CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21551

21551 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-26761	WordPress Easy Elementor Addons plugin <= 2.1.5 - Cross Site Scripting (XSS) vulnerability — Easy Elementor Addons	6.5	Medium	2025-02-16
CVE-2025-22689	WordPress Forex Calculators plugin <= 1.3.6 - Cross Site Scripting (XSS) vulnerability — Forex Calculators	6.5	Medium	2025-02-16
CVE-2025-23975	WordPress Botnet Attack Blocker plugin <= 2.0.0 - Cross Site Scripting (XSS) vulnerability — Botnet Attack Blocker	6.5	Medium	2025-02-16
CVE-2025-22286	WordPress LTL Freight Quotes – Worldwide Express Edition plugin <= 5.0.21 - Reflected Cross Site Scripting (XSS) vulnerability — LTL Freight Quotes – Worldwide Express Edition	7.1	High	2025-02-16
CVE-2025-22676	WordPress Upcasted S3 Offload plugin <= 3.0.3 - Cross Site Scripting (XSS) vulnerability — AWS S3 for WordPress Plugin – Upcasted	6.5	Medium	2025-02-16
CVE-2025-22680	WordPress Ad Inserter Pro plugin <= 2.7.39 - Reflected Cross Site Scripting (XSS) vulnerability — Ad Inserter Pro	7.1	High	2025-02-16
CVE-2025-22284	WordPress LTL Freight Quotes – Unishippers Edition plugin <= 2.5.8 - Reflected Cross Site Scripting (XSS) vulnerability — LTL Freight Quotes – Unishippers Edition	7.1	High	2025-02-16
CVE-2024-44044	WordPress Oshine Modules plugin < 3.3.8 - Reflected Cross Site Scripting (XSS) vulnerability — Oshine Modules	7.1	High	2025-02-16
CVE-2025-1360	Internet Web Solutions Sublime CRM HTTP POST Request inicio.php cross site scripting — Sublime CRM	3.5	Low	2025-02-16
CVE-2025-1359	SIAM Industria de Automação e Monitoramento qrcode.jsp cross site scripting — SIAM	4.3	Medium	2025-02-16
CVE-2025-1354	ASUS RT-N12E 代码注入漏洞 — RT-N12E	6.1	-	2025-02-16
CVE-2025-1337	Eastnets PaymentSafe BIC Search cross site scripting — PaymentSafe	3.5	Low	2025-02-16
CVE-2025-1332	FastCMS Template Menu menu cross site scripting — FastCMS	2.4	Low	2025-02-16
CVE-2025-1005	ElementsKit Elementor addons <= 3.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion Widget — ElementsKit Elementor Addons – Advanced Widgets & Templates Addons for Elementor	6.4	Medium	2025-02-15
CVE-2024-13563	Front End Users <= 3.2.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via forgot-password Shortcode — Front End Users	6.4	Medium	2025-02-15
CVE-2025-25304	Vega allows Cross-site Scripting via the vlSelectionTuples function — vega	6.1	-	2025-02-14
CVE-2025-25296	Label Studio allows Cross-Site Scripting (XSS) via GET request to `/projects/upload-example` endpoint — label-studio	6.1	Medium	2025-02-14
CVE-2024-56463	IBM QRadar SIEM cross-site scripting — QRadar SIEM	4.8	Medium	2025-02-14
CVE-2025-1239	WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Blocked Sites List — Fireware OS	4.8	-	2025-02-14
CVE-2025-1071	WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in spamBlocker Module — Fireware OS	4.8	-	2025-02-14
CVE-2025-23905	WordPress Admin Options Pages plugin <= 0.9.7 - Reflected Cross Site Scripting (XSS) vulnerability — Admin Options Pages	7.1	High	2025-02-14
CVE-2025-24688	WordPress WP Mailster Plugin <= 1.8.20.0 - Reflected Cross Site Scripting (XSS) vulnerability — WP Mailster	7.1	High	2025-02-14
CVE-2025-24700	WordPress WP Event Aggregator Plugin <= 1.8.2 - Reflected Cross Site Scripting (XSS) vulnerability — WP Event Aggregator	7.1	High	2025-02-14
CVE-2025-24641	WordPress Better WishList API plugin <= 1.1.3 - Stored Cross Site Scripting (XSS) vulnerability — Better WishList API	7.1	High	2025-02-14
CVE-2025-24614	WordPress Post Timeline Plugin <= 2.3.9 - Reflected Cross Site Scripting (XSS) vulnerability — Post Timeline	7.1	High	2025-02-14
CVE-2025-24616	WordPress Uix Page Builder Plugin <= 1.7.3 - Reflected Cross Site Scripting (XSS) vulnerability — Uix Page Builder	7.1	High	2025-02-14
CVE-2025-24592	WordPress SysBasics Customize My Account for WooCommerce plugin <= 2.8.22 - Reflected Cross Site Scripting (XSS) vulnerability — Customize My Account for WooCommerce	7.1	High	2025-02-14
CVE-2025-24617	WordPress AcyMailing Plugin < 9.11.1 - Reflected Cross Site Scripting (XSS) vulnerability — AcyMailing SMTP Newsletter	7.1	High	2025-02-14
CVE-2025-24615	WordPress Analytics Cat Plugin <= 1.1.2 - Reflected Cross Site Scripting (XSS) vulnerability — Analytics Cat	7.1	High	2025-02-14
CVE-2025-24554	WordPress AWcode Toolkit plugin <= 1.0.14 - Reflected Cross Site Scripting (XSS) vulnerability — AWcode Toolkit	7.1	High	2025-02-14

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21551 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21551