Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21520

21520 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2021-21577 DELL Dell EMC iDRAC9 跨站脚本漏洞 — Integrated Dell Remote Access Controller (iDRAC) 6.1 Medium2021-08-03
CVE-2021-21576 DELL Dell EMC iDRAC9 跨站脚本漏洞 — Integrated Dell Remote Access Controller (iDRAC) 6.1 Medium2021-08-03
CVE-2021-32812 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') and Improper Encoding or Escaping of Output in frontend/server/server.js — monkshu 4.6 Medium2021-08-02
CVE-2021-34635 Poll Maker <= 3.2.8 - Reflected Cross-Site Scripting — Poll Maker 6.1 Medium2021-08-02
CVE-2021-37216 QSAN Storage Manager - Reflected Cross-Site Scripting — Storage Manager XN8008T 6.1 Medium2021-08-02
CVE-2021-24504 WP LMS <= 1.1.2 - Stored Cross-Site Scripting (XSS) — WP LMS – Best WordPress LMS Plugin 6.1 -2021-08-02
CVE-2021-24503 Popular Brand SVG Icons - Simple Icons < 2.7.8 - Contributor+ Stored XSS — Popular Brand Icons – Simple Icons 5.4 -2021-08-02
CVE-2021-24498 Calendar Event Multi View < 1.4.01 - Unauthenticated Reflected Cross-Site Scripting (XSS) — Calendar Event Multi View 6.1 -2021-08-02
CVE-2021-24496 Community Event < 1.4.8 - Reflected Cross-Site Scripting (XSS) — Community Events 6.1 -2021-08-02
CVE-2021-24488 Post Grid < 2.1.8 - Reflected Cross-Site Scripting (XSS) — Post Grid 6.1 -2021-08-02
CVE-2021-24481 Any Hostname <= 1.0.6 - Authenticated Stored Cross-Site Scripting (XSS) — Any Hostname 4.8 -2021-08-02
CVE-2021-24480 Event Geek <= 2.5.2 - Stored Cross-site Scripting (XSS) — Event Geek 4.8 -2021-08-02
CVE-2021-24479 DrawBlog <= 0.90 - Authenticated Stored Cross-Site Scripting (XSS) — DrawBlog 4.8 -2021-08-02
CVE-2021-24478 Bookshelf <= 2.0.4 - Authenticated Stored Cross-Site Scripting (XSS) — Bookshelf 5.4 -2021-08-02
CVE-2021-24477 Migrate Users <= 1.0.1 - CSRF to Stored Cross-Site Scripting (XSS) — Migrate Users 6.1 -2021-08-02
CVE-2021-24476 Steam Group Viewer <= 2.1 - Authenticated Stored Cross-Site Scripting (XSS) — Steam Group Viewer 5.4 -2021-08-02
CVE-2021-24474 Awesome Weather Widget <= 3.0.2 - Reflected Cross-site Scripting (XSS) — Awesome Weather Widget 6.1 -2021-08-02
CVE-2021-24470 Yada Wiki < 3.4.1 - Contributor+ Stored XSS — Yada Wiki 5.4 -2021-08-02
CVE-2021-24468 Leaflet Map < 3.0.0 - Contributor+ Stored XSS — Leaflet Map 5.4 -2021-08-02
CVE-2021-24464 YouTube Embed, Playlist and Popup < 2.3.9 - Contributor+ Stored XSS — YouTube Embed, Playlist and Popup by WpDevArt 5.4 -2021-08-02
CVE-2021-24455 Tutor LMS < 1.9.2 - Authenticated Stored Cross-Site Scripting (XSS) — Tutor LMS – eLearning and online course solution 5.4 -2021-08-02
CVE-2021-24450 ProfilePress < 3.1.8 - Authenticated Stored XSS — User Registration, User Profiles, Login & Membership – ProfilePress (Formerly WP User Avatar) 4.8 -2021-08-02
CVE-2021-24448 Profile Builder < 3.4.8 - Authenticated Stored XSS — User Registration & User Profile – Profile Builder 4.8 -2021-08-02
CVE-2021-24443 Youzify < 1.0.7 - Stored Cross-Site Scripting via Biography — Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress 5.4 -2021-08-02
CVE-2021-24428 RSS for Yandex Turbo <= 1.30 - Authenticated Stored XSS — RSS for Yandex Turbo 4.8 -2021-08-02
CVE-2021-24425 myStickymenu < 2.5.2 - Authenticated Stored XSS — Floating Notification Bar, Sticky Menu on Scroll, and Sticky Header for Any Theme – myStickymenu 4.8 -2021-08-02
CVE-2021-24444 TaxoPress < 3.0.7.2 - Authenticated Stored Cross-Site Scripting (XSS) — TaxoPress – Create and Manage Taxonomies, Tags, Categories 4.8 -2021-08-02
CVE-2021-35030 Zyxel GS1900-8 跨站脚本漏洞 — GS1900-8 Firmware 3.5 Low2021-07-26
CVE-2021-36092 XSS attack using special link in email — ((OTRS)) Community Edition 6.5 Medium2021-07-26
CVE-2021-21442 XSS vulnerability in Time Accounting — Time Accounting 4.5 Medium2021-07-26

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21520 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.