Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21519

21519 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-50006 WordPress xSmart theme <= 1.2.9.4 - Reflected Cross Site Scripting (XSS) vulnerability — xSmart 7.1 High2026-01-22
CVE-2025-50005 WordPress tagDiv Composer plugin <= 5.4.2 - Cross Site Scripting (XSS) vulnerability — tagDiv Composer 6.5 Medium2026-01-22
CVE-2025-49249 WordPress Drone theme <= 1.40 - Reflected Cross Site Scripting (XSS) vulnerability — Drone 7.1 High2026-01-22
CVE-2025-49066 WordPress Accordion Slider PRO plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability — Accordion Slider PRO 7.1 High2026-01-22
CVE-2025-49336 WordPress Pondol BBS plugin <= 1.1.8.4 - Cross Site Scripting (XSS) vulnerability — Pondol BBS 5.9 Medium2026-01-22
CVE-2025-49045 WordPress Super Interactive Maps plugin <= 2.3 - Reflected Cross Site Scripting (XSS) vulnerability — Super Interactive Maps 7.1 High2026-01-22
CVE-2025-49046 WordPress xPromoter plugin <= 1.3.4 - Reflected Cross Site Scripting (XSS) vulnerability — xPromoter 7.1 High2026-01-22
CVE-2025-47666 WordPress Image&Video FullScreen Background plugin <= 1.6.7 - Reflected Cross Site Scripting (XSS) vulnerability — Image&Video FullScreen Background 7.1 High2026-01-22
CVE-2025-48094 WordPress Magic Slider plugin <= 2.2 - Reflected Cross Site Scripting (XSS) vulnerability — Magic Slider 7.1 High2026-01-22
CVE-2025-49043 WordPress Magic Responsive Slider and Carousel WordPress plugin <= 1.6 - Reflected Cross Site Scripting (XSS) vulnerability — Magic Responsive Slider and Carousel WordPress 7.1 High2026-01-22
CVE-2025-47500 WordPress Stackable plugin <= 3.19.5 - Cross Site Scripting (XSS) vulnerability — Stackable 5.9 Medium2026-01-22
CVE-2025-27005 WordPress HTML5 Video Player plugin <= 5.3.5 - Reflected Cross Site Scripting (XSS) vulnerability — HTML5 Video Player 7.1 High2026-01-22
CVE-2025-32123 WordPress HTML5 Video Player with Playlist & Multiple Skins plugin <= 5.3.5 - Reflected Cross Site Scripting (XSS) vulnerability — HTML5 Video Player with Playlist & Multiple Skins 7.1 High2026-01-22
CVE-2025-65098 Typebot Vulnerable to Credential Theft via Client-Side Script Execution and API Authorization Bypass — typebot.io 7.4 High2026-01-22
CVE-2025-67683 Reflected XSS in Quick.Cart — Quick.Cart 6.1AIMediumAI2026-01-22
CVE-2025-4763 XSS in Aida Computer's Hotspot — Hotel Guest Hotspot 5.5 Medium2026-01-22
CVE-2026-24037 Horilla HRM has XSS Bypass through Project Name — horilla 4.8 Medium2026-01-22
CVE-2025-27380 HTML Injection Leading to Script Execution in Altium Enterprise Server — AES 7.6 High2026-01-22
CVE-2025-27379 Stored Cross-Site Scripting in AES BOM Viewer — AES 6.8 Medium2026-01-22
CVE-2026-23887 Group-Office has stored XSS vulnerability via unsanitized filenames — groupoffice 5.4AIMediumAI2026-01-21
CVE-2026-23630 Docmost is vulnerable to stored Cross-Site Scripting (XSS) through Mermaid rendering — docmost 5.4AIMediumAI2026-01-21
CVE-2026-23960 Argo Workflows affected by stored XSS in the artifact directory listing — argo-workflows 5.4AIMediumAI2026-01-21
CVE-2026-23499 Saleor vulnerable to stored XSS via Unrestricted File Upload — saleor 6.5AIMediumAI2026-01-21
CVE-2026-22808 Fleet Windows MDM endpoint has a Cross-site Scripting vulnerability — fleet 8.8AIHighAI2026-01-21
CVE-2021-47870 GetSimple CMS My SMTP Contact Plugin 1.1.2 - Stored XSS — My SMTP Contact Plugin 5.4AIMediumAI2026-01-21
CVE-2021-47873 VestaCP < 0.9.8-25 - Stored Cross-Site Scripting — VestaCP 7.2 High2026-01-21
CVE-2021-47858 Genexis Platinum-4410 P4410-V2-1.31A - 'start_addr' Persistent Cross-Site Scripting — Platinum-4410 7.2 High2026-01-21
CVE-2021-47855 Openlitespeed 1.7.9 - 'Notes' Stored Cross-Site Scripting — OpenLiteSpeed 7.2 High2026-01-21
CVE-2021-47857 Moodle 3.10.3 - 'label' Persistent Cross Site Scripting — Moodle 7.2 High2026-01-21
CVE-2021-47817 OpenEMR 5.0.2.1 - Remote Code Execution — OpenEMR 5.4 Medium2026-01-21

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21519 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.