Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21535

21535 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-23458 WordPress Ads24 Lite plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability — Ads24 Lite 7.1 High2025-12-29
CVE-2025-68499 WordPress JetTabs plugin <= 2.2.12 - Cross Site Scripting (XSS) vulnerability — JetTabs 6.5 Medium2025-12-29
CVE-2025-68504 WordPress JetSearch plugin <= 3.5.16 - Cross Site Scripting (XSS) vulnerability — JetSearch 6.5 Medium2025-12-29
CVE-2025-68607 WordPress Custom Field Template plugin <= 2.7.7 - Cross Site Scripting (XSS) vulnerability — Custom Field Template 6.5 Medium2025-12-29
CVE-2025-15204 SohuTV CacheCloud QuartzManageController.java doQuartzList cross site scripting — CacheCloud 2.4 Low2025-12-29
CVE-2025-15203 SohuTV CacheCloud ResourceController.java index cross site scripting — CacheCloud 2.4 Low2025-12-29
CVE-2025-15202 SohuTV CacheCloud TaskController.java taskQueueList cross site scripting — CacheCloud 2.4 Low2025-12-29
CVE-2025-15201 SohuTV CacheCloud WebResourceController.java redirectNoPower cross site scripting — CacheCloud 3.5 Low2025-12-29
CVE-2025-15200 SohuTV CacheCloud AppClientDataShowController.java doIndex cross site scripting — CacheCloud 2.4 Low2025-12-29
CVE-2025-55064 Priority - CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') — Web 4.8 Medium2025-12-29
CVE-2025-55063 Priority - CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') — Web 4.8 Medium2025-12-29
CVE-2025-55062 Priority - CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') — Web 4.8 Medium2025-12-29
CVE-2025-68868 WordPress Wp Text Slider Widget plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability — Wp Text Slider Widget 6.5 Medium2025-12-29
CVE-2025-68876 WordPress Invelity SPS connect plugin <= 1.0.8 - Reflected Cross Site Scripting (XSS) vulnerability — Invelity SPS connect 7.1 High2025-12-29
CVE-2025-68878 WordPress Advanced Custom CSS plugin <= 1.1.0 - Reflected Cross Site Scripting (XSS) vulnerability — Advanced Custom CSS 7.1 High2025-12-29
CVE-2025-68879 WordPress Content Grid Slider plugin <= 1.5 - Reflected Cross Site Scripting (XSS) vulnerability — Content Grid Slider 7.1 High2025-12-29
CVE-2025-68951 phpMyFAQ has stored XSS in admin "List of users" via display_name HTML entity decoding (html_entity_decode) + Twig |raw — phpMyFAQ 5.4 Medium2025-12-29
CVE-2025-68928 Frappe CRM vulnerable to authenticated XSS via website field — crm 5.4 Medium2025-12-29
CVE-2025-15188 Campcodes Complete Online Beauty Parlor Management System search-invoices.php cross site scripting — Complete Online Beauty Parlor Management System 2.4 Low2025-12-29
CVE-2025-15175 SohuTV CacheCloud AppController.java appCommandAnalysis cross site scripting — CacheCloud 3.5 Low2025-12-29
CVE-2025-15174 SohuTV CacheCloud AppManageController.java doAppAuditList cross site scripting — CacheCloud 3.5 Low2025-12-29
CVE-2025-15173 SohuTV CacheCloud InstanceController.java advancedAnalysis cross site scripting — CacheCloud 3.5 Low2025-12-29
CVE-2025-15172 SohuTV CacheCloud RedisConfigTemplateController.java preview cross site scripting — CacheCloud 3.5 Low2025-12-29
CVE-2025-15171 SohuTV CacheCloud ServerController.java index cross site scripting — CacheCloud 3.5 Low2025-12-29
CVE-2025-15170 Advaya Softech GEMS ERP Portal Error Message home.jsp cross site scripting — GEMS ERP Portal 4.3 Medium2025-12-29
CVE-2025-15149 rawchen ecms Add New Product updateProductServlet.java updateProductServlet cross site scripting — ecms 2.4 Low2025-12-28
CVE-2025-15146 SohuTV CacheCloud UserManageController.java doUserList cross site scripting — CacheCloud 2.4 Low2025-12-28
CVE-2025-15145 SohuTV CacheCloud TotalManageController.java doTotalList cross site scripting — CacheCloud 2.4 Low2025-12-28
CVE-2025-15144 dayrui XunRuiCMS JSONP Callback Init.php dr_exit_msg cross site scripting — XunRuiCMS 4.3 Medium2025-12-28
CVE-2025-15134 yourmaileyes MOOC Submission MainController.java subreview cross site scripting — MOOC 3.5 Low2025-12-28

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21535 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.