Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21520

21520 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2019-25277 FaceSentry Access Control System 6.4.8 Reflected Cross-Site Scripting via pluginInstall.php — FaceSentry Access Control System 6.1 Medium2026-01-07
CVE-2019-25270 SOCA Access Control System 180612 Reflected Cross-Site Scripting via logged_page.php — SOCA Access Control System 6.1 Medium2026-01-07
CVE-2025-12776 Stored Cross-Site Scripting — WebConsole 5.4 -2026-01-07
CVE-2026-0670 Stored XSS through a system message and a user-provided parameter in ProofreadPage — MediaWiki - ProofreadPage Extension 6.1 -2026-01-07
CVE-2026-21855 Tarkov Data Manager has Unauthenticated Reflected XSS — tarkov-data-manager 9.3 Critical2026-01-07
CVE-2026-0618 Devolutions PowerShell Universal 安全漏洞 — PowerShell Universal 5.4 -2026-01-07
CVE-2025-46494 WordPress WidgetKit Pro plugin <= 1.13.1 - Reflected Cross Site Scripting (XSS) vulnerability — WidgetKit Pro 7.1 High2026-01-07
CVE-2025-32300 WordPress DZS Video Gallery plugin <= 12.25 - Reflected Cross Site Scripting (XSS) vulnerability — DZS Video Gallery 7.1 High2026-01-07
CVE-2025-69082 WordPress Arlo theme <= 6.0.3 - Cross Site Scripting (XSS) vulnerability — Arlo 7.1 High2026-01-07
CVE-2025-14057 Multi-column Tag Map <= 17.0.39 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'mctm_css_conditional' Parameter — Multi-column Tag Map 4.4 Medium2026-01-07
CVE-2025-14114 1180px Shortcodes <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Attribute — 1180px Shortcodes 6.4 Medium2026-01-07
CVE-2025-14122 AD Sliding FAQ <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — AD Sliding FAQ 6.4 Medium2026-01-07
CVE-2025-13974 Email Customizer for WooCommerce | Drag and Drop Email Templates Builder <= 2.6.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via Email Template Content — Email Customizer for WooCommerce | Drag and Drop Email Templates Builder 4.4 Medium2026-01-07
CVE-2025-14147 Easy GitHub Gist Shortcodes <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute — Easy GitHub Gist Shortcodes 6.4 Medium2026-01-07
CVE-2025-14121 EDD Download Info <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — EDD Download Info 6.4 Medium2026-01-07
CVE-2025-13841 Smart App Banners <= 1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'size' and 'verticalalign' Shortcode Attributes — Smart App Banners 6.4 Medium2026-01-07
CVE-2025-14144 Mstoic Shortcodes <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'start' Shortcode Attribute — Mstoic Shortcodes 6.4 Medium2026-01-07
CVE-2025-14131 WP Widget Changer <= 1.2.5 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] — WP Widget Changer 6.1 Medium2026-01-07
CVE-2025-14453 My Album Gallery <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'style_css' Shortcode Attribute — My Album Gallery 6.4 Medium2026-01-07
CVE-2025-14113 Viitor Button Shortcodes <= 3.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'link' Shortcode Attribute — Viitor Button Shortcodes 6.4 Medium2026-01-07
CVE-2025-14112 Snillrik Restaurant <= 2.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'menu_style' Shortcode Attribute — Snillrik Restaurant Menu 6.4 Medium2026-01-07
CVE-2025-14130 Post Like Dislike <= 1.0 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] — Post Like Dislike 6.1 Medium2026-01-07
CVE-2025-14626 QR Code for WooCommerce order emails, PDF invoices, packing slips <= 1.9.42 - Authenticated (Contributor+) Cross-Site Scripting via Shortcode Attributes — QR Code for WooCommerce order emails, PDF invoices, packing slips 6.4 Medium2026-01-07
CVE-2025-13418 Responsive Pricing Table <= 5.1.12 - Authenticated (Author+) Stored Cross-Site Scripting — Responsive Pricing Table 6.4 Medium2026-01-07
CVE-2025-14145 Niche Hero | Beautifully-designed blocks in seconds <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'spacing' Shortcode Attribute — Niche Hero | Beautifully-designed blocks in seconds 6.4 Medium2026-01-07
CVE-2025-13887 AI BotKit <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — AI ChatBot for WordPress by AI BotKit – Live in 2 Minutes, No Code 6.4 Medium2026-01-07
CVE-2025-13849 Cool YT Player <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — Cool YT Player 6.4 Medium2026-01-07
CVE-2025-14110 WP Js List Pages Shortcodes <= 1.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Attribute — WP Js List Pages Shortcodes 6.4 Medium2026-01-07
CVE-2025-14028 Contact Us Simple Form <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings — Contact Us Simple Form 4.4 Medium2026-01-07
CVE-2025-14118 Starred Review <= 1.4.2 - Reflected Cross-Site Scripting via PHP_SELF Variable — Starred Review 6.1 Medium2026-01-07

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21520 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.