Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21551

21551 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-12423 Contact Form 7 Redirect & Thank You Page <= 1.0.7 - Reflected Cross-Site Scripting — Business Essentials for Contact Form 7 6.1 Medium2025-01-15
CVE-2024-12403 Image Gallery – Responsive Photo Gallery <= 1.0.5 - Reflected Cross-Site Scripting — Awesome Responsive Photo Gallery – Image & Video Lightbox Gallery 6.1 Medium2025-01-15
CVE-2025-0354 NEC Aterm多款产品 跨站脚本漏洞 — WG2600HS 4.8 Medium2025-01-15
CVE-2024-11870 Event Registration Calendar By vcita <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Event Registration Calendar By vcita 6.4 Medium2025-01-15
CVE-2024-13394 ViewMedica 9 <= 1.4.18 - Authenticated (Contributor+) Stored Cross-Site Scripting — ViewMedica 9 6.4 Medium2025-01-15
CVE-2024-13334 Car Demon <= 1.8.1 - Reflected Cross-Site Scripting — Car Demon 6.1 Medium2025-01-15
CVE-2024-53277 Cross-site Scripting in form messages in silverstripe framework — silverstripe-framework 5.4 Medium2025-01-14
CVE-2024-47605 Cross-site Scripting via insert media remote file oembed in silverstripe-asset-admin — silverstripe-asset-admin 5.4 Medium2025-01-14
CVE-2024-54142 Cross-site Scripting via Discourse-ai SharedAiConversation onebox in Discourse — discourse-ai 9.1 Critical2025-01-14
CVE-2025-23072 XSS in Special:RefreshSpecial — Mediawiki - RefreshSpecial Extension 6.1 -2025-01-14
CVE-2025-21393 Microsoft SharePoint Server Spoofing Vulnerability — Microsoft SharePoint Enterprise Server 2016 6.3 Medium2025-01-14
CVE-2025-23366 Org.jboss.hal:hal-console: wildfly hal console cross-site scripting 6.5 Medium2025-01-14
CVE-2025-0464 SourceCodester Task Reminder System Maintenance Section cross site scripting — Task Reminder System 2.4 Low2025-01-14
CVE-2025-23080 XSSes in Special:BadgeView — Mediawiki - OpenBadges Extension 6.1 -2025-01-14
CVE-2025-0458 Virtual Computer Vysual RH Solution Login Panel index.php cross site scripting — Vysual RH Solution 4.3 Medium2025-01-14
CVE-2024-48893 Fortinet FortiSOAR 跨站脚本漏洞 — FortiSOAR 6.4 Medium2025-01-14
CVE-2024-12240 Page Builder by SiteOrigin <= 2.31.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Row Label Parameter — Page Builder by SiteOrigin 6.4 Medium2025-01-14
CVE-2024-45385 Siemens Industrial Edge Management OS 跨站脚本漏洞 — Industrial Edge Management OS (IEM-OS) 4.7 Medium2025-01-14
CVE-2024-13156 HTML5 Video Player – mp4 Video Player Plugin and Block <= 2.5.35 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via heading Parameter — HTML5 Video Player – Embed and Play Videos in Custom Player 6.4 Medium2025-01-14
CVE-2024-13323 Booking Calendar <= 10.9.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via 'booking' Shortcode — Booking Calendar 6.4 Medium2025-01-14
CVE-2025-23038 Cross-Site Scripting (XSS) Stored endpoint 'remuneracao.php ' parameter 'descricao' in WeGIA — WeGIA 5.4 -2025-01-13
CVE-2025-23030 Cross-Site Scripting (XSS) Reflected endpoint 'cadastro_funcionario.php' parameter 'cpf' in WeGIA — WeGIA 6.1 -2025-01-13
CVE-2025-23031 Cross-Site Scripting (XSS) Stored endpoint 'adicionar_alergia.php' parameter 'nome' in WeGIA — WeGIA 5.4 -2025-01-13
CVE-2025-23032 Cross-Site Scripting (XSS) Stored endpoint 'adicionar_escala.php' parameter 'escala' in WeGIA — WeGIA 5.4 -2025-01-13
CVE-2025-23033 Cross-Site Scripting (XSS) Stored endpoint 'adicionar_situacao.php' parameter 'situacao' in WeGIA — WeGIA 5.4 -2025-01-13
CVE-2025-23034 Cross-Site Scripting (XSS) Reflected endpoint 'tags.php' parameter 'msg_e' in WeGIA — WeGIA 6.1 -2025-01-13
CVE-2025-23035 Cross-Site Scripting (XSS) Stored endpoint 'adicionar_tipo_quadro_horario.php' parameter 'tipo' in WeGIA — WeGIA 5.4 -2025-01-13
CVE-2025-23036 Cross-Site Scripting (XSS) Reflected endpoint 'pre_cadastro_funcionario.php' parameter 'msg_e' in WeGIA — WeGIA 6.1 -2025-01-13
CVE-2025-23037 Cross-Site Scripting (XSS) Stored endpoint 'control.php' parameter 'cargo' in WeGIA — WeGIA 5.4 -2025-01-13
CVE-2025-22613 WeGIA Cross-Site Scripting (XSS) Stored endpoint 'informacao_adicional.php' parameter 'descricao' — WeGIA 5.4 -2025-01-13

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21551 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.