Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21530

21530 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2022-1445 Stored Cross Site Scripting vulnerability in the checked_out_to parameter in snipe/snipe-it — snipe/snipe-it 5.4 -2022-04-24
CVE-2022-1439 Reflected XSS on demo.microweber.org/demo/module/ in microweber/microweber — microweber/microweber 6.1 -2022-04-22
CVE-2021-32927 Uffizio GPS Tracker Cross-site Scripting — GPS Tracker 7.1 High2022-04-22
CVE-2022-26673 ASUS RT-AX88U - Stored XSS — RT-AX88U 5.4 Medium2022-04-22
CVE-2022-20788 Cisco Unified Communications Products Cross-Site Scripting Vulnerability — Cisco Unified Communications Manager 6.1 Medium2022-04-21
CVE-2022-20778 Cisco Webex Meetings Cross-Site Scripting Vulnerability — Cisco Webex Meetings 6.1 Medium2022-04-21
CVE-2021-35229 Cross-Site Scripting Vulnerability using SQL Query — Database Performance Monitor 6.8 Medium2022-04-21
CVE-2022-28820 Adobe Consulting Services Reflected Cross-Site Scripting Arbitrary Code Execution — Experience Manager 6.1 Medium2022-04-21
CVE-2022-24869 Cross Site Scripting in GLPI — glpi 4.6 Medium2022-04-21
CVE-2022-24868 Cross site scripting via SVG file upload in GLPI — glpi 7.3 High2022-04-21
CVE-2021-41162 Cross-site Scripting in Combodo iTop — iTop 9.3 Critical2022-04-21
CVE-2022-24870 Stored Cross-site Scripting in Combodo iTop — iTop 8.7 High2022-04-21
CVE-2021-41161 XSS in csvimport in 3.0.0-beta versions — iTop 9.3 Critical2022-04-21
CVE-2022-1022 Cross-site Scripting (XSS) - Stored in chatwoot/chatwoot — chatwoot/chatwoot 5.4 -2022-04-21
CVE-2022-24864 Malicious Javascript injection in OriginProtocol/origin-website — origin-website 4.1 Medium2022-04-20
CVE-2022-24799 Cross Site Scripting in Wire Webapp — wire-webapp 9.6 Critical2022-04-20
CVE-2021-23283 Security issues in Eaton Intelligent Power Protector (IPP) — Eaton Intelligent Power Protector (IPP) 5.2 Medium2022-04-19
CVE-2022-28222 CleanTalk AntiSpam <= 5.173 Reflected XSS — CleanTalk AntiSpam 6.1 Medium2022-04-19
CVE-2022-1187 WP YouTube Live <= 1.7.21 - Reflected Cross-Site Scripting — WP YouTube Live 6.1 Medium2022-04-19
CVE-2022-28221 CleanTalk AntiSpam <= 5.173 Reflected XSS — CleanTalk AntiSpam 6.1 Medium2022-04-19
CVE-2022-1112 Autolinks <= 1.0.1 - Stored Cross-Site Scripting via CSRF — Autolinks 5.4 -2022-04-18
CVE-2022-1091 Safe SVG < 1.9.10 - SVG Sanitisation Bypass — Safe SVG 6.1 -2022-04-18
CVE-2022-1090 Good & Bad Comments <= 1.0.0 - Admin+ Stored Cross-Site Scripting — Good & Bad comments 4.8 -2022-04-18
CVE-2022-1088 Page Security & Membership <= 1.5.15 - Admin+ Stored Cross-Site Scripting — Page Security & Membership 4.8 -2022-04-18
CVE-2022-1063 Thank Me Later <= 3.3.4 - Admin+ Stored Cross-Site Scripting — Thank Me Later 4.8 -2022-04-18
CVE-2022-1001 WP Downgrade < 1.2.3 - Admin+ Stored Cross-Site Scripting — WP Downgrade | Specific Core Version 4.8 -2022-04-18
CVE-2022-0994 Hummingbird < 3.3.2 - Admin+ Stored Cross-Site Scripting — Hummingbird – Optimize Speed, Enable Cache, Minify CSS & Defer Critical JS 4.8 -2022-04-18
CVE-2022-0879 Caldera Forms < 1.9.7 - Reflected Cross-Site Scripting — Caldera Forms – More Than Contact Forms 6.1 -2022-04-18
CVE-2022-0780 SearchIQ < 3.9 - Unauthenticated Stored XSS — SearchIQ – The Search Solution 6.1 -2022-04-18
CVE-2022-0765 Loco Translate < 2.6.1 - Authenticated Stored Cross-Site Scripting — Loco Translate 4.8 -2022-04-18

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21530 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.