CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21572

21572 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2024-11853	jAlbum Bridge <= 2.0.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via ar Parameter — jAlbum Bridge	6.4	Medium	2024-12-03
CVE-2024-11461	Form Data Collector <= 2.2.3 - Reflected Cross-Site Scripting — Form Data Collector	6.1	Medium	2024-12-03
CVE-2024-11898	Scratch & Win – Giveaways and Contests <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting — Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more	6.4	Medium	2024-12-03
CVE-2024-11707	My auctions allegro <= 3.6.17 - Reflected Cross-Site Scripting — My auctions allegro	6.1	Medium	2024-12-03
CVE-2024-11453	WordPress Pinterest Plugin – Make a Popup, User Profile, Masonry and Gallery Layout <= 1.8.8 - Authenticated (Contributor+) Stored Cross-Site Scripting — GS Pinterest Portfolio – Pins Grid, Masonry, User Profile, Popup & Board Widgets	6.4	Medium	2024-12-03
CVE-2024-9058	Element Pack Elementor Addons <= 5.10.5 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting via Lightbox Widget — Element Pack – Widgets, Templates & Addons for Elementor	6.4	Medium	2024-12-03
CVE-2024-10484	Spectra – WordPress Gutenberg Blocks <= 2.16.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Widget — Spectra Gutenberg Blocks – Website Builder for the Block Editor	6.4	Medium	2024-12-03
CVE-2024-9694	CMSMasters Elementor Addon <= 1.14.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets — CMSMasters Elementor Addon	6.4	Medium	2024-12-03
CVE-2024-53985	Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0 — rails-html-sanitizer	6.1	-	2024-12-02
CVE-2024-53987	Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0 — rails-html-sanitizer	6.1	-	2024-12-02
CVE-2024-53986	Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0 — rails-html-sanitizer	6.1	-	2024-12-02
CVE-2024-53988	Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0 — rails-html-sanitizer	6.1	-	2024-12-02
CVE-2024-53989	Possible XSS vulnerability with certain configurations of rails-html-sanitizer 1.6.0 — rails-html-sanitizer	6.1	-	2024-12-02
CVE-2024-5890	HTML Injection in the Assessment plugin — Now Platform	4.3	Medium	2024-12-02
CVE-2024-51900	WordPress What Would Seth Godin Do plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability — What Would Seth Godin Do	5.9	Medium	2024-12-02
CVE-2024-52452	WordPress Open edX LMS plugin <= 2.6.1 - Reflected Cross Site Scripting (XSS) vulnerability — Open edX LMS	7.1	High	2024-12-02
CVE-2024-52454	WordPress GoQMieruca plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability — GoQMieruca	7.1	High	2024-12-02
CVE-2024-52453	WordPress Library Bookshelves plugin <= 5.8 - Reflected Cross Site Scripting (XSS) vulnerability — Library Bookshelves	7.1	High	2024-12-02
CVE-2024-52456	WordPress Awesome Studio plugin <= 2.4.4 - Reflected Cross Site Scripting (XSS) vulnerability — Awesome Studio	7.1	High	2024-12-02
CVE-2024-52455	WordPress GoQSmile plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability — GoQSmile	7.1	High	2024-12-02
CVE-2024-52458	WordPress TM Islamic Helper plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability — TM Islamic Helper	7.1	High	2024-12-02
CVE-2024-52457	WordPress Youneeq Recommendations plugin <= 3.0.7 - Reflected Cross Site Scripting (XSS) vulnerability — Youneeq Recommendations	7.1	High	2024-12-02
CVE-2024-52459	WordPress Chameleoni Jobs plugin <= 2.5.4 - Reflected Cross Site Scripting (XSS) vulnerability — Chameleoni Jobs	7.1	High	2024-12-02
CVE-2024-52461	WordPress Infinite Slider plugin <= 2.0.1 - Reflected Cross Site Scripting (XSS) vulnerability — Infinite Slider	7.1	High	2024-12-02
CVE-2024-52460	WordPress AtaraPay WooCommerce Payment Gateway plugin <= 2.0.13 - Reflected Cross Site Scripting (XSS) vulnerability — AtaraPay WooCommerce Payment Gateway	7.1	High	2024-12-02
CVE-2024-52463	WordPress Post By Email plugin <= 1.0.4b - Reflected Cross Site Scripting (XSS) vulnerability — Post By Email	7.1	High	2024-12-02
CVE-2024-52462	WordPress WP e-Commerce Style Email plugin <= 0.6.2 - Reflected Cross Site Scripting (XSS) vulnerability — WP e-Commerce Style Email	7.1	High	2024-12-02
CVE-2024-52464	WordPress amr shortcodes plugin <= 1.7 - Reflected Cross Site Scripting (XSS) vulnerability — amr shortcodes	7.1	High	2024-12-02
CVE-2024-52465	WordPress LGPD Framework plugin <= 2.0.2 - Reflected Cross Site Scripting (XSS) vulnerability — LGPD Framework	7.1	High	2024-12-02
CVE-2024-52467	WordPress AI Responsive Gallery Album plugin <= 1.4 - Reflected Cross Site Scripting (XSS) vulnerability — AI Responsive Gallery Album	7.1	High	2024-12-02

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21572 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21572