Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21551

21551 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-23571 WordPress Internal Links Generator plugin <= 3.51 - Reflected Cross Site Scripting (XSS) vulnerability — Internal Links Generator 7.1 High2025-02-14
CVE-2025-23568 WordPress WP Login Attempt Log plugin <= 1.3 - Reflected Cross Site Scripting (XSS) vulnerability — WP Login Attempt Log 7.1 High2025-02-14
CVE-2025-23474 WordPress Live Dashboard plugin <= 0.3.3 - Reflected Cross Site Scripting (XSS) vulnerability — Live Dashboard 7.1 High2025-02-14
CVE-2025-23431 WordPress Envato Affiliater plugin <= 1.2.4 - Reflected Cross Site Scripting (XSS) vulnerability — Envato Affiliater 7.1 High2025-02-14
CVE-2025-23428 WordPress QMean plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability — QMean – WordPress Did You Mean 7.1 High2025-02-14
CVE-2024-13735 HurryTimer <= 2.11.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Campaign Name — HurryTimer – An Scarcity and Urgency Countdown Timer for WordPress & WooCommerce 6.4 Medium2025-02-14
CVE-2024-9601 Qubely – Advanced Gutenberg Blocks <= 1.8.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'align' and 'UniqueID' — Qubely – Advanced Gutenberg Blocks 6.5 Medium2025-02-14
CVE-2025-26791 DOMPurify 安全漏洞 — DOMPurify 4.5 Medium2025-02-14
CVE-2025-25287 Lakeus vulnerable to stored XSS via system messages — mediawiki-skins-Lakeus 4.7 Medium2025-02-13
CVE-2025-26538 WordPress Prezi Embedder plugin <= 2.1 - Stored Cross Site Scripting (XSS) vulnerability — Prezi Embedder 6.5 Medium2025-02-13
CVE-2025-26539 WordPress Embed Google Map plugin <= 3.2 - Cross Site Scripting (XSS) vulnerability — Embed Google Map 6.5 Medium2025-02-13
CVE-2025-26574 WordPress Google Drive WP Media plugin <= 2.4.4 - Cross Site Scripting (XSS) vulnerability — Google Drive WP Media 6.5 Medium2025-02-13
CVE-2025-26567 WordPress Font Awesome WP plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability — Font Awesome WP 6.5 Medium2025-02-13
CVE-2025-26561 WordPress Elfsight Yottie Lite Plugin <= 1.3.3 - Cross Site Scripting (XSS) vulnerability — Elfsight Yottie Lite 5.9 Medium2025-02-13
CVE-2025-26552 WordPress Naver Syndication V2 plugin <= 0.8.3 - CSRF to Stored Cross-Site Scripting vulnerability — Naver Syndication V2 7.1 High2025-02-13
CVE-2025-26558 WordPress Aparat Responsive plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability — Aparat Responsive 6.5 Medium2025-02-13
CVE-2025-26551 WordPress Bootstrap collapse plugin <= 1.0.4 - CSRF to Stored Cross-Site Scripting vulnerability — Bootstrap collapse 7.1 High2025-02-13
CVE-2025-1271 Reflected Cross-Site Scripting (XSS) vulnerability in H6Web — H6Web 6.1 Medium2025-02-13
CVE-2024-13867 Listivo - Classified Ads WordPress Theme <= 2.3.67 - Reflected Cross-Site Scripting — Listivo - Classified Ads WordPress Theme 6.1 Medium2025-02-13
CVE-2025-0837 Puzzles <= 4.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Puzzles | WP Magazine / Review with Store WordPress Theme + RTL 6.4 Medium2025-02-13
CVE-2024-13227 Rank Math SEO – AI SEO Tools to Dominate SEO Rankings <= 1.0.235 - Authenticated (Contributor+) Stored Cross-Site Scripting via Rank Math API — Rank Math SEO – AI SEO Tools to Dominate SEO Rankings 6.4 Medium2025-02-13
CVE-2024-13644 DethemeKit For Elementor <= 2.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via De Gallery Widget — DethemeKit for Elementor 6.4 Medium2025-02-13
CVE-2025-1213 pihome-shc PiHome index.php cross site scripting — PiHome 3.5 Low2025-02-12
CVE-2025-1209 code-projects Wazifa System search_resualts.php searchuser cross site scripting — Wazifa System 3.5 Low2025-02-12
CVE-2025-1208 code-projects Wazifa System Profile.php cross site scripting — Wazifa System 3.5 Low2025-02-12
CVE-2025-0376 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLab 8.7 High2025-02-12
CVE-2024-10322 Brizy – Page Builder <= 2.6.8 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload — Brizy – Page Builder 6.4 Medium2025-02-12
CVE-2025-1196 code-projects Real Estate Property Management System search.php cross site scripting — Real Estate Property Management System 3.5 Low2025-02-12
CVE-2025-1195 code-projects Real Estate Property Management System EditCategory cross site scripting — Real Estate Property Management System 3.5 Low2025-02-12
CVE-2025-0511 Welcart e-Commerce <= 2.11.9 - Unauthenticated Stored Cross-Site Scripting via name Parameter — Welcart e-Commerce 7.2 High2025-02-12

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21551 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.