CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21571

21571 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2024-54257	WordPress tydskrif theme <= 1.1.3 - Reflected Cross Site Scripting (XSS) vulnerability — tydskrif	7.1	High	2024-12-16
CVE-2024-54249	WordPress Advanced Options Editor plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability — Advanced Options Editor	7.1	High	2024-12-16
CVE-2024-12092	Stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x — ENOVIA Collaborative Industry Innovator	8.7	High	2024-12-16
CVE-2024-12091	Stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x — ENOVIA Collaborative Industry Innovator	8.7	High	2024-12-16
CVE-2024-12090	Stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x — ENOVIA Collaborative Industry Innovator	8.7	High	2024-12-16
CVE-2024-12089	Stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x — ENOVIA Collaborative Industry Innovator	8.7	High	2024-12-16
CVE-2024-54358	WordPress 3D Avatar User Profile plugin <= 1.0.0 - Reflected Cross Site Scripting (XSS) vulnerability — 3D Avatar User Profile	7.1	High	2024-12-16
CVE-2024-54364	WordPress Feedpress Generator plugin <= 1.2.1 - Reflected Cross Site Scripting (XSS) vulnerability — Feedpress Generator	7.1	High	2024-12-16
CVE-2024-54387	WordPress Posts Date Ranges plugin <= 2.2 - Reflected Cross Site Scripting (XSS) vulnerability — Posts Date Ranges	7.1	High	2024-12-16
CVE-2024-54390	WordPress TagGator plugin <= 1.54 - Reflected Cross Site Scripting (XSS) vulnerability — TagGator	7.1	High	2024-12-16
CVE-2024-54395	WordPress Increase Sociability plugin <= 1.3.0 - Reflected Cross Site Request Forgery (CSRF) vulnerability — Increase Sociability	7.1	High	2024-12-16
CVE-2024-54403	WordPress Visual Recent Posts plugin <= 1.2.3 - Reflected Cross Site Request Forgery (CSRF) vulnerability — Visual Recent Posts	7.1	High	2024-12-16
CVE-2024-54406	WordPress Comments On Feed plugin <= 1.2.1 - Reflected Cross Site Scripting (XSS) vulnerability — Comments On Feed	7.1	High	2024-12-16
CVE-2024-54422	WordPress Evernote Sync plugin <= 3.0.0 - Reflected Cross Site Scripting (XSS) vulnerability — Evernote Sync	7.1	High	2024-12-16
CVE-2024-54441	WordPress Utech World Time Plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability — Utech World Time	6.5	Medium	2024-12-16
CVE-2024-54360	WordPress Gutensee plugin <= 1.0.6 - Cross Site Scripting (XSS) vulnerability — Gutensee	6.5	Medium	2024-12-16
CVE-2024-54442	WordPress Better WP Login Page plugin <= 1.1.2 - Stored Cross Site Scripting (XSS) vulnerability — Better WP Login Page	5.9	Medium	2024-12-16
CVE-2024-54443	WordPress Advanced Data Table For Elementor plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability — Advanced Data Table For Elementor	6.5	Medium	2024-12-16
CVE-2024-56011	WordPress Responsive Google Maps \| by imbaa plugin <= 1.2.5 - Stored Cross Site Scripting (XSS) vulnerability — Responsive Google Maps \| by imbaa	6.5	Medium	2024-12-16
CVE-2024-54424	WordPress Like in Vk.com plugin <= 0.5.2 - CSRF to Stored Cross-Site Scripting vulnerability — Like in Vk.com	7.1	High	2024-12-16
CVE-2024-54437	WordPress jCarousel for WordPress plugin <= 1.0 - CSRF to Stored XSS vulnerability — jCarousel	7.1	High	2024-12-16
CVE-2024-12641	Chunghwa Telecom TenderDocTransfer - Reflected Cross-site Scripting to RCE — TenderDocTransfer	9.6	Critical	2024-12-16
CVE-2024-11720	Frontend Admin by DynamiApps <= 3.24.5 - Unauthenticated Stored Cross-Site Scripting — Frontend Admin by DynamiApps	7.2	High	2024-12-14
CVE-2024-12628	bodi0’s Easy Cache <= 0.8 - Authenticated (Admin+) Stored Cross-Site Scripting — bodi0`s Easy cache	4.4	Medium	2024-12-14
CVE-2024-12446	Post to Pdf <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — PDF Generator for Posts & Pages – Export Any Post Type to PDF	6.4	Medium	2024-12-14
CVE-2024-12422	Import Eventbrite Events <= 1.7.4 - Reflected Cross-Site Scripting — Import Eventbrite Events	6.1	Medium	2024-12-14
CVE-2024-12459	Ganohrs Toggle Shortcode <= 0.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting — Ganohrs Toggle Shortcode	6.4	Medium	2024-12-14
CVE-2024-11752	Eveeno <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting — Eveeno	6.4	Medium	2024-12-14
CVE-2024-12474	GeoDataSource Country Region DropDown <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — GeoDataSource Country Region DropDown	6.4	Medium	2024-12-14
CVE-2024-10646	Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.2.6 - Unauthenticated Stored Cross-Site Scripting via Form Subject — Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder	7.2	High	2024-12-14

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21571 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21571