Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21573

21573 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-49502 Reflected XSS in Setup Wizard, HTTP Proxy credentials pane in spacewalk-web — Container suse/manager/5.0/x86_64/server:5.0.2.7.8.1 3.5 Low2024-11-28
CVE-2024-49503 Reflected XSS in Setup Wizard, Organization Credentials in spacewalk-web — Container suse/manager/5.0/x86_64/server:5.0.2.7.8.1 3.5 Low2024-11-28
CVE-2024-52283 SUSE hackweek 跨站脚本漏洞 — hackweek 5.7 Medium2024-11-28
CVE-2024-11684 Kudos Donations – Easy donations and payments with Mollie <= 3.2.9 - Reflected Cross-Site Scripting — Kudos Donations: Easy Donations with Mollie | One-off & Recurring | PDF Invoices | Buttons & Forms 6.1 Medium2024-11-28
CVE-2024-11786 Login with Vipps and MobilePay <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — Login with Vipps and MobilePay 6.4 Medium2024-11-28
CVE-2024-11458 FAQ Builder AYS <= 1.7.1 - Reflected Cross-Site Scripting — FAQ Builder AYS 6.1 Medium2024-11-28
CVE-2024-11685 Kudos Donations – Easy donations and payments with Mollie <= 3.2.9 - Reflected Cross-Site Scripting via 'add_query_arg' — Kudos Donations: Easy Donations with Mollie | One-off & Recurring | PDF Invoices | Buttons & Forms 6.1 Medium2024-11-28
CVE-2024-11366 SEO Landing Page Generator <= 1.66.2 - Reflected Cross-Site Scripting — SEO Landing Page Generator 6.1 Medium2024-11-28
CVE-2024-11333 HLS Player <= 1.0.10 - Authenticated (Contributor+) Stored Cross-Site Scripting — HLS Player 6.4 Medium2024-11-28
CVE-2024-11431 Ragic Shortcode <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — Ragic Shortcode 6.4 Medium2024-11-28
CVE-2024-11203 EmbedPress – Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor <= 4.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'provider_name' — EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more 6.4 Medium2024-11-28
CVE-2024-11788 StreamWeasels YouTube Integration <= 1.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting — StreamWeasels YouTube Integration 6.4 Medium2024-11-28
CVE-2024-11761 LegalWeb Cloud <= 1.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — LegalWeb Cloud 6.4 Medium2024-11-28
CVE-2024-10175 Pricing Tables For WPBakery Page Builder (formerly Visual Composer) <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via wdo_pricing_tables Shortcode — Pricing Tables For WPBakery Page Builder (formerly Visual Composer) 6.4 Medium2024-11-27
CVE-2024-10895 Counter Up – Animated Number Counter & Milestone Showcase <= 2.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Counter Up – Animated Number Counter & Milestone Showcase 6.4 Medium2024-11-27
CVE-2024-11820 code-projects Crud Operation System add.php cross site scripting — Crud Operation System 3.5 Low2024-11-27
CVE-2024-11742 SourceCodester Best House Rental Management System ajax.php cross site scripting — Best House Rental Management System 3.5 Low2024-11-26
CVE-2024-49053 Microsoft Dynamics 365 Sales Spoofing Vulnerability — Dynamics 365 Sales for Android 7.6 High2024-11-26
CVE-2024-49038 Microsoft Copilot Studio Elevation Of Privilege Vulnerability — Microsoft Copilot Studio 9.3 Critical2024-11-26
CVE-2024-10878 Sugar Calendar (Lite) <= 3.3.0 - Reflected Cross-Site Scripting — Sugar Calendar – Events Calendar, Event Tickets, and Events Management Platform 6.1 Medium2024-11-26
CVE-2024-8236 Elementor Website Builder – More than Just a Page Builder <= 3.25.7 - Authenticated (Contributor+) Stored Cross-Site Scripting — Elementor Website Builder – more than just a page builder 6.4 Medium2024-11-26
CVE-2023-2142 Nunjucks autoescape bypass leads to cross site scripting — Nunjucks 6.1 -2024-11-26
CVE-2024-10308 Jeg Elementor Kit <= 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via JKit - Countdown Widget — Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress 6.4 Medium2024-11-26
CVE-2024-11032 Parsi Date <= 5.1.1 - Reflected Cross-Site Scripting via add_query_arg Parameter — پارسی دیت – Parsi Date 6.1 Medium2024-11-26
CVE-2024-11091 Support SVG – Upload svg files in wordpress without hassle <= 1.1.0 - Authenticated (Author+) Stored Cross-site Scripting via SVG File Upload — Support SVG – Upload svg files in wordpress without hassle 6.4 Medium2024-11-26
CVE-2024-11119 BNE Gallery Extended <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via gallery Shortcode — BNE Gallery Extended 6.4 Medium2024-11-26
CVE-2024-11192 Spotify Play Button for WordPress <= 2.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via spotifyplaybutton Shortcode — Sp*tify Play Button for WordPress 6.4 Medium2024-11-26
CVE-2024-9170 Booster for WooCommerce <= 7.2.3 - Authenticated (ShopManager+) Stored Cross-Site Scripting via wcj_product_meta Shortcode — Booster for WooCommerce – PDF Invoices, Abandoned Cart, Variation Swatches & 100+ Tools 5.5 Medium2024-11-26
CVE-2024-36249 Sharp MFP和Toshiba MFP 跨站脚本漏洞 — Multiple MFPs (multifunction printers) 7.4 High2024-11-26
CVE-2024-11202 Multiple Plugins <= (Various Versions) - Reflected Cross-Site Scripting via cminds_free_guide Shortcode — CM Header and Footer – Add custom scripts and styles to your header and footer with ease 6.1 Medium2024-11-26

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21573 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.