CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21534

21534 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2022-36107	Stored Cross-Site Scripting via FileDumpController — typo3	6.5	Medium	2022-09-13
CVE-2022-36108	Cross-Site Scripting in typo3/cms-core — typo3	6.5	Medium	2022-09-13
CVE-2022-36020	Bypass of Cross-Site Scripting Protection in typo3/html-sanitizer — html-sanitizer	6.1	Medium	2022-09-13
CVE-2022-39799	SAP GUI 跨站脚本漏洞 — SAP NetWeaver AS ABAP (SAP GUI for HTML within the Fiori Launchpad)	6.1	-	2022-09-13
CVE-2022-35298	SAP NetWeaver Enterprise Portal 跨站脚本漏洞 — SAP NetWeaver Enterprise Portal (KMC)	6.1	-	2022-09-13
CVE-2022-35294	SAP NetWeaver Application Server 跨站脚本漏洞 — SAP NetWeaver AS ABAP	5.4	-	2022-09-13
CVE-2022-36778	Synel - eHarmony Stored XSS — eHarmony	6.5	Medium	2022-09-13
CVE-2022-37335	WordPress Word Search Puzzles game plugin <= 2.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability — Word Search Puzzles game (WordPress plugin)	4.8	Medium	2022-09-09
CVE-2022-37407	WordPress Gallery PhotoBlocks plugin <= 1.2.6 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities — Gallery PhotoBlocks (WordPress plugin)	4.1	Medium	2022-09-09
CVE-2022-35275	WordPress Advanced Order Export For WooCommerce plugin <= 3.3.1 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability — Advanced Order Export For WooCommerce (WordPress plugin)	4.8	Medium	2022-09-09
CVE-2022-37404	WordPress add2fav plugin <= 1.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability — add2fav (WordPress plugin)	4.8	Medium	2022-09-09
CVE-2022-37412	WordPress Better Delete Revision plugin <= 1.6.1 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability — Better Delete Revision (WordPress plugin)	4.8	Medium	2022-09-09
CVE-2022-37403	WordPress Add User Role plugin <= 0.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability — Add User Role (WordPress plugin)	4.8	Medium	2022-09-09
CVE-2022-36356	WordPress Culture Object plugin <= 4.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability — Culture Object (WordPress plugin)	4.8	Medium	2022-09-09
CVE-2022-40191	WordPress Contact Form By Mega Forms plugin <= 1.2.4 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability — Contact Form By Mega Forms (WordPress plugin)	5.4	Medium	2022-09-09
CVE-2022-35725	WordPress wp-forecast plugin <= 7.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability — wp-forecast (WordPress plugin)	4.8	Medium	2022-09-09
CVE-2022-38068	WordPress Export Post Info plugin <= 1.1.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability — Export Post Info (WordPress plugin)	4.8	Medium	2022-09-09
CVE-2022-2925	Cross-site Scripting (XSS) - Stored in appwrite/appwrite — appwrite/appwrite	5.4	-	2022-09-09
CVE-2022-36098	XWiki Platform Mentions UI vulnerable to Cross-site Scripting — xwiki-platform	8.9	High	2022-09-08
CVE-2022-36097	XWiki Platform Attachment UI vulnerable to cross-site scripting in the move attachment form — xwiki-platform	8.9	High	2022-09-08
CVE-2022-36096	XWiki Platform vulnerable to Cross-site Scripting in the deleted attachments list — xwiki-platform	8.9	High	2022-09-08
CVE-2022-36094	XWiki Platform Web Parent POM vulnerable to XSS in the attachment history — xwiki-platform	8.9	High	2022-09-08
CVE-2022-3138	Cross-site Scripting (XSS) - Generic in jgraph/drawio — jgraph/drawio	6.1	-	2022-09-08
CVE-2022-3148	Cross-site Scripting (XSS) - Generic in jgraph/drawio — jgraph/drawio	6.1	-	2022-09-08
CVE-2022-36080	Wikmd Cross-site Scripting vulnerability — wikmd	6.1	Medium	2022-09-07
CVE-2022-2935	Image Hover Effects Ultimate <= 9.7.3 - Authenticated Stored Cross-Site Scripting via Media URL — Image Hover Effects Ultimate (Image Gallery, Effects, Lightbox, Comparison or Magnifier)	6.4	Medium	2022-09-06
CVE-2022-2716	Beaver Builder – WordPress Page Builder <= 2.5.5.2 - Authenticated Stored Cross-Site Scripting via Text Editor — Beaver Builder – WordPress Page Builder	6.4	Medium	2022-09-06
CVE-2022-2934	Beaver Builder – WordPress Page Builder <= 2.5.5.2 - Authenticated Stored Cross-Site Scripting via Image URL — Beaver Builder – WordPress Page Builder	6.4	Medium	2022-09-06
CVE-2022-2936	Image Hover Effects Ultimate <= 9.7.3 - Authenticated Stored Cross-Site Scripting via Video Link — Image Hover Effects Ultimate (Image Gallery, Effects, Lightbox, Comparison or Magnifier)	6.4	Medium	2022-09-06
CVE-2022-2941	WP-UserOnline <= 2.88.0 - Authenticated (Admin+) Stored Cross-Site Scripting — WP-UserOnline	5.5	Medium	2022-09-06

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21534 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21534