Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21551

21551 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-0450 Betheme <= 27.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom JS — Betheme 6.4 Medium2025-01-21
CVE-2024-13404 Link Library <= 7.7.2 - Reflected Cross-Site Scripting — Link Library 6.1 Medium2025-01-21
CVE-2025-0371 Jet Elements <= 2.7.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets — JetElements 6.4 Medium2025-01-21
CVE-2025-22131 Cross-Site Scripting (XSS) vulnerability in generateNavigation() function — PhpSpreadsheet 6.1 -2025-01-20
CVE-2025-0581 CampCodes School Management Software Chat History send cross site scripting — School Management Software 3.5 Low2025-01-20
CVE-2025-0583 aEnrich Technology a+HRD - Reflected Cross-site Scripting(XSS) — a+HRD 6.1 Medium2025-01-20
CVE-2025-0578 Facile Sistemas Cloud Apps Password Reset forgotpassword cross site scripting — Cloud Apps 3.5 Low2025-01-20
CVE-2025-0576 Mobotix M15 player cross site scripting — M15 4.3 Medium2025-01-19
CVE-2024-8722 WP All Import Pro <= 4.9.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via SVG File Upload — WP All Import Pro 5.5 Medium2025-01-19
CVE-2025-0560 CampCodes School Management Software Photo Gallery Page photo-gallery cross site scripting — School Management Software 2.4 Low2025-01-18
CVE-2025-0559 Campcodes School Management Software Create Id Card Page create-id-card cross site scripting — School Management Software 2.4 Low2025-01-18
CVE-2025-0557 Hyland Alfresco Community Edition URL s cross site scripting — Alfresco Community Edition 4.3 Medium2025-01-18
CVE-2024-13392 Rate Star Review Vote – AJAX Reviews, Votes, Star Ratings <= 1.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — Rate Star Review Vote – AJAX Reviews, Votes, Star Ratings 6.4 Medium2025-01-18
CVE-2024-13393 Video Share VOD – Turnkey Video Site Builder Script <= 2.6.31 - Authenticated (Contributor+) Stored Cross-Site Scripting — Video Share VOD – Turnkey Video Site Builder Script 6.4 Medium2025-01-18
CVE-2024-13433 Utilities for MTG <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Utilities for MTG 6.4 Medium2025-01-18
CVE-2025-0369 Jet Engine <= 3.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via list_tag Parameter — JetEngine 6.4 Medium2025-01-18
CVE-2024-12696 Picture Gallery – Frontend Image Uploads, AJAX Photo List <= 1.5.22 - Authenticated (Contributor+) Stored Cross-Site Scripting via videowhisper_picture_upload_guest Shortcode — Picture Gallery – Frontend Image Uploads, AJAX Photo List 6.4 Medium2025-01-18
CVE-2024-13385 JSM Screenshot Machine Shortcode <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — JSM Screenshot Machine Shortcode 6.4 Medium2025-01-18
CVE-2024-13517 Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) <= 3.3.2 - Authenticated (Admin+) Stored Cross-Site Scripting via Title — Easy Digital Downloads – eCommerce Payments and Subscriptions made easy 4.4 Medium2025-01-18
CVE-2024-13519 MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution <= 1.9.80 - Authenticated (Shop Manager+) Stored Cross-Site Scripting — MarketKing — Ultimate WooCommerce Multivendor Marketplace Solution 4.4 Medium2025-01-18
CVE-2024-13391 MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Tokens Wallet <= 2.9.29 - Authenticated (Contributor+) Stored Cross-Site Scripting — MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Wallet 6.4 Medium2025-01-18
CVE-2024-13516 Kubio AI Page Builder <= 2.3.5 - Reflected Cross-Site Scripting — Kubio AI Page Builder 6.1 Medium2025-01-18
CVE-2024-13515 Image Source Control Lite – Show Image Credits and Captions <= 2.28.0 - Reflected Cross-Site Scripting — Image Source Control Lite – Show Image Credits and Captions 6.1 Medium2025-01-18
CVE-2025-0554 Podlove Podcast Publisher <= 4.1.25 - Authenticated (Admin+) Stored Cross-Site Scripting via Feed Name — Podlove Podcast Publisher 4.4 Medium2025-01-18
CVE-2025-0538 code-projects Tourism Management System manage-pages.php cross site scripting — Tourism Management System 3.5 Low2025-01-17
CVE-2025-23039 Cross Site Scripting on URL decode Tooltip in Caido — caido 5.2 Medium2025-01-17
CVE-2025-0537 code-projects Car Rental Management System manage-pages.php cross site scripting — Car Rental Management System 2.4 Low2025-01-17
CVE-2024-26154 ETIC Telecom Remote Access Server (RAS) Cross-site Scripting — Remote Access Server (RAS) 4.8 Medium2025-01-17
CVE-2024-26157 ETIC Telecom Remote Access Server (RAS) Cross-site Scripting — Remote Access Server (RAS) 6.1 Medium2025-01-17
CVE-2024-26156 ETIC Telecom Remote Access Server (RAS) Cross-site Scripting — Remote Access Server (RAS) 4.8 Medium2025-01-17

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21551 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.