CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21572

21572 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2024-10646	Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.2.6 - Unauthenticated Stored Cross-Site Scripting via Form Subject — Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder	7.2	High	2024-12-14
CVE-2024-12501	Simple Locator <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — Simple Locator	6.4	Medium	2024-12-14
CVE-2024-11884	Wp photo text slider 50 <= 8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Wp photo text slider 50	6.4	Medium	2024-12-14
CVE-2024-11888	IDer Login for WordPress <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — IDer Login for WordPress	6.4	Medium	2024-12-14
CVE-2024-11869	Buk for WordPress <= 1.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting — Buk for WordPress	6.4	Medium	2024-12-14
CVE-2024-12502	My IDX Home Search <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — My IDX Home Search	6.4	Medium	2024-12-14
CVE-2024-11877	Cricket Live Score <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — Cricket Live Score	6.4	Medium	2024-12-14
CVE-2024-11855	Koalendar – Events & Appointments Booking Calendar <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via height Parameter — Koalendar – Easy Appointment Scheduling & Booking Plugin	6.4	Medium	2024-12-14
CVE-2024-11894	The Permalinker <= 1.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — The Permalinker	6.4	Medium	2024-12-14
CVE-2024-12458	Smart PopUp Blaster <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — Smart PopUp Blaster	6.4	Medium	2024-12-14
CVE-2024-12523	States Map US <= 2.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — States Map US	6.4	Medium	2024-12-14
CVE-2024-12448	Posts and Products Views for WooCommerce <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Posts and Products Views for WooCommerce	6.4	Medium	2024-12-14
CVE-2024-12411	WP Ad Guru – Banner ad, Responsive popup, Popup maker, Ad rotator & More <= 2.5.4 - Reflected Cross-Site Scripting — WP Ad Guru – Banner ad, Responsive popup, Popup maker, Ad rotator & More	6.1	Medium	2024-12-14
CVE-2024-11883	Connatix Video Embed <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting — Connatix Video Embed	6.4	Medium	2024-12-14
CVE-2024-12517	WooCommerce Cart Count Shortcode <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting — WooCommerce Cart Count Shortcode	6.4	Medium	2024-12-14
CVE-2024-11462	Filestack Official <= 2.1.0 - Reflected Cross-Site Scripting — Filestack WP Upload	6.1	Medium	2024-12-14
CVE-2024-11763	Plezi <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting — Plezi	6.4	Medium	2024-12-14
CVE-2024-11095	Visualmodo Elements <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload — Visualmodo Elements	6.4	Medium	2024-12-14
CVE-2024-11876	Kredeum NFTs, the easiest way to sell your NFTs directly on your WordPress site <= 1.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting — Kredeum NFTs, the easiest way to sell your NFTs directly on your WordPress site	6.4	Medium	2024-12-14
CVE-2024-11770	Post Carousel & Slider <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — Post Carousel & Slider	6.4	Medium	2024-12-14
CVE-2024-11759	Bukza <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Bukza	6.4	Medium	2024-12-14
CVE-2024-11751	TCBD Popover <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — TCBD Popover	6.4	Medium	2024-12-14
CVE-2024-11755	IMS Countdown <= 1.3.5 - Authenticated (Contributor+) Stored Cross-Site Scripting — IMS Countdown	6.4	Medium	2024-12-14
CVE-2024-11867	Companion Portfolio – Responsive Portfolio Plugin <= 2.4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Companion Portfolio – Responsive Portfolio Plugin	6.4	Medium	2024-12-14
CVE-2024-11865	Tabs Maker <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Tabs Maker	6.4	Medium	2024-12-14
CVE-2024-11889	My IDX Home Search <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — My IDX Home Search	6.4	Medium	2024-12-14
CVE-2024-11873	glomex oEmbed <= 0.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — glomex oEmbed	6.4	Medium	2024-12-14
CVE-2024-55890	D-Tale allows Remote Code Execution through the Custom Filter Input — dtale	9.8	-	2024-12-13
CVE-2024-54139	Combodo iTop vulnerable to XSS leading to CSRF breach on _table_id parameter — iTop	7.9	High	2024-12-13
CVE-2024-54347	WordPress FloristPress plugin <= 7.2.0 - Reflected Cross Site Scripting (XSS) vulnerability — FloristPress	7.1	High	2024-12-13

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21572 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21572