Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21573

21573 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-11438 StreamWeasels Online Status Bar <= 2.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting — StreamWeasels Online Status Bar 6.4 Medium2024-11-21
CVE-2024-10623 ForumEngine <= 1.8 - Reflected Cross-Site Scripting — ForumEngine 6.1 Medium2024-11-21
CVE-2024-9371 Branda – White Label & Branding, Custom Login Page Customizer <= 3.4.19 - Reflected Cross-Site Scripting — Branda – White Label & Branding, Free Login Page Customizer 6.1 Medium2024-11-21
CVE-2024-10785 Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — Kadence Blocks — Page Builder Toolkit for Gutenberg Editor 6.4 Medium2024-11-21
CVE-2024-11440 Grey Owl Lightbox <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Grey Owl Lightbox 6.4 Medium2024-11-21
CVE-2024-10177 Beds24 Online Booking <= 2.0.27 - Authenticated (Contributor+) Stored Cross-Site Scripting via beds24-link Shortcode — Beds24 Online Booking 6.4 Medium2024-11-21
CVE-2024-11365 Crypto and DeFi Widgets – Web3 Cryptocurrency Shortcodes <= 1.1.6 - Reflected Cross-Site Scripting — Crypto and DeFi Widgets – Web3 Cryptocurrency Shortcodes 6.1 Medium2024-11-21
CVE-2024-10172 WPBakery Visual Composer WHMCS Elements <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via void_wbwhmcse_laouts_search Shortcode — Innovs WPBakery Visual Composer WHMCS Elements 6.4 Medium2024-11-21
CVE-2024-11385 Pure CSS Circle Progress bar <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — Pure CSS Circle Progress bar 6.4 Medium2024-11-21
CVE-2024-9442 F4 Improvements <= 1.9.0 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload — F4 Improvements 6.4 Medium2024-11-21
CVE-2024-11388 Dino Game – Embed Google Chrome Dinosaur Game in WordPress <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Dino Game – Embed Google Chrome Dinosaur Game in your website 6.4 Medium2024-11-21
CVE-2024-11424 Slick Sitemap <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Slick Sitemap 6.4 Medium2024-11-21
CVE-2024-11360 Page Parts <= 1.4.3 - Reflected Cross-Site Scripting — Page Parts 6.1 Medium2024-11-21
CVE-2024-10522 Co-marquage service-public.fr <= 0.5.76 - Reflected Cross-Site Scripting via add_query_arg Parameter — Co-marquage service-public.fr 6.1 Medium2024-11-21
CVE-2024-11412 Shine PDF Embeder <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Shine PDF Embeder 6.4 Medium2024-11-21
CVE-2024-11435 salavat counter Plugin <= 0.9.4 - Reflected Cross-Site Scripting — salavat counter Plugin 6.1 Medium2024-11-21
CVE-2024-11432 SuevaFree Essential Kit <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — SuevaFree Essential Kit 6.4 Medium2024-11-21
CVE-2024-11428 Lazy load videos and sticky control <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Lazy load videos and sticky control 6.4 Medium2024-11-21
CVE-2024-11370 Subaccounts for WooCommerce <= 1.6.0 - Reflected Cross-Site Scripting — Subaccounts for WooCommerce 6.1 Medium2024-11-21
CVE-2024-9111 Product Designer <= 1.0.36 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload — PickPlugins Product Designer for WooCommerce 6.4 Medium2024-11-21
CVE-2024-11455 Include Mastodon Feed <= 1.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting — Include Mastodon Feed 6.4 Medium2024-11-21
CVE-2024-11414 RecipePress Reloaded <= 2.12.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — RecipePress Reloaded 6.4 Medium2024-11-21
CVE-2024-10164 Premium Packages - Sell Digital Products Securely <= 5.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpdmpp_pay_link Shortcode — Premium Packages – Sell Digital Products Securely 6.4 Medium2024-11-21
CVE-2024-9851 LSX Tour Operator <= 1.4.9 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload — Tour Operator 6.4 Medium2024-11-21
CVE-2024-10682 Bulletin Announcements <= 3.11.7 - Reflected Cross-Site Scripting — Announcement & Notification Banner – Bulletin 6.1 Medium2024-11-21
CVE-2024-11447 Community by PeepSo – Social Network, Membership, Registration, User Profiles, Premium – Mobile App <=7.0.3.0 - Reflected Cross-Site Scripting — Community by PeepSo – Download from PeepSo.com 6.1 Medium2024-11-21
CVE-2024-11493 115cms pageAE.html cross site scripting — 115cms 3.5 Low2024-11-20
CVE-2024-11492 115cms appurladd.html cross site scripting — 115cms 3.5 Low2024-11-20
CVE-2024-11491 115cms useradmin.html cross site scripting — 115cms 3.5 Low2024-11-20
CVE-2024-11490 115cms set.html cross site scripting — 115cms 3.5 Low2024-11-20

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21573 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.