Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21572

21572 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2023-3672 Cross-site Scripting (XSS) - DOM in plaidweb/webmention.js — plaidweb/webmention.js 6.1 -2023-07-14
CVE-2023-2082 Buy Me a Coffee – Button and Widget Plugin <= 3.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting — Buy Me a Coffee – Button and Widget Plugin 6.4 Medium2023-07-14
CVE-2023-37272 XSS vulnerability in JOC Cockpit branch 1.13 — joc-cockpit 6.3 Medium2023-07-13
CVE-2023-36473 CSP nonce reuse vulnerability in Discourse — discourse 6.8 Medium2023-07-13
CVE-2023-30564 Stored Cross-Site Scripting on Device Import Functionality — BD Alarisâ„¢ Systems Manager 6.9 Medium2023-07-13
CVE-2023-30563 Stored Cross-Site Scripting on User Import Functionality — BD Alarisâ„¢ Systems Manager 8.2 High2023-07-13
CVE-2023-3660 Campcodes Retro Cellphone Online Store add_user_modal.php cross site scripting — Retro Cellphone Online Store 2.4 Low2023-07-13
CVE-2023-3659 SourceCodester AC Repair and Services System cross site scripting — AC Repair and Services System 3.5 Low2023-07-13
CVE-2023-3319 XSS in iDisplays PlatPlay DS — PlatPlay DS 5.4 Medium2023-07-13
CVE-2023-3642 GZ Scripts Vacation Rental Website HTTP POST Request cross site scripting — Vacation Rental Website 4.3 Medium2023-07-12
CVE-2023-3641 khodakhah NodCMS POST Request blog-comment-4 cross site scripting — NodCMS 4.3 Medium2023-07-12
CVE-2023-38066 JetBrains TeamCity 跨站脚本漏洞 — TeamCity 4.6 Medium2023-07-12
CVE-2023-38065 JetBrains TeamCity 跨站脚本漏洞 — TeamCity 4.6 Medium2023-07-12
CVE-2023-38063 JetBrains TeamCity 跨站脚本漏洞 — TeamCity 4.6 Medium2023-07-12
CVE-2023-38061 JetBrains TeamCity 跨站脚本漏洞 — TeamCity 4.6 Medium2023-07-12
CVE-2023-3087 FluentSMTP <= 2.2.4 - Unauthenticated Stored Cross-Site Scripting via Email Subject — FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider 7.2 High2023-07-12
CVE-2023-3081 WP Mail Logging <= 1.11.1 - Unauthenticated Stored Cross-Site Scripting via Email — WP Mail Logging 7.2 High2023-07-12
CVE-2023-3167 Mail Queue <= 1.1 - Unauthenticated Stored Cross-Site Scripting via Email Subject — Mail Queue 7.2 High2023-07-12
CVE-2023-3166 Lana Email Logger <= 1.0.2 - Unauthenticated Stored Cross-Site Scripting via Email Subject — Lana Email Logger 7.2 High2023-07-12
CVE-2023-3369 About Me 3000 widget <= 2.2.6 - Authenticated (Administrator+) Stored Cross-Site Scripting — About Me 3000 widget 4.4 Medium2023-07-12
CVE-2023-3092 SMTP Mail <= 1.3.46 - Unauthenticated Stored Cross-Site Scripting via Email Subject — SMTP Mail 7.2 High2023-07-12
CVE-2023-3088 WP Mail Log <= 1.1.1 - Unauthenticated Stored Cross-Site Scripting via Email — WP Mail Log 7.2 High2023-07-12
CVE-2023-3158 Mail Control <= 0.2.8 - Unauthenticated Stored Cross-Site Scripting via Email Subject — Mail Control – Email Customizer, SMTP Deliverability, logging, open and click Tracking 7.2 High2023-07-12
CVE-2023-3082 Post SMTP <= 2.5.7 - Unauthenticated Stored Cross-Site Scripting via Email — Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App 7.2 High2023-07-12
CVE-2023-3168 WP Reroute Email <= 1.4.9 - Unauthenticated Stored Cross-Site Scripting via Email Subject — WP Reroute Email 7.2 High2023-07-12
CVE-2023-3093 YaySMTP <= 2.4.5 - Unauthenticated Stored Cross-Site Scripting via Email — YaySMTP and Email Logs: Amazon SES, SendGrid, Outlook, Mailgun, Brevo, Google and Any SMTP Service 7.2 High2023-07-12
CVE-2023-3135 Mailtree Log Mail <= 1.0.0 - Unauthenticated Stored Cross-Site Scripting via Email Subject — Mailtree Log Mail 7.2 High2023-07-12
CVE-2023-3080 WP Mail Catcher <= 2.1.2 - Unauthenticated Stored Cross-Site Scripting via Email Subject — Mail logging – WP Mail Catcher 7.2 High2023-07-12
CVE-2023-3122 GD Mail Queue <= 3.9.3 - Unauthenticated Stored Cross-Site Scripting via Email — GD Mail Queue 7.2 High2023-07-12
CVE-2023-23756 Extension - advcomsys.com - XSS in oneVote component for Joomla <= 1.7.0 — oneVote component for Joomla 6.1 -2023-07-11

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21572 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.