Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21520

21520 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-63082 Joomla! Core - [20260101] - Inadequate content filtering for data URLs — Joomla! CMS 6.1 -2026-01-06
CVE-2025-63083 Joomla! Core - [20260102] - XSS vector in the pagebreak plugin — Joomla! CMS 6.1 -2026-01-06
CVE-2025-14552 MediaPress <= 1.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Plugin's Shortcode — MediaPress 6.4 Medium2026-01-06
CVE-2025-12067 Table Field Add-on for ACF and SCF <= 1.3.30 - Authenticated (Contributor+) Stored Cross-Site Scripting via Table Cell Content — Table Field Add-on for ACF and SCF 6.4 Medium2026-01-06
CVE-2025-4776 Phlox <= 2.17.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via `data-caption` HTML Attribute — Phlox 6.4 Medium2026-01-06
CVE-2025-14120 URL Image Importer <= 1.0.7 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload — URL Image Importer 6.4 Medium2026-01-06
CVE-2025-13746 ForumWP – Forum & Discussion Board <= 2.1.6 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Display Name — ForumWP – Forum & Discussion Board 6.4 Medium2026-01-06
CVE-2025-66648 `vega-functions` vulnerable to Cross-site Scripting via `setdata` function — vega 7.2 High2026-01-05
CVE-2025-65110 Vega Cross-Site Scripting (XSS) via expression abusing vlSelectionTuples function array map calls in environments with satisfactory function gadgets in the global scope — vega 8.1 High2026-01-05
CVE-2025-39497 WordPress Dokan Pro plugin <= 3.14.5 - Cross Site Scripting (XSS) vulnerability — Dokan Pro 6.5 Medium2026-01-05
CVE-2024-53735 WordPress iPhone Webclip Manager plugin <= 0.5 - CSRF to Stored XSS vulnerability — iPhone Webclip Manager 7.1 High2026-01-05
CVE-2024-30461 WordPress Tumult Hype Animations plugin <= 1.9.11 - CSRF to XSS vulnerability — Tumult Hype Animations 7.1 High2026-01-05
CVE-2025-12511 A user with elevated privileges can inject XSS in the DSM Administration’s Extensions configuration page — Infra Monitoring 6.8 Medium2026-01-05
CVE-2025-12513 A user with elevated privileges can inject XSS in the Hosts configuration parameters page — Infra Monitoring 6.8 Medium2026-01-05
CVE-2024-23511 WordPress The Plus Addons for Elementor plugin <= 5.3.3 - Cross Site Scripting (XSS) vulnerability — The Plus Addons for Elementor Page Builder Lite 6.5 Medium2026-01-05
CVE-2023-51513 WordPress Geo Controller plugin <= 8.5.2 - Cross Site Scripting (XSS) vulnerability — Geo Controller 6.5 Medium2026-01-05
CVE-2023-49186 WordPress Machic Core plugin <= 1.2.6 - Reflected Cross Site Scripting (XSS) vulnerability — Machic Core 7.1 High2026-01-05
CVE-2026-0588 Xinhu Rainrock RockOA API rockfun.php cross site scripting — Rainrock RockOA 3.5 Low2026-01-05
CVE-2026-0587 Xinhu Rainrock RockOA Cover Image rock_page_gong.php cross site scripting — Rainrock RockOA 3.5 Low2026-01-05
CVE-2026-0586 code-projects Online Product Reservation System prod.php cross site scripting — Online Product Reservation System 4.3 Medium2026-01-05
CVE-2025-13056 A user with elevated privileges can inject XSS in the Administration ACL Menus configuration page — Infra Monitoring 6.8 Medium2026-01-05
CVE-2025-15022 Cross-site scripting in Action caption — vaadin 6.1 -2026-01-05
CVE-2026-0580 SourceCodester API Key Manager App Import Key cross site scripting — API Key Manager App 3.5 Low2026-01-05
CVE-2025-15454 zhanglun lettura RSS ContentRender.tsx cross site scripting — lettura 3.1 Low2026-01-05
CVE-2025-15452 xnx3 wangmarket Backend Variable Search variableList.do variableList cross site scripting — wangmarket 2.4 Low2026-01-05
CVE-2025-15451 xnx3 wangmarket System Variables variableSave.do cross site scripting — wangmarket 2.4 Low2026-01-05
CVE-2025-5591 Stored Cross-site Scripting (XSS) in Kentico Xperience 13 — Kentico Xperience 5.4 -2026-01-05
CVE-2025-66376 Zimbra Collaboration 跨站脚本漏洞 — Collaboration 7.2 High2026-01-05
CVE-2025-14830 JFrog Artifactory Cross-Site Scripting — Artifactory (Workers) 4.9 Medium2026-01-04
CVE-2026-21483 listmonk Vulnerable to Stored XSS Leading to Admin Account Takeover — listmonk 5.4 -2026-01-02

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21520 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.