Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21572

21572 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-54213 WordPress WordPress Page Builder – Zion Builder plugin <= 3.6.16 - Cross Site Scripting (XSS) vulnerability — ZionBuilder 6.5 Medium2024-12-06
CVE-2024-11339 Smart PopUp Blaster <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — Smart PopUp Blaster 6.4 Medium2024-12-06
CVE-2024-11204 ForumWP – Forum & Discussion Board <= 2.1.2 - Reflected Cross-Site Scripting via url Parameter — ForumWP – Forum & Discussion Board 6.1 Medium2024-12-06
CVE-2024-11823 Folder Gallery <= 1.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting — Folder Gallery 6.1 Medium2024-12-06
CVE-2024-11687 Next-Cart Store to WooCommerce Migration <= 3.9.2 - Reflected Cross-Site Scripting — Next-Cart Store to WooCommerce Migration 6.1 Medium2024-12-06
CVE-2024-11352 TwentyTwenty <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — TwentyTwenty 6.4 Medium2024-12-06
CVE-2024-9872 Online Booking & Scheduling Calendar for WordPress by vcita <= 4.5.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting — Online Booking & Scheduling Calendar for WordPress by vcita 5.4 Medium2024-12-06
CVE-2024-11276 PDF Builder for WooCommerce. Create invoices,packing slips and more <= 1.2.136 - Reflected Cross-Site Scripting — PDF Builder for WooCommerce. Create invoices,packing slips and more 6.1 Medium2024-12-06
CVE-2024-11450 ONLYOFFICE Docs <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — ONLYOFFICE Docs 6.4 Medium2024-12-06
CVE-2024-10320 Cookielay <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via cookielay Shortcode — Cookielay 6.4 Medium2024-12-06
CVE-2024-11368 Splash Sync <= 2.0.7 - Reflected Cross-Site Scripting — Splash Sync 6.1 Medium2024-12-06
CVE-2024-9866 Event Tickets with Ticket Scanner <= 2.4.4 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting — Event Tickets with Ticket Scanner 5.4 Medium2024-12-06
CVE-2024-10849 NewsMash <= 1.0.71 - Authenticated (Contributor+) Stored Cross-Site Scripting — NewsMash 6.4 Medium2024-12-06
CVE-2024-12060 WP Media Optimizer (.webp) <= 1.4.0 - Reflected Cross-Site Scripting via wpmowebp-css-resources and wpmowebp-js-resources Parameters — WP Media Optimizer (.webp) 6.1 Medium2024-12-06
CVE-2024-10879 ForumWP – Forum & Discussion Board <= 2.1.2 - Reflected Cross-Site Scripting — ForumWP – Forum & Discussion Board 6.1 Medium2024-12-06
CVE-2024-11201 myCred – Loyalty Points and Rewards plugin <= 2.7.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via mycred_send Shortcode — Points Management System For Gamification, Ranks, Badges, and Loyalty Rewards Program – myCred 6.4 Medium2024-12-06
CVE-2024-11379 Broadcast <= 51.01 - Reflected Cross-Site Scripting — Broadcast 6.1 Medium2024-12-06
CVE-2024-9769 Video Gallery <= 2.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting — Video Gallery – YouTube Gallery, Vimeo, Video Portfolio, Image Portfolio and Image Gallery 4.4 Medium2024-12-06
CVE-2024-10836 Flixita <= 1.0.82 - Reflected Cross-Site Scripting via id Parameter — Flixita 6.1 Medium2024-12-06
CVE-2024-12232 code-projects Simple CRUD Functionality index.php cross site scripting — Simple CRUD Functionality 3.5 Low2024-12-05
CVE-2024-10716 Pegasystem PEGA Platform 安全漏洞 — Pega Infinity 5.9 Medium2024-12-05
CVE-2024-6516 Cross Site Scripting XSS — ASPECT-Enterprise 9.0 Critical2024-12-05
CVE-2024-11324 Accounting for WooCommerce <= 1.6.6 - Reflected Cross-Site Scripting — Accounting for WooCommerce 6.1 Medium2024-12-05
CVE-2024-11779 WIP WooCarousel Lite <= 1.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting — WIP WooCarousel Lite 6.4 Medium2024-12-05
CVE-2024-10056 Contact Form Builder <= 4.10.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via livesite-pay Shortcode — Contact Form Builder by vcita 6.4 Medium2024-12-05
CVE-2024-10848 NewsMunch <= 1.0.35 - Authenticated (Contributor+) Stored Cross-Site Scripting — NewsMunch 6.4 Medium2024-12-05
CVE-2024-11420 Blocksy <= 2.0.77 - Authenticated (Contributor+) Stored Cross-Site Scripting — Blocksy 6.4 Medium2024-12-05
CVE-2024-10178 Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor <= 3.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown Widget — Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor 6.4 Medium2024-12-05
CVE-2024-10881 LUNA RADIO PLAYER <= 6.24.11.07 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — LUNA RADIO PLAYER 6.4 Medium2024-12-05
CVE-2024-12183 DedeCMS HTTP POST Request carbuyaction.php RemoveXSS cross site scripting — DedeCMS 3.5 Low2024-12-04

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21572 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.