Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21519

21519 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-13701 Shabat Keeper <= 0.4.4 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] — Shabat Keeper 6.1 Medium2026-01-09
CVE-2025-13852 Debt.com Business in a Box <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — Debt.com Business in a Box 6.4 Medium2026-01-09
CVE-2025-13893 Lesson Plan Book <= 1.3 - Reflected Cross-Site Scripting — Lesson Plan Book 6.1 Medium2026-01-09
CVE-2025-13903 PullQuote <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — PullQuote 6.4 Medium2026-01-09
CVE-2025-9222 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLab 8.7 High2026-01-09
CVE-2025-13761 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLab 8.0 High2026-01-09
CVE-2025-13895 Top Position Google Finance <= 0.1.0 - Reflected Cross-Site Scripting — Top Position Google Finance 6.1 Medium2026-01-09
CVE-2025-13900 WP Popup Magic <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'name' Shortcode Attribute — WP Popup Magic 6.4 Medium2026-01-09
CVE-2025-13853 Nearby Now Reviews <= 5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — Nearby Now Reviews 6.4 Medium2026-01-09
CVE-2025-13729 Entry Views <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Entry Views 6.4 Medium2026-01-09
CVE-2026-0627 AMP for WP <= 1.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via SVG File Upload — AMP for WP – Accelerated Mobile Pages 6.4 Medium2026-01-09
CVE-2025-14937 Frontend Admin by DynamiApps <= 3.28.23 - Unauthenticated Stored Cross-Site Scripting via 'update_field' — Frontend Admin by DynamiApps 7.2 High2026-01-09
CVE-2025-15055 SlimStat Analytics <= 5.3.4 - Unauthenticated Stored Cross-Site Scripting via 'notes/resource' Parameters — SlimStat Analytics 7.2 High2026-01-09
CVE-2025-14893 IndieWeb <= 4.0.5 - Authenticated (Author+) Stored Cross-Site Scripting via 'Telephone' Parameter — IndieWeb 6.4 Medium2026-01-09
CVE-2025-15057 SlimStat Analytics <= 5.3.3 - Unauthenticated Stored Cross-Site Scripting via 'fh' Parameter — SlimStat Analytics 7.2 High2026-01-09
CVE-2026-0563 WP Google Street View (with 360° virtual tour) & Google maps + Local SEO <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpgsv_map' Shortcode — WP Google Street View (with 360° virtual tour) & Google maps + Local SEO 6.4 Medium2026-01-09
CVE-2025-15019 BIALTY - Bulk Image Alt Text (Alt tag, Alt Attribute) with Yoast SEO + WooCommerce <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Bulk Auto Image Alt Text (Alt tag, Alt attribute) optimizer (image SEO) 6.4 Medium2026-01-09
CVE-2026-22713 Stored XSS through edit summaries in GrowthExperiments — Mediawiki - GrowthExperiments Extension 6.1 -2026-01-09
CVE-2026-22714 i18n XSS, DoS and config SQLI in Monaco — Mediawiki - Monaco Skin 6.1 -2026-01-08
CVE-2026-22710 Stored XSS through autocomment system messages in Wikibase — Mediawiki - Wikibase Extension 6.1 -2026-01-08
CVE-2026-0730 PHPGurukul Staff Leave Management System SVG File adminviews.py UPDATE_STAFF cross site scripting — Staff Leave Management System 2.4 Low2026-01-08
CVE-2025-14436 Brevo for WooCommerce <= 4.0.49 - Unauthenticated Stored Cross-Site Scripting — Brevo for WooCommerce 7.2 High2026-01-08
CVE-2026-22257 Salvo is vulnerable to stored XSS in the list_html function by uploading files with malicious names — salvo 8.8 High2026-01-08
CVE-2026-22256 Salvo is vulnerable to reflected XSS in the list_html function — salvo 8.8 High2026-01-08
CVE-2026-22233 OPEXUS eCASE Audit Project Cost stored XSS — eCASE Audit 5.5 Medium2026-01-08
CVE-2026-22232 OPEXUS eCASE Audit Project Setup stored XSS — eCASE Audit 5.5 Medium2026-01-08
CVE-2026-22231 OPEXUS eCASE Audit Document Check Out stored XSS — eCASE Audit 5.5 Medium2026-01-08
CVE-2026-22587 Ideagen DevonWay Reports page stored XSS — DevonWay 5.5 Medium2026-01-08
CVE-2026-0671 Multiple stored i18n/message-key XSSes in UploadWizard — MediaWiki - UploadWizard extension 6.1 -2026-01-08
CVE-2026-22518 WordPress X Addons for Elementor plugin <= 1.0.23 - Cross Site Scripting (XSS) vulnerability — X Addons for Elementor 6.5 Medium2026-01-08

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21519 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.