Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21570

21570 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-11974 Media Library Assistant <= 3.23 - Reflected Cross-Site Scripting via smc_settings_tab, unattachfixit-action, and woofixit-action Parameters — Media Library Assistant 6.1 Medium2025-01-04
CVE-2024-12701 WP Smart Import : Import any XML File to WordPress <= 1.1.2 - Reflected Cross-Site Scripting — WP Smart Import : Import any XML File to WordPress 6.1 Medium2025-01-04
CVE-2024-12047 WP Compress – Instant Performance & Speed Optimization <= 6.30.03 - Reflected Cross-Site Scripting via custom_server Parameter — WP Compress – Instant Performance & Speed Optimization 6.1 Medium2025-01-04
CVE-2025-22388 Optimizely EPiServer.CMS.Core 安全漏洞 — n/a 4.8 -2025-01-04
CVE-2025-22383 Optimizely Configured Commerce 安全漏洞 — n/a 6.1 -2025-01-04
CVE-2024-56412 PhpSpreadsheet vulnerable to bypass of the XSS sanitizer using the javascript protocol and special characters — PhpSpreadsheet 6.1 -2025-01-03
CVE-2024-56411 PhpSpreadsheet has Cross-Site Scripting (XSS) vulnerability of the hyperlink base in the HTML page header — PhpSpreadsheet 6.1 -2025-01-03
CVE-2024-56410 PhpSpreadsheet has Cross-Site Scripting (XSS) vulnerability in custom properties — PhpSpreadsheet 6.1 -2025-01-03
CVE-2024-56409 PhpSpreadsheet vulnerable to unauthorized reflected XSS in Currency.php file — PhpSpreadsheet 6.1 -2025-01-03
CVE-2024-56366 PhpSpreadsheet vulnerable to unauthorized reflected XSS in the Accounting.php file — PhpSpreadsheet 6.1 -2025-01-03
CVE-2024-56365 PhpSpreadsheet vulnerable to unauthorized reflected XSS in the constructor of the Downloader class — PhpSpreadsheet 6.1 -2025-01-03
CVE-2025-21610 Trix allows Cross-site Scripting via `javascript:` url in a link — trix 5.3 Medium2025-01-03
CVE-2024-56408 PhpSpreadsheet allows unauthorized reflected XSS in `Convert-Online.php` file — PhpSpreadsheet 6.1 -2025-01-03
CVE-2025-0175 code-projects Online Shop view.php cross site scripting — Online Shop 3.5 Low2025-01-03
CVE-2024-56199 phpMyFAQ Vulnerable to Stored HTML Injection at FAQ — phpMyFAQ 5.2 Medium2025-01-02
CVE-2024-12907 XSS in Kentico 7 — Kentico CMS 6.1 -2025-01-02
CVE-2024-55541 Acronis Cyber Protect 跨站脚本漏洞 — Acronis Cyber Protect 16 5.4 -2025-01-02
CVE-2024-56014 WordPress Olivia Theme <= 0.9.5 - Reflected Cross Site Scripting (XSS) vulnerability — Olivia 7.1 High2025-01-02
CVE-2024-56257 WordPress Coins MarketCap plugin <= 5.5.8 - Cross Site Scripting (XSS) vulnerability — Coins MarketCap 6.5 Medium2025-01-02
CVE-2024-56268 WordPress Post Grid Elementor Addon plugin <= 2.0.18 - Cross Site Scripting (XSS) vulnerability — Post Grid Elementor Addon 6.5 Medium2025-01-02
CVE-2024-56302 WordPress ConvertCalculator for WordPress plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability — ConvertCalculator for WordPress 6.5 Medium2025-01-02
CVE-2024-56267 WordPress Interactive UK Map plugin <= 3.4.8 - CSRF to Stored Cross Site Scripting (XSS) vulnerability — Interactive UK Map 7.1 High2025-01-02
CVE-2024-56263 WordPress GS Shots for Dribbble plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability — GS Shots for Dribbble 6.5 Medium2025-01-02
CVE-2024-56261 WordPress Project Showcase plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability — Project Showcase 6.5 Medium2025-01-02
CVE-2024-56262 WordPress GS Coaches plugin <= 1.1.0 - Cross Site Scripting (XSS) vulnerability — GS Coaches 6.5 Medium2025-01-02
CVE-2024-56260 WordPress ShopElement plugin <= 2.0.0 - Stored Cross Site Scripting (XSS) vulnerability — ShopElement 6.5 Medium2025-01-02
CVE-2024-56258 WordPress Magazine Blocks plugin <= 1.3.20 - Cross Site Scripting (XSS) vulnerability — Magazine Blocks 6.5 Medium2025-01-02
CVE-2024-56259 WordPress GeoDirectory plugin <= 2.3.84 - Cross Site Scripting (XSS) vulnerability — GeoDirectory 6.5 Medium2025-01-02
CVE-2024-56254 WordPress Move Addons for Elementor plugin <= 1.3.6 - Cross Site Scripting (XSS) vulnerability — Move Addons for Elementor 6.5 Medium2025-01-02
CVE-2024-56252 WordPress Enter Addons plugin <= 2.1.9 - Cross Site Scripting (XSS) vulnerability — Enter Addons 6.5 Medium2025-01-02

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21570 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.