Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21520

21520 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2021-47737 CSZ CMS 1.2.7 HTML Injection Vulnerability via Member Dashboard — CSZ CMS 5.4 Medium2025-12-23
CVE-2021-47733 CMSimple 5.4 Cross-Site Scripting via HTML Unicode Encoding — CMSimple 6.1 Medium2025-12-23
CVE-2021-47716 Orangescrum 1.8.0 Cross-Site Scripting via Authenticated Endpoints — orangescrum 5.4 Medium2025-12-23
CVE-2021-47738 CSZ CMS 1.2.7 Persistent Cross-Site Scripting via Private Messaging — CSZ CMS 5.4 Medium2025-12-23
CVE-2021-47732 CMSimple 5.2 Stored Cross-Site Scripting via Filebrowser External Input — CMSimple 6.1 Medium2025-12-23
CVE-2025-13183 Stored XSS in Hotech's Otello — Otello 7.3 High2025-12-23
CVE-2025-68548 WordPress Responsive Posts Carousel Pro plugin <= 15.2 - Cross Site Scripting (XSS) vulnerability — Responsive Posts Carousel Pro 6.5 Medium2025-12-23
CVE-2025-68559 WordPress TheGem Theme Elements (for Elementor) plugin <= 5.10.5.1 - Cross Site Scripting (XSS) vulnerability — TheGem Theme Elements (for Elementor) 6.5 Medium2025-12-23
CVE-2025-14635 Happy Addons for Elementor <= 3.20.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom JS — Happy Addons for Elementor 6.4 Medium2025-12-23
CVE-2025-14000 Membership Plugin – Restrict Content <= 3.2.15 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes — Membership Plugin – Restrict Content 6.4 Medium2025-12-23
CVE-2025-14548 Calendar <= 1.3.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'event_desc' — Calendar 6.4 Medium2025-12-23
CVE-2025-68614 LibreNMS Alert Rule API Cross-Site Scripting Vulnerability — librenms 4.3 Medium2025-12-22
CVE-2023-53978 myBB Forums 1.8.26 Stored Cross-Site Scripting via Forum Announcements — myBB forums 5.4 Medium2025-12-22
CVE-2023-53976 myBB Forums 1.8.26 Stored Cross-Site Scripting via Template Management — myBB forums 5.4 Medium2025-12-22
CVE-2023-53977 myBB Forums 1.8.26 Stored Cross-Site Scripting via Forum Management — myBB forums 5.4 Medium2025-12-22
CVE-2025-54890 A user with elevated privileges can inject XSS in the Hostgroups configuration page — Infra Monitoring 6.8 Medium2025-12-22
CVE-2025-8460 A user with elevated privileges can inject XSS in the Notification rules configuration page — Infra Monitoring 6.8 Medium2025-12-22
CVE-2025-62094 WordPress Void Elementor WHMCS Elements For Elementor Page Builder plugin <= 2.0.1.2 - Cross Site Scripting (XSS) vulnerability — Void Elementor WHMCS Elements For Elementor Page Builder 6.5 Medium2025-12-22
CVE-2025-62901 WordPress WP Microdata plugin <= 1.0 - Cross Site Scripting (XSS) vulnerability — WP Microdata 6.5 Medium2025-12-21
CVE-2025-62926 WordPress TempTool [Show Current Template Info] plugin <= 1.3.1 - Cross Site Scripting (XSS) vulnerability — TempTool [Show Current Template Info] 6.5 Medium2025-12-21
CVE-2025-14855 SureForms <= 2.2.0 - Unauthenticated Stored Cross-Site Scripting — SureForms – Contact Form, Payment Form & Other Custom Form Builder 7.2 High2025-12-21
CVE-2025-14991 Campcodes Complete Online Beauty Parlor Management System bwdates-reports-details.php cross site scripting — Complete Online Beauty Parlor Management System 2.4 Low2025-12-21
CVE-2025-13220 Ultimate Member <= 2.11.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin 6.4 Medium2025-12-21
CVE-2025-12398 Product Table for WooCommerce <= 5.0.8 - Reflected Cross-Site Scripting — Product Table for WooCommerce 6.1 Medium2025-12-21
CVE-2025-13693 Image Photo Gallery Final Tiles Grid <= 3.6.8 - Authenticated (Author+) Stored Cross-Site Scripting via 'Custom Scripts' Setting — Image Photo Gallery Final Tiles Grid 6.4 Medium2025-12-21
CVE-2025-9343 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.4 - Unauthenticated Stored Cross-Site Scripting — ELEX WordPress HelpDesk & Customer Ticketing System 7.2 High2025-12-21
CVE-2025-14054 WC Builder <= 1.2.0 - Authenticated (Shop Manager+) Stored Cross-Site Scripting via 'heading_color' Shortcode Attribute — WC Builder – WooCommerce Page Builder for WPBakery 4.4 Medium2025-12-21
CVE-2025-13838 WishSuite <= 1.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'button_text' Shortcode Attribute — WishSuite – Wishlist for WooCommerce 6.4 Medium2025-12-21
CVE-2025-11496 Five Star Restaurant Reservations – WordPress Booking Plugin <= 2.7.5 - Unauthenticated Stored Cross-Site Scripting — Five Star Restaurant Reservations – WordPress Booking Plugin 6.1 Medium2025-12-21
CVE-2025-14298 FiboSearch – Ajax Search for WooCommerce <= 1.32.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via thegem_te_search Shortcode — FiboSearch – Ajax Search for WooCommerce 5.4 Medium2025-12-20

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21520 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.