 7.2 High2025-02-19
CVE-2024-13363 Raptive Ads <= 3.6.3 - Reflected Cross-Site Scripting — Raptive Ads 6.1 Medium2025-02-19
CVE-2024-13679 Widget BUY.BOX <= 3.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting — Widget BUY.BOX 6.4 Medium2025-02-19
CVE-2024-13736 Pure Chat – Live Chat & More! <= 2.4 - Reflected Cross-Site Scripting via purechatWidgetName Parameter — Pure Chat – Live Chat & More! 6.1 Medium2025-02-19
CVE-2024-13591 Team Builder For WPBakery Page Builder(Formerly Visual Composer) <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Team Builder For WPBakery Page Builder(Formerly Visual Composer) 6.4 Medium2025-02-19
CVE-2024-13657 Store Locator Widget <= 2025r1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Store Locator Widget 6.4 Medium2025-02-19
CVE-2024-11753 UMich OIDC Login <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — UMich OIDC Login 6.4 Medium2025-02-19
CVE-2024-11778 CanadaHelps Embedded Donation <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — CanadaHelps Embedded Donation Form 6.4 Medium2025-02-19
CVE-2024-12339 Digihood HTML Sitemap <= 3.1.1 - Reflected Cross-Site Scripting via 'channel' — Digihood HTML Sitemap 6.1 Medium2025-02-19

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21551 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.