Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21551

21551 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-13566 WP DataTable <= 0.2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter — WP DataTable 6.4 Medium2025-01-31
CVE-2024-13504 Shared Files – Frontend File Upload Form & Secure File Sharing <= 1.7.42 - Limited Unauthenticated Stored Cross-Site Scripting via File Upload — Shared Files – Frontend File Upload Form & Secure File Sharing 7.2 High2025-01-31
CVE-2024-11886 Contact Form and Calls To Action by vcita <= 2.7.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Contact Form and Calls To Action by vcita 6.4 Medium2025-01-31
CVE-2025-0809 Link Fixer <= 3.4 - Unauthenticated Stored Cross-Site Scripting — Link Fixer 7.2 High2025-01-31
CVE-2024-10867 Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg <= 1.6.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload — Borderless – Addons and Templates for Elementor 5.4 Medium2025-01-31
CVE-2025-0507 Ticketmeo – Sell Tickets – Event Ticketing <= 2.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Ticketmeo – Sell Tickets – Event Ticketing 6.4 Medium2025-01-31
CVE-2025-0470 Forminator <= 1.38.2 - Reflected Cross-Site Scripting via Title Parameter — Forminator Forms – Contact Form, Payment Form & Custom Form Builder 6.1 Medium2025-01-31
CVE-2024-13463 SeatReg <= 1.56.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — SeatReg 6.4 Medium2025-01-31
CVE-2024-13397 WPRadio – WordPress Radio Streaming Plugin <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting — WPRadio – WordPress Radio Streaming Plugin 6.4 Medium2025-01-31
CVE-2024-13396 Frictionless <= 0.0.23 - Authenticated (Contributor+) Stored Cross-Site Scripting — Frictionless 6.4 Medium2025-01-31
CVE-2024-13399 Gosign – Posts Slider Block <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Gosign – Posts Slider Block 6.4 Medium2025-01-31
CVE-2025-0871 Maybecms Add Article index.php cross site scripting — Maybecms 3.5 Low2025-01-30
CVE-2024-13349 Stockdio Historical Chart <= 2.8.18 - Authenticated (Contributor+) Stored Cross-Site Scripting — Stockdio Historical Chart 6.4 Medium2025-01-30
CVE-2024-13400 Kona Gallery Block <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting — Kona Gallery Block 6.4 Medium2025-01-30
CVE-2024-10847 Storely <= 18 - Authenticated (Contributor+) Stored Cross-Site Scripting — Storely 6.4 Medium2025-01-30
CVE-2024-13664 WP Post List Table <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — WP Post List Table 6.4 Medium2025-01-30
CVE-2024-12299 System Dashboard <= 2.8.17 - Reflected Cross-Site Scripting via Filename Parameter — System Dashboard 6.1 Medium2025-01-30
CVE-2024-12451 HTML5 chat <= 1.07 - Authenticated (Contributor+) Stored Cross-Site Scripting — HTML5 Chat 6.4 Medium2025-01-30
CVE-2024-12177 Ai Image Alt Text Generator for WP <= 1.0.6 - Reflected Cross-Site Scripting — Ai Image Alt Text Generator for WP 6.1 Medium2025-01-30
CVE-2024-13670 Music Sheet Viewer <= 4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Music Sheet Viewer 6.4 Medium2025-01-30
CVE-2024-12320 Team Rosters <= 4.7 - Reflected Cross-Site Scripting via 'tab' — Team Rosters 6.1 Medium2025-01-30
CVE-2024-13549 All Bootstrap Blocks <= 1.3.26 - Authenticated (Contributor+) Stored Cross-Site Scripting — All Bootstrap Blocks 6.4 Medium2025-01-30
CVE-2024-13460 WE – Testimonial Slider <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting — WE – Testimonial Slider 6.4 Medium2025-01-30
CVE-2024-13705 StageShow <= 9.8.6 - Reflected Cross-Site Scripting — StageShow 6.1 Medium2025-01-30
CVE-2024-12444 WP Dispensary <= 4.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — WP Dispensary 6.4 Medium2025-01-30
CVE-2024-13661 Table Editor <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Table Editor 6.4 Medium2025-01-30
CVE-2024-13700 Embed Swagger UI <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Embed Swagger UI 6.4 Medium2025-01-30
CVE-2025-0869 Cianet ONU GW24AC Login cross site scripting — ONU GW24AC 4.3 Medium2025-01-30
CVE-2024-13466 Automatically Hierarchic Categories in Menu <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting — Automatically Hierarchic Categories in Menu 6.4 Medium2025-01-30
CVE-2024-13380 Alex Reservations: Smart Restaurant Booking <= 2.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Alex Reservations: Smart Restaurant Booking 6.4 Medium2025-01-30

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21551 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.