Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21529

21529 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2021-43855 Stored XSS via SVG in Requarks/wiki — wiki 8.2 High2021-12-27
CVE-2021-43856 Stored XSS in non-image uploads in Requarks/wiki — wiki 8.2 High2021-12-27
CVE-2021-24992 Buttonizer - Smart Floating Action Button < 2.5.5 - Admin+ Stored Cross-Site Scripting — Smart Floating / Sticky Buttons – Call, Sharing, Chat Widgets & More – Buttonizer 4.8 -2021-12-27
CVE-2021-24984 WPFront User Role Editor < 3.2.1.11184 - Reflected Cross-Site Scripting — WPFront User Role Editor 6.1 -2021-12-27
CVE-2021-24988 WP RSS Aggregator < 4.19.3 - Subscriber+ Stored Cross-Site Scripting — WP RSS Aggregator – News Feeds, Autoblogging, Youtube Video Feeds and More 5.4 -2021-12-27
CVE-2021-24980 Gwolle Guestbook < 4.2.0 - Reflected Cross-Site Scripting — Gwolle Guestbook 6.1 -2021-12-27
CVE-2021-24979 Paid Memberships Pro < 2.6.6 - Reflected Cross-Site Scripting — Paid Memberships Pro 6.1 -2021-12-27
CVE-2021-24967 Contact Form & Lead Form Elementor Builder < 1.6.4 - Unauthenticated Stored Cross-Site Scripting — Contact Form & Lead Form Elementor Builder 6.1 -2021-12-27
CVE-2021-24969 Download Manager < 3.2.22 - Subscriber+ Stored Cross-Site Scripting — WordPress Download Manager 5.4 -2021-12-27
CVE-2021-24902 Typebot < 1.4.3 - Admin+ Stored Cross Site Scripting — Typebot | Build beautiful conversational forms 4.8 -2021-12-27
CVE-2021-24797 Tickera < 3.4.8.3 - Unauthenticated Stored Cross-Site Scripting — Tickera – WordPress Event Ticketing 6.1 -2021-12-27
CVE-2021-4169 Cross-site Scripting (XSS) - Reflected in livehelperchat/livehelperchat — livehelperchat/livehelperchat 6.1 -2021-12-26
CVE-2021-3977 Cross-site Scripting (XSS) - Stored in invoiceninja/invoiceninja — invoiceninja/invoiceninja 6.1 -2021-12-24
CVE-2021-4072 Cross-site Scripting (XSS) - Stored in elgg/elgg — elgg/elgg 6.1 -2021-12-24
CVE-2021-44543 Privoxy 跨站脚本漏洞 — privoxy 6.1 -2021-12-23
CVE-2021-43853 Cross-Site Scripting in AjaxNetProfessional — Ajax.NET-Professional 8.7 High2021-12-22
CVE-2021-23228 Delta Electronics DIAEnergie (Update A) — DIAEnergie 7.5 High2021-12-22
CVE-2021-31558 Delta Electronics DIAEnergie (Update A) — DIAEnergie 6.5 Medium2021-12-22
CVE-2021-44544 Delta Electronics DIAEnergie (Update A) — DIAEnergie 7.5 High2021-12-22
CVE-2021-44471 Delta Electronics DIAEnergie (Update A) — DIAEnergie 7.5 High2021-12-22
CVE-2021-36885 WordPress Contact Form 7 Database Addon – CFDB7 plugin <= 1.2.6.1 - Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability — Contact Form 7 Database Addon – CFDB7 (WordPress plugin) 6.1 Medium2021-12-22
CVE-2021-4139 Cross-site Scripting (XSS) - Stored in pimcore/pimcore — pimcore/pimcore 5.4 -2021-12-21
CVE-2021-24956 Blog2Social < 6.8.7 - Reflected Cross-Site Scripting — Blog2Social: Social Media Auto Post & Scheduler 6.1 -2021-12-21
CVE-2021-24941 Icegram < 2.0.5 - Reflected Cross-Site Scripting — Popups, Welcome Bar, Optins and Lead Generation Plugin – Icegram 6.1 -2021-12-21
CVE-2021-24907 Everest Forms < 1.8.0 - Reflected Cross-Site Scripting — Contact Form, Drag and Drop Form Builder for WordPress – Everest Forms 6.1 -2021-12-21
CVE-2021-24738 Logo Carousel < 3.4.2 - Contributor+ Stored Cross-Site Scripting — Logo Carousel – Logo Slider, Logo Showcase, and Clients Logo Gallery 5.4 -2021-12-21
CVE-2021-24578 SportsPress < 2.7.9 - Reflected Cross-Site Scripting — SportsPress – Sports Club & League Manager 6.1 -2021-12-21
CVE-2021-43842 Stored XSS via SVG file upload in Wiki.js — wiki 5.4 Medium2021-12-20
CVE-2021-36889 WordPress tarteaucitron.js – Cookies legislation & GDPR plugin <= 1.6 - Multiple Stored Authenticated Cross-Site Scripting (XSS) vulnerabilities — tarteaucitron.js – Cookies legislation & GDPR (WordPress plugin) 3.4 Low2021-12-20
CVE-2021-44163 Chain Sea Information Integration Co., Ltd ai chatbot system - Reflected XSS — ai chatbot system 6.1 Medium2021-12-20

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21529 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.