Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21570

21570 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-11885 NinjaTeam Chat for Telegram <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — WP Telegram Chat Widget 6.4 Medium2024-12-24
CVE-2024-12507 Optio Dentistry <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Optio Dentistry 6.4 Medium2024-12-24
CVE-2024-12518 shMapper by Teplitsa <= 1.4.18 - Authenticated (Contributor+) Stored Cross-Site Scripting — ShMapper by Teplitsa 6.4 Medium2024-12-24
CVE-2024-12710 WP-Appbox <= 4.5.3 - Reflected Cross-Site Scripting — WP-Appbox 6.1 Medium2024-12-24
CVE-2024-56364 Cross-site Scripting vulnerability in SimpleXLSXEx::readThemeColors, SimpleXLSXEx::getColorValue and SimpleXLSX::toHTMLEx — simplexlsx 5.4 Medium2024-12-23
CVE-2024-11230 Elementor Header & Footer Builder <= 1.6.46 - Authenticated (Contributor+) Stored Cross-Site Scripting via Page Title Widget — Ultimate Addons for Elementor 6.4 Medium2024-12-23
CVE-2024-12893 Portabilis i-Educar Tipo de Usuário Page 2 cross site scripting — i-Educar 2.4 Low2024-12-22
CVE-2024-12892 code-projects Online Exam Mastering System sign.php cross site scripting — Online Exam Mastering System 3.5 Low2024-12-22
CVE-2024-12883 code-projects Job Recruitment _email.php cross site scripting — Job Recruitment 4.3 Medium2024-12-21
CVE-2024-12591 MagicPost <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wb_share_social Shortcode — MagicPost – WordPress文章管理功能增强插件 6.4 Medium2024-12-21
CVE-2024-11688 LaTeX2HTML <= 2.5.5 - Reflected Cross-Site Scripting — LaTeX2HTML 6.1 Medium2024-12-21
CVE-2024-10453 Elementor Website Builder – More than Just a Page Builder <= 3.25.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Typography Settings — Elementor Website Builder – more than just a page builder 6.4 Medium2024-12-21
CVE-2024-12408 WP on AWS <= 5.2.1 - Reflected Cross-Site Scripting — WP on AWS 6.1 Medium2024-12-21
CVE-2024-12588 Shortcodes and extra features for Phlox theme <= 2.17.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Staff Widget — Shortcodes and extra features for Phlox theme 6.4 Medium2024-12-21
CVE-2024-11808 Pingmeter Uptime Monitoring <= 1.0.3 - Reflected Cross-Site Scripting — Pingmeter Uptime Monitoring 6.1 Medium2024-12-21
CVE-2024-9545 Shortcodes and extra features for Phlox theme <= 2.17.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via aux_contact_box and aux_gmaps Shortcodes — Shortcodes and extra features for Phlox theme 6.4 Medium2024-12-21
CVE-2024-11682 G Web Pro Store Locator <= 2.1 - Reflected Cross-Site Scripting — G Web Pro Store Locator 6.1 Medium2024-12-21
CVE-2024-11975 Reactflow Visitor Recording and Heatmaps <= 1.0.10 - Reflected Cross-Site Scripting — Reactflow Visitor Recording and Heatmaps 6.1 Medium2024-12-21
CVE-2024-12697 real.Kit <= 5.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — real.Kit 6.4 Medium2024-12-21
CVE-2024-11196 Multi-column Tag Map <= 17.0.33 - Authenticated (Contributor+) Stored Cross-Site Scripting via mctagmap Shortcode — Multi-column Tag Map 6.4 Medium2024-12-21
CVE-2024-12262 Ebook Store <= 5.8001 - Reflected Cross-Site Scripting via 'step' — Ebook Store 6.1 Medium2024-12-21
CVE-2024-11938 One Click Upsell Funnel for WooCommerce <= 3.4.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via wps_wocuf_pro_yes Shortcode — One Click Upsell Funnel for Woocommerce 6.4 Medium2024-12-21
CVE-2024-11287 Ebook Store <= 5.8001 - Reflected Cross-Site Scripting — Ebook Store 6.1 Medium2024-12-21
CVE-2024-12846 Emlog Pro link.php cross site scripting — Emlog Pro 4.3 Medium2024-12-21
CVE-2024-11811 Feedify – Web Push Notifications <= 2.4.2 - Reflected Cross-Site Scripting — Feedify – Web Push Notifications 6.1 Medium2024-12-20
CVE-2024-12845 Emlog Pro common.php cross site scripting — Emlog Pro 3.5 Low2024-12-20
CVE-2024-12844 Emlog Pro store.php cross site scripting — Emlog Pro 4.3 Medium2024-12-20
CVE-2024-12843 Emlog Pro plugin.php cross site scripting — Emlog Pro 4.3 Medium2024-12-20
CVE-2024-56359 Cross-site Scripting vulnerability through HyperLink cells in grist-core — grist-core 8.1 High2024-12-20
CVE-2024-56358 Cross-site Scripting vulnerability through svg attachment previews in grist-core — grist-core 8.1 High2024-12-20

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21570 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.