Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21572

21572 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-12441 BP Email Assign Templates <= 1.5 - Reflected Cross-Site Scripting — BP Email Assign Templates 6.1 Medium2024-12-12
CVE-2024-12156 AI Content Writer, RSS Feed to Post, Autoblogging SEO Help <= 6.1.3 - Reflected Cross-Site Scripting — QC SEO Help for llms.txt, AI Analytics, AI Content Writer, Subtitle to Article 6.1 Medium2024-12-12
CVE-2024-12162 Video & Photo Gallery for Ultimate Member <= 1.1.1 - Reflected Cross-Site Scripting — Video & Photo Gallery for Ultimate Member 6.1 Medium2024-12-12
CVE-2024-11804 Planaday API <= 11.4 - Reflected Cross-Site Scripting — Planaday API 6.1 Medium2024-12-12
CVE-2024-11459 Country Blocker <= 3.2 - Reflected Cross-Site Scripting — Country Blocker 6.1 Medium2024-12-12
CVE-2024-12463 Arena.IM – Live Blogging for real-time events <= 0.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via arena_embed_amp Shortcode — Arena.IM – Live Blogging for real-time events 6.4 Medium2024-12-12
CVE-2024-10182 Cognito Forms <= 2.0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter — Cognito Forms 6.4 Medium2024-12-12
CVE-2024-11384 Arena.IM – Live Blogging for real-time events <= 0.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Arena.IM – Live Blogging for real-time events 6.4 Medium2024-12-12
CVE-2024-11410 Top and footer bars for announcements, notifications, advertisements, promotions – YooBar <= 2.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting — Yoo Bar – Floating Notification & Promo Bar for Website 6.4 Medium2024-12-12
CVE-2024-11875 Add infos to the events calendar <= 1.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Add infos to The Events Calendar 6.4 Medium2024-12-12
CVE-2024-11891 Perfect Font Awesome Integration <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — Perfect Font Awesome Integration 6.4 Medium2024-12-12
CVE-2024-11750 ONLYOFFICE DocSpace <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — ONLYOFFICE DocSpace 6.4 Medium2024-12-12
CVE-2024-11723 kvCORE IDX <= 2.3.35 - Reflected Cross-Site Scripting — kvCORE IDX 6.1 Medium2024-12-12
CVE-2024-11683 Newsletter Subscriptions <= 2.1 - Reflected Cross-Site Scripting — Newsletter Subscriptions 6.1 Medium2024-12-12
CVE-2024-12260 Ultimate Endpoints With Rest Api <= 2.2.2 - Reflected Cross-Site Scripting — Ultimate Endpoints With Rest Api 6.1 Medium2024-12-12
CVE-2024-12258 WP Service Payment Form With Authorize.net <= 2.6.3 - Reflected Cross-Site Scripting — WP Service Payment Form With Authorize.net 6.1 Medium2024-12-12
CVE-2024-12338 Website Toolbox Community <= 2.0.1 - Reflected Cross-Site Scripting via websitetoolbox_username — Website Toolbox Forum 6.1 Medium2024-12-12
CVE-2024-11901 PowerBI Embed Reports <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting — PowerBI Embed Reports 6.4 Medium2024-12-12
CVE-2024-12461 WP-Revive Adserver <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — WP-Revive Adserver 6.4 Medium2024-12-12
CVE-2024-11433 Surbma | SalesAutopilot Shortcode <= 2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting — Surbma | SalesAutopilot Shortcode 6.4 Medium2024-12-12
CVE-2024-11427 Catch Popup <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting — Catch Popup 6.4 Medium2024-12-12
CVE-2024-11914 Gutenberg Blocks and Page Layouts – Attire Blocks <= 1.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting — Gutenberg Blocks and Page Layouts – Attire Blocks 6.4 Medium2024-12-12
CVE-2024-11279 Schema App Structured Data <= 2.2.4 - Reflected Cross-Site Scripting — Schema App Structured Data 6.1 Medium2024-12-12
CVE-2024-11413 HostFact bestelformulier integratie <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — HostFact bestelformulier integratie 6.4 Medium2024-12-12
CVE-2024-11442 Horizontal scroll image slideshow <= 10.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Horizontal scroll image slideshow 6.4 Medium2024-12-12
CVE-2024-12536 SourceCodester Kortex Lite Advocate Office Management System client_data.php cross site scripting — Kortex Lite Advocate Office Management System 3.5 Low2024-12-12
CVE-2024-12503 ClassCMS Model Management Page admin cross site scripting — ClassCMS 2.4 Low2024-12-12
CVE-2024-53274 GHSL-2024-111: Reflected XSS in /home in habitica — habatica 6.1 -2024-12-11
CVE-2024-53273 GHSL-2024-110: Reflected XSS in /register in habitica — habatica 6.1 -2024-12-11
CVE-2024-53272 GHSL-2024-109: Reflected XSS in /login in habitica — habatica 6.1 -2024-12-11

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21572 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.