Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21572

21572 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-54219 WordPress AIO Contact plugin <= 2.8.1 - Unauthenticated Site-Wide Cross Site Scripting (XSS) vulnerability — AIO Contact 7.1 High2024-12-09
CVE-2024-54220 WordPress FAT Services Booking plugin <= 5.6 - Subscriber+ Site-Wide Cross Site Scripting (XSS) vulnerability — FAT Services Booking 7.1 High2024-12-09
CVE-2024-54247 WordPress ABCBiz Addons and Templates for Elementor plugin <= 2.0.2 - Stored Cross Site Scripting (XSS) vulnerability — ABCBiz Addons and Templates for Elementor 6.5 Medium2024-12-09
CVE-2024-54253 WordPress Xpro Addons For Elementor plugin <= 1.4.6.5 - Cross Site Scripting (XSS) vulnerability — Xpro Elementor Addons 6.5 Medium2024-12-09
CVE-2024-54224 WordPress ElementsReady Addons for Elementor plugin <= 6.4.7 - Cross Site Scripting (XSS) vulnerability — ElementsReady Addons for Elementor 6.5 Medium2024-12-09
CVE-2024-54230 WordPress Unlock Addons for Elementor plugin <= 2.2.4 - Cross Site Scripting (XSS) vulnerability — Unlock Addons for Elementor 6.5 Medium2024-12-09
CVE-2024-54228 WordPress Wot Elementor Widgets plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability — Wot Elementor Widgets 6.5 Medium2024-12-09
CVE-2024-54232 WordPress RRAddons for Elementor plugin <= 1.1.0 - Stored Cross Site Scripting (XSS) vulnerability — RRAddons for Elementor 6.5 Medium2024-12-09
CVE-2024-54260 WordPress News Kit Elementor Addons plugin <= 1.4.2 - Cross Site Scripting (XSS) vulnerability — News Kit Elementor Addons 6.5 Medium2024-12-09
CVE-2023-30748 WordPress Easy Appointments plugin <= 3.10.7 - Auth. Stored Cross-Site Scripting (XSS) vulnerability — Easy Appointments 4.3 Medium2024-12-09
CVE-2023-49158 WordPress LadiApp plugin <= 4.4 - Broken Access Control lead to XSS vulnerability — LadiApp 7.1 High2024-12-09
CVE-2024-12359 code-projects Admin Dashboard vendor_management.php cross site scripting — Admin Dashboard 3.5 Low2024-12-09
CVE-2024-53285 Synology Router Manager 安全漏洞 — Synology Router Manager (SRM) 5.9 Medium2024-12-09
CVE-2024-53284 Synology Router Manager 安全漏洞 — Synology Router Manager (SRM) 5.9 Medium2024-12-09
CVE-2024-53283 Synology Router Manager 安全漏洞 — Synology Router Manager (SRM) 5.9 Medium2024-12-09
CVE-2024-53282 Synology Router Manager 安全漏洞 — Synology Router Manager (SRM) 5.9 Medium2024-12-09
CVE-2024-53281 Synology Router Manager 安全漏洞 — Synology Router Manager (SRM) 5.9 Medium2024-12-09
CVE-2024-53279 Synology Router Manager 跨站脚本漏洞 — Synology Router Manager (SRM) 5.9 Medium2024-12-09
CVE-2024-53280 Synology Router Manager 跨站脚本漏洞 — Synology Router Manager (SRM) 5.9 Medium2024-12-09
CVE-2024-12348 Guizhou Xiaoma Technology jpress Attachment Upload upload AttachmentUtils.isUnSafe cross site scripting — jpress 3.5 Low2024-12-09
CVE-2024-12346 Talentera byt_cv_manager cross site scripting — Talentera 3.5 Low2024-12-08
CVE-2024-47107 IBM QRadar SIEM cross-site scripting — QRadar SIEM 6.4 Medium2024-12-07
CVE-2024-11457 Feedpress Generator – External RSS Frontend Customizer <= 1.2.1 - Reflected Cross-Site Scripting — Feedpress Generator – External RSS Frontend Customizer 6.1 Medium2024-12-07
CVE-2024-11380 Mini Program API <= 1.4.5 - Authenticated (Contributor+) Stored Cross-Site Scripting — Mini Program API 6.4 Medium2024-12-07
CVE-2024-11464 Easy Code Snippets <= 1.0.2 - Reflected Cross-Site Scripting — Easy Code Snippets 6.1 Medium2024-12-07
CVE-2024-12128 Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal <= 3.1.2 - Reflected Cross-Site Scripting via monthly_sales_current_year Parameter — Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal 6.1 Medium2024-12-07
CVE-2024-11367 Smoove connector for Elementor forms <= 4.1.0 - Reflected Cross-Site Scripting — Smoove connector for Elementor forms 6.1 Medium2024-12-07
CVE-2024-11374 TWChat – Send or receive messages from users <= 4.0.4 - Reflected Cross-Site Scripting — TWChat – Send or receive messages from users 6.1 Medium2024-12-07
CVE-2024-12165 Mollie for Contact Form 7 <= 5.0.0 - Reflected Cross-Site Scripting — Mollie for Contact Form 7 6.1 Medium2024-12-07
CVE-2024-12167 Shortcodes Blocks Creator Ultimate <= 2.2.0 - Reflected Cross-Site Scripting via _wpnonce — Shortcodes Blocks Creator Ultimate 6.1 Medium2024-12-07

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21572 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.