CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21551

21551 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2024-49785	IBM watsonx.ai cross-site scripting — watsonx.ai	5.4	Medium	2025-01-12
CVE-2024-12407	Push Notification for Post and BuddyPress <= 2.07 - Reflected Cross-Site Scripting — Push Notification for Post and BuddyPress	6.1	Medium	2025-01-11
CVE-2024-11386	GatorMail SmartForms <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — GatorMail SmartForms	6.4	Medium	2025-01-11
CVE-2024-12527	Perfect Portal Widgets <= 3.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — Perfect Portal Widgets	6.4	Medium	2025-01-11
CVE-2024-11892	Accordion Slider Lite <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Accordion Slider Lite	6.4	Medium	2025-01-11
CVE-2024-12412	Rental and Booking Manager for Bike, Car, Dress, Resort with WooCommerce Integration – WpRently \| WordPress plugin <= 2.2.1 - Reflected Cross-Site Scripting — Booking and Rental Manager for Bike \| Car \| Resort \| Appointment \| Dress \| Equipment	6.1	Medium	2025-01-11
CVE-2024-12520	Dominion – Domain Checker for WPBakery <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Dominion – Domain Checker for WPBakery	6.4	Medium	2025-01-11
CVE-2024-12519	TCBD Auto Refresher <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — TCBD Auto Refresher	6.4	Medium	2025-01-11
CVE-2024-11874	Grid Accordion Lite <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Grid Accordion Lite	6.4	Medium	2025-01-11
CVE-2024-11758	WP SPID Italia <= 2.9 - Authenticated (Contributor+) Stored Cross-Site Scripting — WP SPID Italia	6.4	Medium	2025-01-11
CVE-2024-12304	Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.4.2 - Authenticated (contributor+) Stored Cross-Site Scripting via Button Link — Kadence Blocks — Page Builder Toolkit for Gutenberg Editor	6.4	Medium	2025-01-11
CVE-2025-0104	Expedition: Cross-Site Scripting (XSS) Vulnerability — Cloud NGFW	6.1	-	2025-01-11
CVE-2024-12505	Trackserver <= 5.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — Trackserver	6.4	Medium	2025-01-11
CVE-2024-11327	ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages <= 2.4.1 - Reflected Cross-Site Scripting — ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages	6.1	Medium	2025-01-11
CVE-2025-23079	XSSes in Extension:ArticleFeedbackv5 — Mediawiki - ArticleFeedbackv5 extension	6.1	-	2025-01-10
CVE-2025-23078	XSS in BreadCrumbs2 — Mediawiki - Breadcrumbs2 extension	6.1	-	2025-01-10
CVE-2025-22600	WeGIA has a Cross-Site Scripting (XSS) Reflected endpoint `configuracao_doacao.php` parameter `avulso` — WeGIA	6.1	-	2025-01-10
CVE-2025-22599	WeGIA has a Cross-Site Scripting (XSS) Reflected endpoint `home.php` parameter `msg_c` — WeGIA	6.1	-	2025-01-10
CVE-2025-22598	WeGIA has a Cross-Site Scripting (XSS) Stored endpoint 'cadastrarSocio.php' parameter 'nome' — WeGIA	8.3	High	2025-01-10
CVE-2025-22597	WeGIA has a Cross-Site Scripting (XSS) Stored endpoint 'CobrancaController.php' parameter 'local_recepcao' — WeGIA	8.3	High	2025-01-10
CVE-2025-22596	WeGIA has a Cross-Site Scripting (XSS) Reflected endpoint 'modulos_visiveis.php' parameter'msg_c' — WeGIA	6.1	-	2025-01-10
CVE-2024-13183	Orbit Fox by ThemeIsle <= 2.10.43 - Authenticated (Contributor+) Stored Cross-Site Scripting via title_tag Parameter — Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More	6.4	Medium	2025-01-10
CVE-2025-0311	Orbit Fox by ThemeIsle <= 2.10.43 - Authenticated (Contributor+) Stored Cross-Site Scripting via Pricing Table Widget — Orbit Fox: Duplicate Page, Menu Icons, SVG Support, Cookie Notice, Custom Fonts & More	6.4	Medium	2025-01-10
CVE-2025-23111	REDCap 安全漏洞 — REDCap	4.7	Medium	2025-01-10
CVE-2025-23112	REDCap 安全漏洞 — REDCap	6.1	Medium	2025-01-10
CVE-2025-23110	REDCap 安全漏洞 — REDCap	6.1	Medium	2025-01-10
CVE-2024-13308	Browser Back Button - Moderately critical - Cross site scripting - SA-CONTRIB-2024-072 — Browser Back Button	6.1	-	2025-01-09
CVE-2024-13305	Entity Form Steps - Moderately critical - Cross site scripting - SA-CONTRIB-2024-071 — Entity Form Steps	6.1	-	2025-01-09
CVE-2024-13301	OAuth & OpenID Connect Single Sign On – SSO (OAuth/OIDC Client) - Critical - Cross Site Scripting - SA-CONTRIB-2024-067 — OAuth & OpenID Connect Single Sign On – SSO (OAuth/OIDC Client)	6.1	-	2025-01-09
CVE-2024-13298	Tarte au Citron - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-064 — Tarte au Citron	6.1	-	2025-01-09

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21551 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21551