Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21520

21520 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-21451 Bagisto has HTML Filter Bypass that Enables Stored XSS — bagisto 5.4 -2026-01-02
CVE-2026-21432 Emlog has stored Cross-site Scripting issue that can lead to admin or another account ATO — emlog 7.6 -2026-01-02
CVE-2026-21431 Emlog vulnerable to stored Cross-site Scripting via image name — emlog 5.4 -2026-01-02
CVE-2025-62857 QuMagie — QuMagie 6.1 -2026-01-02
CVE-2025-15437 LigeroSmart Environment Variable cross site scripting — LigeroSmart 3.5 Low2026-01-02
CVE-2025-15416 xnx3 wangmarket Add Global Variable save.do cross site scripting — wangmarket 2.4 Low2026-01-01
CVE-2025-67711 Reflected XSS vulnerability in ArcGIS Server. — ArcGIS Server 6.1 Medium2025-12-31
CVE-2025-67710 Stored XSS vulnerability in ArcGIS Server — ArcGIS Server 6.1 Medium2025-12-31
CVE-2025-67709 There is a cross site scripting issue in ArcGIS Server. — ArcGIS Server 6.1 Medium2025-12-31
CVE-2025-67708 Reflected cross-site scripting (XSS) vulnerability in ArcGIS Server. — ArcGIS Server 6.1 Medium2025-12-31
CVE-2025-67705 Reflected XSS vulnerability in ArcGIS Server. — ArcGIS Server 6.1 Medium2025-12-31
CVE-2025-67704 Stored XSS vulnerability in ArcGIS Server. — ArcGIS Server 6.1 Medium2025-12-31
CVE-2025-67703 Stored XSS vulnerability in ArcGIS Server. — ArcGIS Server 6.1 Medium2025-12-31
CVE-2025-53235 WordPress Easy Social plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability — Easy Social 7.1 High2025-12-31
CVE-2025-52739 WordPress Sala theme <= 1.1.3 - Cross Site Scripting (XSS) vulnerability — Sala 7.1 High2025-12-31
CVE-2025-50053 WordPress Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App Plugin <= 0.8.8.8 - Cross Site Scripting (XSS) Vulnerability — Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App 7.1 High2025-12-31
CVE-2025-47566 WordPress ZoomSounds plugin <= 6.91 - Reflected Cross Site Scripting (XSS) vulnerability — ZoomSounds 7.1 High2025-12-31
CVE-2025-23757 WordPress ZD Scribd iPaper plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability — ZD Scribd iPaper 7.1 High2025-12-31
CVE-2025-23719 WordPress ZhinaTwitterWidget plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability — ZhinaTwitterWidget 7.1 High2025-12-31
CVE-2025-23707 WordPress En Masse plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability — En Masse 7.1 High2025-12-31
CVE-2025-23705 WordPress Zielke Design Project Gallery plugin <= 2.5.0 - Reflected Cross Site Scripting (XSS) vulnerability — Zielke Design Project Gallery 7.1 High2025-12-31
CVE-2025-23667 WordPress custom-post-edit plugin <= 1.0.4 - Reflected Cross Site Scripting (XSS) vulnerability — custom-post-edit 7.1 High2025-12-31
CVE-2021-47743 COMMAX Biometric Access Control System 1.0.0 Reflected XSS via Cookie Parameters — COMMAX Biometric Access Control System 6.1 Medium2025-12-31
CVE-2021-47725 STVS ProVision 5.9.10 Authenticated Reflected Cross-Site Scripting via Files Parameter — STVS ProVision 5.4 Medium2025-12-31
CVE-2025-49355 WordPress Accessibility Press plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability — Accessibility Press 5.9 Medium2025-12-31
CVE-2025-49337 WordPress Dashboard Beacon plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability — Dashboard Beacon 5.9 Medium2025-12-31
CVE-2025-59135 WordPress Behance Portfolio Manager plugin <= 1.7.5 - Cross Site Scripting (XSS) vulnerability — Behance Portfolio Manager 5.9 Medium2025-12-31
CVE-2025-62989 WordPress Cooked plugin <= 1.11.3 - Cross Site Scripting (XSS) vulnerability — Cooked 5.9 Medium2025-12-31
CVE-2025-23608 WordPress LIVE TV plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability — LIVE TV 7.1 High2025-12-31
CVE-2019-25262 elinicksic Razgover Chat Message send.php cross site scripting — Razgover 3.5 Low2025-12-31

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21520 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.