Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21520

21520 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2021-24410 Telugu Bible Verse Daily <= 1.0 - CSRF to Stored XSS — తెలుగు బైబిల్ వచనములు 6.1 -2021-08-16
CVE-2021-24411 Social Tape <= 1.0 - CSRF to Stored XSS — Social Tape 6.1 -2021-08-16
CVE-2021-24362 Photo Gallery < 1.5.75 - Stored Cross-Site Scripting via Uploaded SVG — Photo Gallery by 10Web – Mobile-Friendly Image Gallery 6.1 -2021-08-16
CVE-2021-25955 Stored XSS in “Dolibarr” leads to privilege escalation — dolibarr 9.0 Critical2021-08-15
CVE-2021-37695 Execution of JavaScript code using malformed HTML in ckeditor — ckeditor4 7.3 High2021-08-12
CVE-2021-37700 Clipboard-based DOM-XSS — paste-markdown 6.5 Medium2021-08-12
CVE-2021-32808 Cross-site scripting in ckeditor via abuse of undo functionality — ckeditor4 7.6 High2021-08-12
CVE-2021-34640 Securimage-WP-Fixed <= 3.5.4 Reflected Cross-Site Scripting — Securimage-WP-Fixed 6.1 Medium2021-08-11
CVE-2021-32768 Cross-Site Scripting via Rich-Text Content — TYPO3.CMS 6.1 Medium2021-08-10
CVE-2021-33702 SAP Enterprise Portal 跨站脚本漏洞 — SAP NetWeaver Enterprise Portal 6.1 -2021-08-10
CVE-2021-33703 SAP Netweaver 跨站脚本漏洞 — SAP NetWeaver Enterprise Portal (Application Extensions) 6.1 -2021-08-10
CVE-2021-22676 Advantech WebAccess/SCADA 跨站脚本漏洞 — WebAccess/SCADA 6.1 -2021-08-10
CVE-2021-32798 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in notebook — notebook 10.0 Critical2021-08-09
CVE-2021-32797 JupyterLab: XSS due to lack of sanitization of the action attribute of an html <form> — jupyterlab 7.4 High2021-08-09
CVE-2021-37634 LeafKit allows XSS with untrusted user input — leaf-kit 7.4 High2021-08-09
CVE-2021-37633 XSS via d-popover and d-html-popover attribute — discourse 7.4 High2021-08-09
CVE-2021-34660 WP Fusion Lite <= 3.37.18 Reflected Cross-Site Scripting — WP Fusion Lite 6.1 Medium2021-08-09
CVE-2021-24522 ProfilePress < 3.1.11 - Unauthenticated Cross-Site Scripting (XSS) in tabbed login/register widget — User Registration, User Profile, Login & Membership – ProfilePress (Formerly WP User Avatar) 6.1 -2021-08-09
CVE-2021-24509 Page View Counts < 2.4.9 - Contributor+ Stored XSS — Page View Count 5.4 -2021-08-09
CVE-2021-24505 Forms < 1.12.3 - Authenticated Stored Cross-Site Scripting (XSS) — Forms 5.4 -2021-08-09
CVE-2021-24502 WP Google Map < 1.7.7 - Authenticated Stored Cross-Site Scripting (XSS) — Maps Plugin using Google Maps for WordPress – WP Google Map 4.8 -2021-08-09
CVE-2021-24495 Marmoset Viewer < 1.9.3 - Reflected Cross Site Scripting — Marmoset Viewer 6.1 -2021-08-09
CVE-2021-24304 Newsmag < 5.0 - Unauthenticated Reflected Cross-site Scripting (XSS) — Newsmag 6.1 -2021-08-09
CVE-2021-37211 Larvata Digital Technology Co. Ltd. FLYGO - Stored XSS — FLYGO 5.4 Medium2021-08-09
CVE-2021-37859 Reflected XSS in OAuth Flow — Mattermost 7.1 High2021-08-05
CVE-2021-3539 EspoCRM Avatar Persistent XSS — EspoCRM 6.3 Medium2021-08-04
CVE-2021-36805 Akaunting Invoice Footer Persistent XSS — Akaunting 5.2 Medium2021-08-04
CVE-2021-36803 Akaunting Avatar Persistent XSS — Akaunting 6.3 Medium2021-08-04
CVE-2021-32793 Stored XSS Vulnerability in the Pi-hole Webinterface — AdminLTE 5.7 Medium2021-08-04
CVE-2021-21581 Dell EMC iDRAC9 跨站脚本漏洞 — Integrated Dell Remote Access Controller (iDRAC) 6.5 Medium2021-08-03

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21520 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.