Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21524

21524 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2021-33179 Nagios XI 跨站脚本漏洞 — Nagios XI 5.4 -2021-10-14
CVE-2021-41139 Reflected XSS vulnerability in time.php — timetracker 8.1 High2021-10-13
CVE-2021-24737 Comments - wpDiscuz <= 7.3.0 - Admin+ Stored Cross-Site Scripting — Comments – wpDiscuz 4.8 -2021-10-11
CVE-2021-24720 GeoDirectory < 2.1.1.3 - Authenticated Stored Cross-Site Scripting (XSS) — Business Directory Plugin | GeoDirectory 5.4 -2021-10-11
CVE-2021-24719 Enfold Theme < 4.8.4 - Reflected Cross-Site Scripting (XSS) — Enfold 6.1 -2021-10-11
CVE-2021-24712 Appointment Hour Booking – WordPress Booking Plugin < 1.3.17 - Authenticated Stored XSS — Appointment Hour Booking – WordPress Booking Plugin 5.4 -2021-10-11
CVE-2021-24709 Weather Effect < 1.3.6 - Admin+ Stored Cross-Site Scripting — Weather Effect – Christmas Santa Snow Falling 4.8 -2021-10-11
CVE-2021-24691 Quiz And Survey Master < 7.3.2 - Admin+ Stored Cross-Site Scripting — Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress 4.8 -2021-10-11
CVE-2021-24690 Chained Quiz < 1.2.7.2 - Authenticated Stored Cross Site Scripting — Chained Quiz 5.4 -2021-10-11
CVE-2021-24681 Duplicate Page <= 4.4.2 - Admin+ Stored Cross-Site Scripting — Duplicate Page 4.8 -2021-10-11
CVE-2021-24656 Simple Social Media Share Buttons < 3.2.4 - Authenticated Stored Cross-Site Scripting — Simple Social Media Share Buttons – Social Sharing for Everyone 4.8 -2021-10-11
CVE-2021-24577 Coming Soon and Maintenance Mode < 3.5.3 - Authenticated Stored XSS — Coming soon and Maintenance mode 5.4 -2021-10-11
CVE-2021-24576 Easy Accordion < 2.0.22 - Authenticated Stored XSS — Easy Accordion – Best Accordion FAQ Plugin for WordPress 4.7 -2021-10-11
CVE-2021-24563 Frontend Uploader <= 1.3.2 - Unauthenticated Stored Cross-Site Scripting — Frontend Uploader 5.4 -2021-10-11
CVE-2021-24545 WP HTML Author Bio <= 1.2.0 - Author+ Stored Cross-Site Scripting — WP HTML Author Bio 5.4 -2021-10-11
CVE-2021-41567 Tad Uploader - Stored XSS — Uploader 6.1 Medium2021-10-08
CVE-2021-41565 Tad TadTools - Reflected XSS — TadTools 6.1 Medium2021-10-08
CVE-2021-41563 Tad Book3 - Stored XSS — Tad Book3 6.1 Medium2021-10-08
CVE-2021-3834 Integria IMS vulnerable to Cross Site Scripting (XSS) — Integria IMS 5.4 Medium2021-10-07
CVE-2021-34742 Cisco Vision Dynamic Signage Director Reflected Cross-Site Scripting Vulnerability — Cisco Vision Dynamic Signage Director 6.1 Medium2021-10-06
CVE-2021-39350 FV Flowplayer Video Player <= 7.5.0.727 - 7.5.2.727 Reflected Cross-Site Scripting — FV Flowplayer Video Player 6.1 -2021-10-06
CVE-2021-23856 Reflected Cross-Site-Scripting — IndraMotion MLC L20, L40 10.0 Critical2021-10-04
CVE-2021-25964 Stored Cross-Site Scripting (XSS) in Calibre-web via Description Field in Metadata — calibreweb 5.4 Medium2021-10-04
CVE-2021-24687 Modern Events Calendar Lite < 5.22.2 - Admin+ Stored Cross-Site Scripting — Modern Events Calendar Lite 4.8 -2021-10-04
CVE-2021-24679 Bitcoin / AltCoin Payment Gateway for WooCommerce < 1.6.1 - Reflected Cross-Site Scripting — Bitcoin / AltCoin Payment Gateway for WooCommerce & Multivendor store / shop 6.1 -2021-10-04
CVE-2021-24678 CM Tooltip Glossary < 3.9.21 - Contributor+ Stored Cross-Site Scripting — CM Tooltip Glossary – Better SEO and UEX for your WP site 5.4 -2021-10-04
CVE-2021-24676 Better Find and Replace < 1.2.9 - Reflected Cross-Site Scripting — Better Find and Replace 6.1 -2021-10-04
CVE-2021-24673 Appointment Hour Booking < 1.3.16 - Authenticated Stored Cross-Site Scripting — Appointment Hour Booking – WordPress Booking Plugin 4.8 -2021-10-04
CVE-2021-24654 User Registration < 2.0.2 - Low Privilege Stored Cross-Site Scripting — User Registration – Custom Registration Form, Login And User Profile For WordPress 5.4 -2021-10-04
CVE-2021-29110 Stored cross-site scripting (XSS) issue in Esri Portal for ArcGIS may allow a remote unauthenticated attacker to pass and store malicious strings in the home application. — Portal for ArcGIS 5.4 -2021-10-01

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21524 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.