Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21519

21519 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-0812 LinkedIn SC <= 1.1.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Page — LinkedIn SC 4.4 Medium2026-01-14
CVE-2026-0739 WMF Mobile Redirector <= 1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings Parameters — WMF Mobile Redirector 4.4 Medium2026-01-14
CVE-2025-15486 Kunze Law <= 2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting — Kunze Law 4.4 Medium2026-01-14
CVE-2025-15021 Gotham Block Extra Light <= 1.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings — Gotham Block Extra Light 4.4 Medium2026-01-14
CVE-2025-12178 SpiceForms Form Builder <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — SpiceForms Form Builder 6.4 Medium2026-01-14
CVE-2025-15266 GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation <= 1.1.8 - Unauthenticated Stored Cross-Site Scripting — GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation 7.2 High2026-01-14
CVE-2025-13627 Makesweat <= 0.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'makesweat_clubid' Setting — Makesweat 4.4 Medium2026-01-14
CVE-2025-15378 AJS Footnotes <= 1.0 - Unauthenticated Stored Cross-Site Scripting — AJS Footnotes 7.2 High2026-01-14
CVE-2026-0694 SearchWiz <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title — SearchWiz 6.4 Medium2026-01-14
CVE-2025-15283 Name Directory <= 1.30.3 - Unauthenticated Stored Cross-Site Scripting via Multiple Parameters — Name Directory 7.2 High2026-01-14
CVE-2025-14379 Testimonials Creator 1.6 - Authenticated (Admin+) Stored Cross-Site Scripting — Testimonials Creator 4.4 Medium2026-01-14
CVE-2026-0680 Real Post Slider Lite <= 2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Settings — Real Post Slider Lite 4.4 Medium2026-01-14
CVE-2025-14725 Internal Link Builder <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin's Settings — Internal Link Builder 4.4 Medium2026-01-14
CVE-2026-0594 List Site Contributors <= 1.1.8 - Reflected Cross-Site Scripting via alpha — List Site Contributors 6.1 Medium2026-01-14
CVE-2023-54332 Jetpack 11.4 - Cross Site Scripting (XSS) — Jetpack 6.1 Medium2026-01-13
CVE-2023-53985 Zstore 6.5.4 - Reflected Cross-Site Scripting (XSS) — Zstore 6.1 Medium2026-01-13
CVE-2022-50896 Testa 3.5.1 Online Test Management System - Reflected Cross-Site Scripting (XSS) — Testa 6.1 Medium2026-01-13
CVE-2021-47750 YouPHPTube <= 7.8 - Cross-Site Scripting — YouPHPTube 6.1 Medium2026-01-13
CVE-2020-36919 WPForms 1.7.8 - Cross-Site Scripting (XSS) — WPForms 6.1 Medium2026-01-13
CVE-2023-54341 Webgrind 1.1 - Reflected Cross-Site Scripting (XSS) via file Parameter — Webgrind 6.1 Medium2026-01-13
CVE-2022-50937 Ametys CMS v4.4.1 - Cross Site Scripting (XSS) — Ametys CMS 6.1 Medium2026-01-13
CVE-2022-50908 Mailhog 1.0.1 - Stored Cross-Site Scripting (XSS) — Mailhog 7.2 High2026-01-13
CVE-2022-50906 e107 CMS v3.2.1 - Admin Upload Restriction Bypass + Stored XSS — e107 CMS 4.8 Medium2026-01-13
CVE-2022-50905 e107 CMS v3.2.1 - Reflected XSS via Comment Flow — e107 CMS 9.8 Critical2026-01-13
CVE-2022-50891 Owlfiles File Manager 12.0.1 Cross-Site Scripting via HTTP Server — Owlfiles File Manager 5.0 Medium2026-01-13
CVE-2025-68658 Open Source Point of Sale (opensourcepos) Stored XSS in Configuration (Information) – Company Name field — opensourcepos 4.3 Medium2026-01-13
CVE-2025-15056 Quill 2.0.3 - Lack of data validation in HTML export allowing XSS — Quill 6.1AIMediumAI2026-01-13
CVE-2026-20959 Microsoft SharePoint Server Spoofing Vulnerability — Microsoft SharePoint Enterprise Server 2016 4.6 Medium2026-01-13
CVE-2025-9427 Admin reflected XSS — WordPress add-on 6.1AIMediumAI2026-01-13
CVE-2026-0514 Cross-Site Scripting (XSS) vulnerability in SAP Business Connector — SAP Business Connector 6.1 Medium2026-01-13

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21519 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.