Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21551

21551 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2019-25144 WP HTML Mail < 2.2.11 - HTML injection — WP Email Template 5.4 Medium2023-06-07
CVE-2021-4363 WP Quick FrontEnd Editor <= 5.5 - Reflected Cross-Site Scripting — WP Quick FrontEnd Editor – WordPress Plugin 6.1 Medium2023-06-07
CVE-2019-25140 Coming Soon Page & Maintenance Mode <= 1.8.1 - Stored Cross Site Scripting — Coming Soon Page & Maintenance Mode 7.2 High2023-06-07
CVE-2021-4358 WP DSGVO Tools (GDPR) <= 3.1.23 - Unauthenticated Stored Cross-Site Scripting — WP DSGVO Tools (GDPR) 7.2 High2023-06-07
CVE-2020-36711 Avada <= 6.2.2 - Authenticated (Contributor+) Cross-Site Scripting — Avada | Website Builder For WordPress & WooCommerce 6.4 Medium2023-06-07
CVE-2020-36709 Page Builder: KingComposer < 2.9.4 - Stored Cross-Site Scripting — Page Builder: KingComposer – Free Drag and Drop page builder by King-Theme 5.5 Medium2023-06-07
CVE-2020-36704 Fruitful < 3.8.2 - Stored Cross-Site Scripting — Fruitful 6.4 Medium2023-06-07
CVE-2020-36703 Elementor Website Builder <= 2.9.7 - Authenticated Stored Cross-Site Scripting — Elementor Website Builder – more than just a page builder 6.4 Medium2023-06-07
CVE-2023-3142 Cross-site Scripting (XSS) - Stored in microweber/microweber — microweber/microweber 4.8 -2023-06-07
CVE-2023-33977 Stored cross site scripting (XSS) via unrestricted file upload in Kiwi TCMS — Kiwi 8.1 High2023-06-06
CVE-2022-46165 Cross-site Scripting (XSS) in Web GUI in syncthing — syncthing 4.6 Medium2023-06-06
CVE-2017-20185 Fuzzy SWMP GET Parameter swmp.php cross site scripting — SWMP 3.5 Low2023-06-06
CVE-2015-10117 Gravity Forms DPS PxPay Plugin cross site scripting — Gravity Forms DPS PxPay Plugin 3.5 Low2023-06-06
CVE-2023-34103 Stored XSS (Cross Site Scripting) in html content based fields of avo — avo 7.3 High2023-06-05
CVE-2023-33969 Stored Cross site scripting in the Task External Link Functionality in Kanboard — kanboard 6.4 Medium2023-06-05
CVE-2014-125105 Broken Link Checker Plugin Settings Page core.php options_page cross site scripting — Broken Link Checker Plugin 2.4 Low2023-06-05
CVE-2023-3109 Cross-site Scripting (XSS) - Stored in admidio/admidio — admidio/admidio 5.4 -2023-06-05
CVE-2013-10028 EELV Newsletter Plugin lettreinfo.php style_newsletter cross site scripting — EELV Newsletter Plugin 3.5 Low2023-06-04
CVE-2023-32582 WordPress Don8 Plugin <= 0.4 is vulnerable to Cross Site Scripting (XSS) — Don8 5.9 Medium2023-06-03
CVE-2023-3085 X-WRT luci 404 Error Template dispatcher.uc run_action cross site scripting — luci 3.5 Low2023-06-03
CVE-2023-2404 CRM and Lead Management by vcita <= 2.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting — CRM and Lead Management by vcita 6.4 Medium2023-06-03
CVE-2023-2298 Online Booking & Scheduling Calendar for WordPress by vcita <= 4.3.0 - Unauthenticated Stored Cross-Site Scripting — Online Booking & Scheduling Calendar for WordPress by vcita 7.2 High2023-06-03
CVE-2023-2302 Contact Form and Calls To Action by vcita <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting — Contact Form and Calls To Action by vcita 6.4 Medium2023-06-03
CVE-2023-2406 Event Registration Calendar By vcita <= 1.3.1 & Online Payments – Get Paid with PayPal, Square & Stripe <= 3.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Event Registration Calendar By vcita 6.4 Medium2023-06-03
CVE-2023-2300 Contact Form Builder by vcita <= 4.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Contact Form Builder by vcita 6.4 Medium2023-06-03
CVE-2023-3083 Cross-site Scripting (XSS) - Stored in nilsteampassnet/teampass — nilsteampassnet/teampass 5.4 -2023-06-03
CVE-2023-3084 Cross-site Scripting (XSS) - Stored in nilsteampassnet/teampass — nilsteampassnet/teampass 5.4 -2023-06-03
CVE-2023-3086 Cross-site Scripting (XSS) - Stored in nilsteampassnet/teampass — nilsteampassnet/teampass 5.4 -2023-06-03
CVE-2023-3051 Page Builder by AZEXO <= 1.27.133 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Page Builder with Image Map by AZEXO 6.4 Medium2023-06-02
CVE-2023-3060 code-projects Agro-School Management System btn_functions.php doAddQuestion cross site scripting — Agro-School Management System 3.5 Low2023-06-02

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21551 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.