CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21570

21570 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2021-20553	IBM Sterling B2B Integrator Standard Edition cross-site scripting — Sterling B2B Integrator	5.4	Medium	2024-12-18
CVE-2024-25042	IBM Cognos Analytics cross-site scripting — Cognos Analytics	5.4	Medium	2024-12-18
CVE-2024-49677	WordPress Bootstrap Buttons plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability — Bootstrap Buttons	7.1	High	2024-12-18
CVE-2024-51646	WordPress Saoshyant Element plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability — Saoshyant Element	7.1	High	2024-12-18
CVE-2024-54350	WordPress hmd theme <= 2.0 - Cross Site Scripting (XSS) vulnerability — hmd	7.1	High	2024-12-18
CVE-2024-56010	WordPress Device Detector Plugin <= 4.2.0 - Reflected Cross Site Scripting (XSS) vulnerability — Device Detector	7.1	High	2024-12-18
CVE-2024-56016	WordPress Image Mapper plugin <= 0.2.5.3 - Reflected Cross Site Scripting (XSS) vulnerability — Image Mapper	7.1	High	2024-12-18
CVE-2024-12449	Video Share VOD – Turnkey Video Site Builder Script <= 2.6.30 - Authenticated (Contributor+) Stored Cross-Site Scripting — Video Share VOD – Turnkey Video Site Builder Script	6.4	Medium	2024-12-18
CVE-2024-11254	AMP for WP – Accelerated Mobile Pages <= 1.1.1 - Reflected Cross-Site Scripting — AMP for WP – Accelerated Mobile Pages	6.1	Medium	2024-12-18
CVE-2024-12513	Contests by Rewards Fuel <= 2.0.65 - Authenticated (Contributor+) Stored Cross-Site Scripting — Contests by Rewards Fuel	6.4	Medium	2024-12-18
CVE-2024-11881	Easy Waveform Player <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Easy Waveform Player	6.4	Medium	2024-12-18
CVE-2024-12500	Philantro – Donations and Donor Management <= 5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — Philantro – Donations and Donor Management	6.4	Medium	2024-12-18
CVE-2024-11748	Taeggie Feed <= 0.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting — Taeggie Feed	6.4	Medium	2024-12-18
CVE-2024-11439	ScanCircle <= 2.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — ScanCircle	6.4	Medium	2024-12-18
CVE-2023-37940	Liferay Portal 跨站脚本漏洞 — Portal	4.8	Medium	2024-12-17
CVE-2024-11993	Liferay Portal和Liferay DXP 跨站脚本漏洞 — Portal	6.1	-	2024-12-17
CVE-2024-12395	WooCommerce Additional Fees On Checkout (Free) <= 1.4.7 - Reflected Cross-Site Scripting via 'number' — Additional Fees For WooCommerce Checkout	6.1	Medium	2024-12-17
CVE-2024-12024	EventPrime – Events Calendar, Bookings and Tickets <= 4.0.7.3 - Unauthenticated Stored Cross-Site Scripting via Ticket Category and Ticket Type Name — EventPrime – Events Calendar, Bookings and Tickets	7.2	High	2024-12-17
CVE-2024-12469	WP BASE Booking of Appointments, Services and Events <= 4.9.1 - Reflected Cross-Site Scripting via status Parameter — WP BASE Booking of Appointments, Services and Events	6.1	Medium	2024-12-17
CVE-2024-55864	WordPress plugin My WP Customize Admin/Frontend 跨站脚本漏洞 — My WP Customize Admin/Frontend	4.8	-	2024-12-17
CVE-2024-12239	PowerPack Lite for Beaver Builder <= 1.3.0.5 - Reflected Cross-Site Scripting via Navigate Parameter — PowerPack Lite for Beaver Builder	6.1	Medium	2024-12-17
CVE-2024-11905	Animated Counters <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Animated Counters	6.4	Medium	2024-12-16
CVE-2024-11906	TPG Get Posts <= 3.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting — TPG Get Posts	6.4	Medium	2024-12-16
CVE-2024-11900	Portfolio – Filterable Masonry Portfolio Gallery for Professionals <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — Portfolio – Filterable Masonry Portfolio Gallery for Professionals	6.4	Medium	2024-12-16
CVE-2024-11902	Slope Widgets <= 4.2.12 - Authenticated (Contributor+) Stored Cross-Site Scripting — Slope Widgets	6.4	Medium	2024-12-16
CVE-2024-12443	CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting — CRM Perks – WordPress HelpDesk Integration – Zendesk, Freshdesk, HelpScout	6.4	Medium	2024-12-16
CVE-2024-12665	ruifang-tech Rebuild Task Comment Attachment Upload cross site scripting — Rebuild	3.5	Low	2024-12-16
CVE-2024-12664	ruifang-tech Rebuild Project Task Comment cross site scripting — Rebuild	3.5	Low	2024-12-16
CVE-2024-54348	WordPress Brandy theme <= 1.1.6 - Cross Site Scripting (XSS) vulnerability — Brand	6.5	Medium	2024-12-16
CVE-2024-54257	WordPress tydskrif theme <= 1.1.3 - Reflected Cross Site Scripting (XSS) vulnerability — tydskrif	7.1	High	2024-12-16

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21570 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21570