Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21535

21535 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2022-4560 Joget wflow-core UniversalTheme.java getInternalJsCssLib cross site scripting — Joget 3.5 Low2022-12-16
CVE-2022-4519 WP User <= 7.0 - Authenticated (Administrator+) Stored Cross-Site Scripting — WP User – Custom Registration Forms, Login and User Profile 5.5 Medium2022-12-15
CVE-2022-4502 Cross-site Scripting (XSS) - Reflected in openemr/openemr — openemr/openemr 6.1 -2022-12-15
CVE-2022-4503 Cross-site Scripting (XSS) - Generic in openemr/openemr — openemr/openemr 5.4 -2022-12-15
CVE-2022-4521 WSO2 carbon-registry Request Parameter cross site scripting — carbon-registry 3.5 Low2022-12-15
CVE-2022-4524 Roots soil Plugin CleanUpModule.php language_attributes cross site scripting — soil Plugin 3.5 Low2022-12-15
CVE-2022-4525 National Sleep Research Resource sleepdata.org cross site scripting — sleepdata.org 3.5 Low2022-12-15
CVE-2022-4527 collective.task table.py AssignedGroupColumn cross site scripting — collective.task 3.5 Low2022-12-15
CVE-2022-4410 Permalink Manager Lite <= 2.2.20.3 - Authenticated Stored Cross-Site Scripting — Permalink Manager Lite 6.4 Medium2022-12-14
CVE-2022-23520 rails-html-sanitizer contains an incomplete fix for an XSS vulnerability — rails-html-sanitizer 6.1 Medium2022-12-14
CVE-2022-23519 Possible XSS vulnerability with certain configurations of rails-html-sanitizer — rails-html-sanitizer 7.2 High2022-12-14
CVE-2022-23518 Improper neutralization of data URIs allows XSS in rails-html-sanitizer — rails-html-sanitizer 6.1 -2022-12-14
CVE-2022-23515 Improper neutralization of data URIs may allow XSS in Loofah — loofah 6.1 Medium2022-12-14
CVE-2022-3073 Quaonos Schema ST4 example templates prone to XSS — Schema ST4 example web templates 6.1 Medium2022-12-14
CVE-2022-4495 collective.dms.basecontent column.py renderCell cross site scripting — collective.dms.basecontent 3.5 Low2022-12-14
CVE-2022-23499 Cross-Site Scripting Protection bypass in HTML Sanitizer — html-sanitizer 6.1 Medium2022-12-13
CVE-2022-41266 SAP Commerce跨站脚本漏洞 — Commerce Webservices 2.0 (Swagger UI) 8.0 High2022-12-13
CVE-2022-4455 sproctor php-calendar index.php cross site scripting — php-calendar 3.5 Low2022-12-13
CVE-2022-44575 Siemens PLM Help Server 跨站脚本漏洞 — PLM Help Server V4.2 6.1 -2022-12-13
CVE-2022-41262 SAP NetWeaver AS 跨站脚本漏洞 — NetWeaver AS for Java (Http Provider Service) 6.1 Medium2022-12-12
CVE-2022-4407 Cross-site Scripting (XSS) - Reflected in thorsten/phpmyfaq — thorsten/phpmyfaq 6.1 -2022-12-11
CVE-2022-4408 Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq — thorsten/phpmyfaq 5.4 -2022-12-11
CVE-2022-4413 Cross-site Scripting (XSS) - Reflected in nuxt/framework — nuxt/framework 6.1 -2022-12-11
CVE-2022-4414 Cross-site Scripting (XSS) - DOM in nuxt/framework — nuxt/framework 6.1 -2022-12-11
CVE-2022-41299 IBM Cloud Transformation Advisor cross-site scripting — Cloud Transformation Advisor 4.4 Medium2022-12-09
CVE-2022-4336 BAOTA 跨站脚本漏洞 — Baota 5.4 -2022-12-09
CVE-2022-41947 Cross-site Scripting with user-uploaded files in dhis2-core — dhis2-core 5.4 Medium2022-12-08
CVE-2022-23494 Cross-site scripting vulnerability in TinyMCE alerts — tinymce 5.4 Medium2022-12-08
CVE-2022-38754 CVE-2022-38754 - Micro Focus Operations Bridge Manager and OpsBridge Containerized - Cross Site Scripting (XSS) — Micro Focus Operations Bridge Manager 8.0 High2022-12-08
CVE-2022-41735 IBM Business Process Manager cross-site scripting — Business Process Manager 5.4 Medium2022-12-07

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21535 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.