Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21551

21551 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-0530 code-projects Job Recruitment _feedback_system.php cross site scripting — Job Recruitment 3.5 Low2025-01-17
CVE-2024-13378 GravityForms 2.9.0.1 - 2.9.1.3 - Unauthenticated Stored Cross-Site Scripting via 'style_settings' parameter — Gravity Forms 5.4 Medium2025-01-17
CVE-2024-13377 GravityForms <= 2.9.1.3 - Unauthenticated Stored Cross-Site Scripting via 'alt' parameter — Gravity Forms 7.2 High2025-01-17
CVE-2024-12203 RSS Icon Widget <= 5.2 - Authenticated (Administrator+) Stored Cross-Site Scripting — RSS Icon Widget 4.4 Medium2025-01-17
CVE-2024-12598 MyBookProgress by Stormhill Media <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via book Parameter — MyBookProgress by Stormhill Media 6.4 Medium2025-01-17
CVE-2024-12466 Proofreading <= 1.2.1.1 - Reflected Cross-Site Scripting — Proofreading 6.1 Medium2025-01-17
CVE-2024-13386 quote-posttype-plugin <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — quote-posttype-plugin 6.4 Medium2025-01-17
CVE-2024-13366 Sandbox <= 0.4 - Reflected Cross-Site Scripting — Sandbox 6.1 Medium2025-01-17
CVE-2024-12508 Glofox Shortcodes <= 2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting — Glofox Shortcodes 6.4 Medium2025-01-17
CVE-2024-13434 WP Inventory Manager <= 2.3.2 - Reflected Cross-Site Scripting — WP Inventory Manager 6.1 Medium2025-01-17
CVE-2024-13398 Checkout for PayPal <= 1.0.32 - Authenticated (Contributor+) Stored Cross-Site Scripting — Checkout for PayPal 6.4 Medium2025-01-17
CVE-2024-13401 Payment Button for PayPal <= 1.2.3.35 - Authenticated (Contributor+) Stored Cross-Site Scripting — Payment Button for PayPal 6.4 Medium2025-01-17
CVE-2024-56144 Stored XSS-LibreNMS-Display Name 2 in librenms — librenms 4.6 Medium2025-01-16
CVE-2025-23198 Stored-XSS-LibreNMS-Display-Name in librenms — librenms 4.6 Medium2025-01-16
CVE-2025-23199 Stored XSS-LibreNMS-Ports in librenms — librenms 4.6 Medium2025-01-16
CVE-2025-23200 Stored XSS-LibreNMS-Misc Section in librenms — librenms 4.6 Medium2025-01-16
CVE-2025-23201 Reflected Cross-site Scripting on error alert in librenms — librenms 5.4 Medium2025-01-16
CVE-2025-23907 WordPress SOCIAL.NINJA plugin <= 0.2 - Cross Site Scripting (XSS) vulnerability — SOCIAL.NINJA 6.5 Medium2025-01-16
CVE-2025-23816 WordPress Metaphor Widgets plugin <= 2.4 - Stored Cross Site Scripting (XSS) vulnerability — Metaphor Widgets 6.5 Medium2025-01-16
CVE-2025-23760 WordPress Chatter plugin <= 1.0.1 - CSRF to Stored XSS vulnerability — Chatter 7.1 High2025-01-16
CVE-2025-23965 WordPress Kopa Nictitate Toolkit plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability — Kopa Nictitate Toolkit 6.5 Medium2025-01-16
CVE-2025-23939 WordPress Image Switcher plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability — Image Switcher 6.5 Medium2025-01-16
CVE-2025-23950 WordPress EZPlayer plugin <= 1.0.10 - Cross Site Scripting (XSS) vulnerability — EZPlayer 6.5 Medium2025-01-16
CVE-2025-23943 WordPress PDF.js Shortcode plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability — PDF.js Shortcode 6.5 Medium2025-01-16
CVE-2025-23946 WordPress Enhanced YouTube Shortcode plugin <= 2.0.1 - Cross Site Scripting (XSS) vulnerability — Enhanced YouTube Shortcode 6.5 Medium2025-01-16
CVE-2025-23951 WordPress Gallery: Hybrid – Advanced Visual Gallery plugin <= 1.4.0.2 - Cross Site Scripting (XSS) vulnerability — Gallery: Hybrid – Advanced Visual Gallery 6.5 Medium2025-01-16
CVE-2025-23941 WordPress MeinTurnierplan.de Widget Viewer plugin <= 1.1 - Cross Site Scripting (XSS) vulnerability — MeinTurnierplan.de Widget Viewer 6.5 Medium2025-01-16
CVE-2025-23947 WordPress WP-Player plugin <= 2.6.1 - Cross Site Scripting (XSS) vulnerability — WP-Player 6.5 Medium2025-01-16
CVE-2025-23934 WordPress Giveaways and Contests by PromoSimple plugin <= 1.24 - Cross Site Scripting (XSS) vulnerability — Giveaways and Contests by PromoSimple 6.5 Medium2025-01-16
CVE-2025-23940 WordPress jupdf pdf viewer plugin <= 0.1.1 - Cross Site Scripting (XSS) vulnerability — Image Switcher 6.5 Medium2025-01-16

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21551 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.