Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21572

21572 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-12182 DedeCMS soft_add.php cross site scripting — DedeCMS 3.5 Low2024-12-04
CVE-2024-12181 DedeCMS SWF File uploads_add.php cross site scripting — DedeCMS 3.5 Low2024-12-04
CVE-2024-12180 DedeCMS article_add.php cross site scripting — DedeCMS 3.5 Low2024-12-04
CVE-2024-40745 Extension - tassos.gr - Reflected Cross site scripting vulnerability in Convert Forms component for Joomla < 4.4.8 — Convert Forms component for Joomla 6.1 -2024-12-04
CVE-2024-11935 Email Address Obfuscation <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via class Parameter — Email Address Obfuscation 6.4 Medium2024-12-04
CVE-2024-8962 WPBITS Addons For Elementor Page Builder <= 1.5.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload — WPBITS Addons For Elementor Page Builder 6.4 Medium2024-12-04
CVE-2024-11854 Listdom – Business Directory and Classified Ads Listings WordPress Plugin <= 3.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode Parameter — Listdom: AI-powered Business Directory with Classifieds Ads Listings 6.4 Medium2024-12-04
CVE-2024-11814 Additional Custom Order Status for WooCommerce <= 1.6.0 - Reflected Cross-Site Scripting — Additional Custom Order Status for WooCommerce 6.1 Medium2024-12-04
CVE-2024-5020 Multiple Plugins <= (Various Versions) - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library — Colibri Page Builder 6.4 Medium2024-12-04
CVE-2024-11880 B Testimonial – testimonial plugin for WP <= 1.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — B Testimonial – Customer Testimonials in Custom Layouts 6.4 Medium2024-12-04
CVE-2024-11903 WP eCards <= 1.3.904 - Authenticated (Contributor+) Stored Cross-Site Scripting — WP eCards – Branded Digital Greeting Cards 6.4 Medium2024-12-04
CVE-2023-6978 WP Job Manager – Company Profiles <= 1.7 - Reflected Cross-Site Scripting — WP Job Manager – Company Profiles 6.1 Medium2024-12-04
CVE-2024-11769 Flower Delivery by Florist One <= 3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting — Flower Delivery by Florist One 6.4 Medium2024-12-04
CVE-2024-11466 Intro Tour Tutorial DeepPresentation <= 6.5.2 - Reflected Cross-Site Scripting — Intro Tour Tutorial DeepPresentation 6.1 Medium2024-12-04
CVE-2024-45717 SolarWinds Platform Cross- Site Scripting Vulnerability — SolarWinds Platform 7.0 High2024-12-04
CVE-2024-10885 SearchIQ – The Search Solution <= 4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting — SearchIQ – The Search Solution 6.4 Medium2024-12-04
CVE-2024-11807 NPS computy <= 2.8.0 - Reflected Cross-Site Scripting — NPS computy 6.1 Medium2024-12-04
CVE-2024-11747 Responsive Videos <= 2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Responsive Videos 6.4 Medium2024-12-04
CVE-2024-11897 Contact Form, Survey & Form Builder – MightyForms <= 1.3.9 - Authenticated (Contributor+) Stored Cross-Site Scripting — Contact Form, Survey & Form Builder – MightyForms 6.4 Medium2024-12-04
CVE-2024-11093 SG Helper <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via SVG File Upload — SG Helper 5.5 Medium2024-12-04
CVE-2024-10832 Posti Shipping <= 3.10.3 - Reflected Cross-Site Scripting — Posti Shipping 6.1 Medium2024-12-04
CVE-2024-11479 Authenticated HTML Injection in Issuetrak Ticket Comment Function — Issuetrak 4.6 -2024-12-04
CVE-2024-53257 Vitess allows HTML injection in /debug/querylogz & /debug/env — vitess 4.9 Medium2024-12-03
CVE-2024-53999 Mobile Security Framework (MobSF) Stored Cross-Site Scripting Vulnerability in "Diff or Compare" Functionality — Mobile-Security-Framework-MobSF 8.1 High2024-12-03
CVE-2024-11200 Goodlayers Core <= 2.0.7 - Reflected Cross-Site Scripting via 'font-family' — Goodlayers Core 6.1 Medium2024-12-03
CVE-2024-11326 Campaign Monitor Forms by Optin Cat <= 2.5.7 - Reflected Cross-Site Scripting — Campaign Monitor Forms by Optin Cat 6.1 Medium2024-12-03
CVE-2024-11782 WP Mailster <= 1.8.17.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — WP Mailster 6.4 Medium2024-12-03
CVE-2024-11325 AWeber Forms by Optin Cat <= 2.5.7 - Reflected Cross-Site Scripting — AWeber Forms by Optin Cat 5.2 Medium2024-12-03
CVE-2024-11866 BMLT Tabbed Map <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting — BMLT Tabbed Map 6.4 Medium2024-12-03
CVE-2024-11805 Quick License Manager – WooCommerce Plugin <= 2.4.17 - Reflected Cross-Site Scripting — Quick License Manager – WooCommerce Plugin 6.1 Medium2024-12-03

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21572 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.