Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21553

21553 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-12153 GDY Modular Content <= 0.9.92 - Reflected Cross-Site Scripting — GDY Modular Content 6.1 Medium2025-01-07
CVE-2024-11363 Same but Different – Related Posts by Taxonomy <= 1.0.16 - Reflected Cross-Site Scripting — Same but Different – Related Posts by Taxonomy 6.1 Medium2025-01-07
CVE-2024-12453 Uptodown APK Download Widget <= 0.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting — Uptodown APK Download Widget 6.4 Medium2025-01-07
CVE-2024-12457 Chat Support for Viber – Chat Bubble and Chat Button for Gutenberg, Elementor and Shortcode <= 1.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — Chat Support for Viber – Chat Bubble and Chat Button for Gutenberg, Elementor and Shortcode 6.4 Medium2025-01-07
CVE-2024-12207 Toggles Shortcode and Widget <= 1.14 - Authenticated (Administrator+) Stored Cross-Site Scripting — Toggles Shortcode and Widget 4.4 Medium2025-01-07
CVE-2024-11337 Horoscope And Tarot <= 1.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Divine Astro 6.4 Medium2025-01-07
CVE-2024-12290 Infility Global <= 2.9.8 - Reflected Cross-Site Scripting via set_type Parameter — Infility Global 6.1 Medium2025-01-07
CVE-2024-11445 Image Magnify <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Image Magnify 6.4 Medium2025-01-07
CVE-2024-11378 Bizapp for WooCommerce <= 2.0.8 - Reflected Cross-Site Scripting — Bizapp for WooCommerce 6.1 Medium2025-01-07
CVE-2024-11375 WC1C <= 0.23.0 - Reflected Cross-Site Scripting — WC1C 6.1 Medium2025-01-07
CVE-2024-12126 SEO Keywords <= 1.1.3 - Reflected Cross-Site Scripting via google_error Parameter — SEO Keywords 6.1 Medium2025-01-07
CVE-2024-11690 Financial Stocks & Crypto Market Data Plugin <= 1.10.3 - Reflected Cross-Site Scripting — Financial Stocks & Crypto Market Data Plugin 6.1 Medium2025-01-07
CVE-2024-12214 WooCommerce HSS Extension for Streaming Video <= 3.31 - Reflected Cross-Site Scripting via videolink Parameter — WooCommerce HSS Extension for Streaming Video 6.1 Medium2025-01-07
CVE-2024-12462 YOGO Booking <= 1.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — YOGO Booking 6.4 Medium2025-01-07
CVE-2024-11338 PIXNET Plugin <= 2.9.10 - Authenticated (Subscriber+) Stored Cross-Site Scripting — PIXNET Plugin 6.4 Medium2025-01-07
CVE-2024-11434 WP – Bulk SMS – by SMS.to <= 1.0.12 - Reflected Cross-Site Scripting — WP – Bulk SMS – by SMS.to 6.1 Medium2025-01-07
CVE-2024-12049 Woo Ukrposhta <= 1.17.11 - Reflected Cross-Site Scripting via order, post, and idd Parameters — Ukrposhta 6.1 Medium2025-01-07
CVE-2024-11383 CC Canadian Mortgage Calculator <= 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — CC Canadian Mortgage Calculator 6.4 Medium2025-01-07
CVE-2024-11899 Slider Pro Lite <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Slider Pro Lite 6.4 Medium2025-01-07
CVE-2024-12098 ARS Affiliate Page Plugin <= 2.0.2 - Reflected Cross-Site Scripting — ARS Affiliate Page Plugin 6.1 Medium2025-01-07
CVE-2024-12592 Sellsy <= 2.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — Sellsy 6.4 Medium2025-01-07
CVE-2024-11777 Sell Media <= 2.5.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting — Sell Media 6.4 Medium2025-01-07
CVE-2024-12528 WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress <= 1.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting — WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress 6.4 Medium2025-01-07
CVE-2024-11934 Formaloo Form Maker & Customer Analytics for WordPress & WooCommerce <= 2.1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Formaloo Form Maker & Customer Analytics for WordPress & WooCommerce 6.4 Medium2025-01-07
CVE-2024-12590 WP Youtube Gallery <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter — WP Youtube Gallery 6.4 Medium2025-01-07
CVE-2025-21616 Plane has a Cross-site scripting (XSS) via SVG image upload — plane 5.4 Medium2025-01-06
CVE-2024-31914 IBM Sterling B2B Integrator cross-site scripting — Sterling B2B Integrator Standard Edition 6.4 Medium2025-01-06
CVE-2024-31913 IBM Sterling B2B Integrator cross-site scripting — Sterling B2B Integrator Standard Edition 5.5 Medium2025-01-06
CVE-2025-21612 Cross-site Scripting in TabberTransclude in Extension:TabberNeue — mediawiki-extensions-TabberNeue 8.6 High2025-01-06
CVE-2024-55074 Grocy 安全漏洞 — Grocy 8.8 High2025-01-06

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21553 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.