CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21535

21535 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-50053	WordPress Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App Plugin <= 0.8.8.8 - Cross Site Scripting (XSS) Vulnerability — Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App	7.1	High	2025-12-31
CVE-2025-47566	WordPress ZoomSounds plugin <= 6.91 - Reflected Cross Site Scripting (XSS) vulnerability — ZoomSounds	7.1	High	2025-12-31
CVE-2025-23757	WordPress ZD Scribd iPaper plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability — ZD Scribd iPaper	7.1	High	2025-12-31
CVE-2025-23719	WordPress ZhinaTwitterWidget plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability — ZhinaTwitterWidget	7.1	High	2025-12-31
CVE-2025-23707	WordPress En Masse plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability — En Masse	7.1	High	2025-12-31
CVE-2025-23705	WordPress Zielke Design Project Gallery plugin <= 2.5.0 - Reflected Cross Site Scripting (XSS) vulnerability — Zielke Design Project Gallery	7.1	High	2025-12-31
CVE-2025-23667	WordPress custom-post-edit plugin <= 1.0.4 - Reflected Cross Site Scripting (XSS) vulnerability — custom-post-edit	7.1	High	2025-12-31
CVE-2021-47743	COMMAX Biometric Access Control System 1.0.0 Reflected XSS via Cookie Parameters — COMMAX Biometric Access Control System	6.1	Medium	2025-12-31
CVE-2021-47725	STVS ProVision 5.9.10 Authenticated Reflected Cross-Site Scripting via Files Parameter — STVS ProVision	5.4	Medium	2025-12-31
CVE-2025-49355	WordPress Accessibility Press plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability — Accessibility Press	5.9	Medium	2025-12-31
CVE-2025-49337	WordPress Dashboard Beacon plugin <= 1.2.0 - Cross Site Scripting (XSS) vulnerability — Dashboard Beacon	5.9	Medium	2025-12-31
CVE-2025-59135	WordPress Behance Portfolio Manager plugin <= 1.7.5 - Cross Site Scripting (XSS) vulnerability — Behance Portfolio Manager	5.9	Medium	2025-12-31
CVE-2025-62989	WordPress Cooked plugin <= 1.11.3 - Cross Site Scripting (XSS) vulnerability — Cooked	5.9	Medium	2025-12-31
CVE-2025-23608	WordPress LIVE TV plugin <= 1.2 - Reflected Cross Site Scripting (XSS) vulnerability — LIVE TV	7.1	High	2025-12-31
CVE-2019-25262	elinicksic Razgover Chat Message send.php cross site scripting — Razgover	3.5	Low	2025-12-31
CVE-2025-63021	WordPress Valenti Engine plugin <= 1.0.3 - Cross Site Scripting (XSS) vulnerability — Valenti Engine	6.5	Medium	2025-12-31
CVE-2025-62119	WordPress Add Featured Image Custom Link plugin <= 2.0.0 - Cross Site Scripting (XSS) vulnerability — Add Featured Image Custom Link	5.9	Medium	2025-12-31
CVE-2025-62121	WordPress Logo Slider , Logo Carousel , Logo showcase , Client Logo plugin <= 1.8.1 - Cross Site Scripting (XSS) vulnerability — Logo Slider , Logo Carousel , Logo showcase , Client Logo	5.9	Medium	2025-12-31
CVE-2025-62124	WordPress WP Post Signature plugin <= 0.4.1 - Cross Site Scripting (XSS) vulnerability — WP Post Signature	5.9	Medium	2025-12-31
CVE-2025-62750	WordPress WooCommerce Parcelas plugin <= 1.3.5 - Cross Site Scripting (XSS) vulnerability — WooCommerce Parcelas	5.9	Medium	2025-12-31
CVE-2025-62140	WordPress Locatoraid Store Locator plugin <= 3.9.68 - Cross Site Scripting (XSS) vulnerability — Locatoraid Store Locator	5.9	Medium	2025-12-31
CVE-2025-62142	WordPress Post Video Players plugin <= 1.163 - Cross Site Scripting (XSS) vulnerability — Post Video Players	5.9	Medium	2025-12-31
CVE-2025-62149	WordPress Add Custom Codes plugin <= 4.80 - Cross Site Scripting (XSS) vulnerability — Add Custom Codes	5.9	Medium	2025-12-31
CVE-2025-62095	WordPress Bootstrap Modals plugin <= 1.3.2 - Cross Site Scripting (XSS) vulnerability — Bootstrap Modals	6.5	Medium	2025-12-31
CVE-2025-62096	WordPress Maximum Products per User for WooCommerce plugin <= 4.4.3 - Cross Site Scripting (XSS) vulnerability — Maximum Products per User for WooCommerce	6.5	Medium	2025-12-31
CVE-2025-62097	WordPress SEO Slider plugin <= 1.1.1 - Cross Site Scripting (XSS) vulnerability — SEO Slider	6.5	Medium	2025-12-31
CVE-2025-63020	WordPress Postie plugin <= 1.9.73 - Cross Site Scripting (XSS) vulnerability — Postie	6.5	Medium	2025-12-31
CVE-2025-62111	WordPress Extra Shortcodes plugin <= 2.2 - Cross Site Scripting (XSS) vulnerability — Extra Shortcodes	6.5	Medium	2025-12-31
CVE-2025-49357	WordPress Audiomack plugin <= 1.4.8 - Cross Site Scripting (XSS) vulnerability — Audiomack	6.5	Medium	2025-12-31
CVE-2025-62742	WordPress Curator.io plugin <= 1.9.5 - Cross Site Scripting (XSS) vulnerability — Curator.io	6.5	Medium	2025-12-31

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21535 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21535