Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21570

21570 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-12462 YOGO Booking <= 1.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — YOGO Booking 6.4 Medium2025-01-07
CVE-2024-11338 PIXNET Plugin <= 2.9.10 - Authenticated (Subscriber+) Stored Cross-Site Scripting — PIXNET Plugin 6.4 Medium2025-01-07
CVE-2024-11434 WP – Bulk SMS – by SMS.to <= 1.0.12 - Reflected Cross-Site Scripting — WP – Bulk SMS – by SMS.to 6.1 Medium2025-01-07
CVE-2024-12049 Woo Ukrposhta <= 1.17.11 - Reflected Cross-Site Scripting via order, post, and idd Parameters — Ukrposhta 6.1 Medium2025-01-07
CVE-2024-11383 CC Canadian Mortgage Calculator <= 2.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — CC Canadian Mortgage Calculator 6.4 Medium2025-01-07
CVE-2024-11899 Slider Pro Lite <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Slider Pro Lite 6.4 Medium2025-01-07
CVE-2024-12098 ARS Affiliate Page Plugin <= 2.0.2 - Reflected Cross-Site Scripting — ARS Affiliate Page Plugin 6.1 Medium2025-01-07
CVE-2024-12592 Sellsy <= 2.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — Sellsy 6.4 Medium2025-01-07
CVE-2024-11777 Sell Media <= 2.5.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting — Sell Media 6.4 Medium2025-01-07
CVE-2024-12528 WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress <= 1.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting — WordPress Survey & Poll – Quiz, Survey and Poll Plugin for WordPress 6.4 Medium2025-01-07
CVE-2024-11934 Formaloo Form Maker & Customer Analytics for WordPress & WooCommerce <= 2.1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Formaloo Form Maker & Customer Analytics for WordPress & WooCommerce 6.4 Medium2025-01-07
CVE-2024-12590 WP Youtube Gallery <= 1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter — WP Youtube Gallery 6.4 Medium2025-01-07
CVE-2025-21616 Plane has a Cross-site scripting (XSS) via SVG image upload — plane 5.4 Medium2025-01-06
CVE-2024-31914 IBM Sterling B2B Integrator cross-site scripting — Sterling B2B Integrator Standard Edition 6.4 Medium2025-01-06
CVE-2024-31913 IBM Sterling B2B Integrator cross-site scripting — Sterling B2B Integrator Standard Edition 5.5 Medium2025-01-06
CVE-2025-21612 Cross-site Scripting in TabberTransclude in Extension:TabberNeue — mediawiki-extensions-TabberNeue 8.6 High2025-01-06
CVE-2024-55074 Grocy 安全漏洞 — Grocy 8.8 High2025-01-06
CVE-2024-13143 ZeroWdd studentmanager PermissionController. java submitAddPermission cross site scripting — studentmanager 2.4 Low2025-01-05
CVE-2024-13142 ZeroWdd studentmanager RoleController. java submitAddRole cross site scripting — studentmanager 2.4 Low2025-01-05
CVE-2025-0228 code-projects Local Storage Todo App index.html cross site scripting — Local Storage Todo App 2.4 Low2025-01-05
CVE-2024-13141 osuuu LightPicture SVG File Upload upload cross site scripting — LightPicture 3.5 Low2025-01-05
CVE-2025-0220 Trimble SPS851 Ethernet Configuration Menu cross site scripting — SPS851 2.4 Low2025-01-05
CVE-2024-13140 Emlog Pro Cover Upload article.php cross site scripting — Emlog Pro 3.5 Low2025-01-05
CVE-2024-13137 wangl1989 mysiteforme SiteController RestResponse cross site scripting — mysiteforme 2.4 Low2025-01-05
CVE-2024-13135 Emlog Pro Subpage twitter.php cross site scripting — Emlog Pro 3.5 Low2025-01-05
CVE-2025-0219 Trimble SPS851 Receiver Status Identity Tab cross site scripting — SPS851 2.4 Low2025-01-05
CVE-2024-13132 Emlog Pro Subpage article.php cross site scripting — Emlog Pro 3.5 Low2025-01-05
CVE-2024-12475 WP Multi Store Locator <= 2.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — WP Multistore Locator — WP Store Locator Plugin: Effortless Integration With Snazzy Maps 6.4 Medium2025-01-04
CVE-2024-12221 Turnkey bbPress by WeaverTheme <= 1.6.3 - Reflected Cross-Site Scripting via _wpnonce Parameter — Turnkey bbPress by WeaverTheme 6.1 Medium2025-01-04
CVE-2024-11930 Taskbuilder – WordPress Project & Task Management plugin <= 3.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via wppm_tasks Shortcode — Taskbuilder – Project Management & Task Management Tool With Kanban Board 6.4 Medium2025-01-04

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21570 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.