Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21529

21529 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2015-20105 ClickBank Affiliate Ads <= 1.20 - CSRF to Stored Cross-Site Scripting — ClickBank Affiliate Ads 6.1 -2021-12-02
CVE-2021-23260 Stored XSS Vulnerability in File Name of the File Upload function — Crafter CMS 6.5 Medium2021-12-02
CVE-2020-35037 Events Manager < 5.9.8 - Cross-Site Scripting (XSS) — Events Manager 6.1 -2021-12-01
CVE-2021-25967 CKAN - Stored Cross-Site Scripting (XSS) via SVG File Upload — ckan 5.4 Medium2021-12-01
CVE-2021-3983 Cross-site Scripting (XSS) - Stored in kevinpapst/kimai2 — kevinpapst/kimai2 5.4 -2021-12-01
CVE-2021-3985 Cross-site Scripting (XSS) - Stored in kevinpapst/kimai2 — kevinpapst/kimai2 5.4 -2021-12-01
CVE-2021-3994 Cross-site Scripting (XSS) - Stored in django-helpdesk/django-helpdesk — django-helpdesk/django-helpdesk 6.1 -2021-12-01
CVE-2021-4018 Cross-site Scripting (XSS) - Stored in snipe/snipe-it — snipe/snipe-it 5.4 -2021-12-01
CVE-2021-25987 Hexo - Stored XSS — Hexo 5.0 Medium2021-11-30
CVE-2021-42119 Stored XSS in Search Function in TopEase — TopEase 7.3 High2021-11-30
CVE-2021-42118 Stored XSS in TopEase — TopEase 8.1 High2021-11-30
CVE-2021-43787 XSS via prototype pollution — NodeBB 9.0 Critical2021-11-29
CVE-2021-44200 Self cross-site scripting (XSS) was possible on devices page — Acronis Cyber Protect 15 6.1 -2021-11-29
CVE-2021-44202 Stored cross-site scripting (XSS) was possible in activity details — Acronis Cyber Protect 15 5.4 -2021-11-29
CVE-2021-44203 Stored cross-site scripting (XSS) was possible in protection plan details — Acronis Cyber Protect 15 5.4 -2021-11-29
CVE-2021-44201 Cross-site scripting (XSS) was possible in notification pop-ups — Acronis Cyber Protect 15 6.1 -2021-11-29
CVE-2021-42365 Asgaros Forums <= 1.15.13 Authenticated Stored XSS — Asgaros Forums 4.8 Medium2021-11-29
CVE-2021-24927 My Calendar < 3.2.18 - Subscriber+ Reflected Cross-Site Scripting — My Calendar 5.4 -2021-11-29
CVE-2021-24918 Smash Balloon Social Post Feed < 4.0.1 - Subscriber+ Arbitrary Plugin Settings Update to Stored XSS — Smash Balloon Social Post Feed 5.4 -2021-11-29
CVE-2021-24908 Check & Log Email < 1.0.4 - Reflected Cross-Site Scripting — Check & Log Email 6.1 -2021-11-29
CVE-2021-24899 Media-Tags <= 3.2.0.2 - Admin+ Stored Cross-Site Scripting — Media Tags 4.8 -2021-11-29
CVE-2021-24883 Popup Anything < 2.0.4 - Contributor+ Stored Cross-Site Scripting — Popup Anything – A Marketing Popup 5.4 -2021-11-29
CVE-2021-24876 Registrations for The Events Calendar < 2.7.5 - Reflected Cross-Site Scripting — Registrations for the Events Calendar – Event Registration Plugin 6.1 -2021-11-29
CVE-2021-24822 Stylish Cost Calculator < 7.04 - Subscriber+ Unauthorised AJAX Calls to Stored XSS — Stylish Cost Calculator 5.4 -2021-11-29
CVE-2021-24811 Shop Page WP < 1.2.8 - Admin+ Stored Cross-Site Scripting — Shop Page WP 4.8 -2021-11-29
CVE-2021-24768 WP RSS Aggregator < 4.19.2 - Admin+ Stored Cross-Site Scripting — WP RSS Aggregator – News Feeds, Autoblogging, Youtube Video Feeds and More 4.8 -2021-11-29
CVE-2021-24751 GenerateBlocks < 1.4.0 - Contributor+ Stored Cross-Site Scripting — GenerateBlocks 5.4 -2021-11-29
CVE-2021-24745 About Author Box < 1.0.2 - Contributor+ Stored Cross-Site Scripting — About Author Box 5.4 -2021-11-29
CVE-2017-20008 myCRED < 1.7.8 - Reflected Cross-Site Scripting — myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin 6.1 -2021-11-29
CVE-2021-4020 Cross-site Scripting (XSS) - Stored in meetecho/janus-gateway — meetecho/janus-gateway 5.4 -2021-11-27

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21529 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.