CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21535

21535 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2022-39277	Cross-Site Scripting (XSS) in external links in GLPI — glpi	4.5	Medium	2022-11-03
CVE-2022-39372	Stored Cross-Site Scripting (XSS) in user information in GLPI — glpi	3.5	Low	2022-11-03
CVE-2022-39373	Stored Cross-Site Scripting (XSS) in entity name in GLPI — glpi	4.9	Medium	2022-11-03
CVE-2022-39375	Cross-Site Scripting (XSS) through public RSS feed in GLPI — glpi	4.5	Medium	2022-11-03
CVE-2022-44586	WordPress AM-HiLi plugin <= 1.0 - Auth. Stored Cross-Site Scripting (XSS) vulnerability — AM-HiLi (WordPress plugin)	4.8	Medium	2022-11-02
CVE-2022-44576	WordPress AgentEasy Properties plugin <= 1.0.4 - Auth. Stored Cross-Site Scripting (XSS) vulnerability — AgentEasy Properties (WordPress plugin)	4.8	Medium	2022-11-02
CVE-2022-43670	XSS in Sling CMS Reference App Taxonomy Path — Apache Sling App CMS	5.4	-	2022-11-02
CVE-2022-43982	Apache Airflow prior to 2.4.2 allows reflected XSS via Origin Query Argument in URL — Apache Airflow	6.1	-	2022-11-02
CVE-2022-40190	SAUTER Controls moduWeb 跨站脚本漏洞 — moduWeb	8.8	High	2022-10-31
CVE-2022-40290	Reflected cross-site scripting in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC. — PHP Point of Sale	6.1	-	2022-10-31
CVE-2022-40287	Stored cross-site scripting in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC via user profile data fields. — PHP Point of Sale	9.0	-	2022-10-31
CVE-2022-40289	Stored cross-site scripting in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC via file upload and download functionality. — PHP Point of Sale	9.0	-	2022-10-31
CVE-2022-39020	Cross-site scripting in Schoolbox version 21.0.2, by Schoolbox Pty Ltd — Schoolbox	7.6	High	2022-10-31
CVE-2022-40288	Stored cross-site scripting in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC via messaging functionality — PHP Point of Sale	9.0	-	2022-10-31
CVE-2022-41679	Cross-site scripting in Forma LMS version — Forma LMS	4.7	Medium	2022-10-31
CVE-2022-40739	Ragic, Inc. Ragic - Reflected XSS — Ragic	5.4	Medium	2022-10-31
CVE-2022-39027	e-Excellence Inc. U-Office Force - Stored XSS — U-Office Force	5.4	Medium	2022-10-31
CVE-2022-39026	e-Excellence Inc. U-Office Force - Stored XSS — U-Office Force	5.4	Medium	2022-10-31
CVE-2022-39025	e-Excellence Inc. U-Office Force - Reflected XSS — U-Office Force	6.1	Medium	2022-10-31
CVE-2022-39024	e-Excellence Inc. U-Office Force - Reflected XSS — U-Office Force	6.1	Medium	2022-10-31
CVE-2022-2167	Newspaper < 12 - Reflected Cross-Site Scripting — Newspaper	6.1	-	2022-10-31
CVE-2022-2190	Envira Gallery Lite < 1.8.4.7 - Reflected Cross-Site Scripting — Gallery Plugin for WordPress – Envira Photo Gallery	6.1	-	2022-10-31
CVE-2022-2627	Newspaper < 12 - Reflected Cross-Site Scripting — Newspaper	6.1	-	2022-10-31
CVE-2022-3237	WP Contact Slider < 2.4.8 - Admin+ Stored Cross-Site Scripting — WP Contact Slider	4.8	-	2022-10-31
CVE-2022-3408	WP Word Count <= 3.2.3 - Admin+ Stored Cross-Site Scripting — WP Word Count	4.8	-	2022-10-31
CVE-2022-3420	Official Integration for Billingo < 3.4.0 - ShopManager+ Stored XSS — Official Integration for Billingo	4.8	-	2022-10-31
CVE-2022-3440	Rock Convert < 2.6.0 - Reflected Cross-Site Scripting — Rock Convert	6.1	-	2022-10-31
CVE-2022-3441	Rock Convert < 2.11.0 - Admin+ Stored Cross-Site Scripting — Rock Convert	4.8	-	2022-10-31
CVE-2022-3765	Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq — thorsten/phpmyfaq	5.4	-	2022-10-31
CVE-2022-3766	Cross-site Scripting (XSS) - Reflected in thorsten/phpmyfaq — thorsten/phpmyfaq	6.1	-	2022-10-31

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21535 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21535