Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21520

21520 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-12581 Attachments Handler <= 1.1.7 - Reflected Cross-Site Scripting — Attachments Handler 6.1 Medium2025-12-20
CVE-2025-13624 Overstock Affiliate Links <= 1.1 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] — Overstock Affiliate Links 6.1 Medium2025-12-20
CVE-2025-14721 Responsive and Swipe slider <= 1.0.2 - Authenticated (Editor+) Stored Cross-Site Scripting via Shortcode — RESPONSIVE AND SWIPE SLIDER! 5.5 Medium2025-12-20
CVE-2023-53953 WebsiteBaker 2.13.3 Stored Cross-Site Scripting via Page Creation — WebsiteBaker 5.4 Medium2025-12-19
CVE-2025-67712 HTML injection issue in ArcGIS Web App Builder — ArcGIS Web AppBuilder {Developer Edition) 4.7 Medium2025-12-19
CVE-2025-14962 code-projects Simple Stock System chatuser.php cross site scripting — Simple Stock System 4.3 Medium2025-12-19
CVE-2025-68457 Orejime has executable code in HTML attributes — orejime 8.8AIHighAI2025-12-19
CVE-2025-14151 SlimStat Analytics <= 5.3.2 - Unauthenticated Stored Cross-Site Scripting — SlimStat Analytics 7.2 High2025-12-19
CVE-2025-11747 Colibri Page Builder <= 1.0.345 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Colibri Page Builder 6.4 Medium2025-12-19
CVE-2025-66522 Foxit pdfonline.foxit.com Stored Cross-Site Scripting in Digital IDs Common Name Field — pdfonline.foxit.com 6.3 Medium2025-12-19
CVE-2025-66521 Foxit pdfonline.foxit.com Stored Cross-Site Scripting in Trusted Certificates Feature — pdfonline.foxit.com 6.3 Medium2025-12-19
CVE-2025-66520 Foxit pdfonline.foxit.com Stored Cross-Site Scripting in Portfolio SVG Handling — pdfonline.foxit.com 6.3 Medium2025-12-19
CVE-2025-66519 Foxit pdfonline.foxit.com Stored Cross-Site Scripting in Layer Import Functionality — pdfonline.foxit.com 6.3 Medium2025-12-19
CVE-2025-66502 Foxit pdfonline.foxit.com Stored Cross-Site Scripting in Page Templates Feature — pdfonline.foxit.com 6.3 Medium2025-12-19
CVE-2025-66501 Foxit pdfonline.foxit.com Stored Cross-Site Scripting in eSign Predefined Text Feature — pdfonline.foxit.com 6.3 Medium2025-12-19
CVE-2025-66500 Foxit webplugins.foxit.com Stored Cross-Site Scripting via postMessage Vulnerability — webplugins.foxit.com 6.3 Medium2025-12-19
CVE-2025-14449 BA Book Everything <= 1.8.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via babe-search-form Shortcode — BA Book Everything 6.4 Medium2025-12-19
CVE-2025-64675 Azure Cosmos DB Spoofing Vulnerability — Azure Cosmos DB 8.3 High2025-12-18
CVE-2025-68387 Kibana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') — Kibana 6.1 Medium2025-12-18
CVE-2025-68385 Kibana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') — Kibana 7.2 High2025-12-18
CVE-2025-64677 Office Out-of-Box Experience Spoofing Vulnerability — Office Out-of-Box Experience 8.2 High2025-12-18
CVE-2024-58323 Kentico Xperience <= 13.0.158 Checkbox Form Component Stored XSS — Xperience 5.4 Medium2025-12-18
CVE-2024-58321 Kentico Xperience <= 13.0.159 Form Validation Stored XSS — Xperience 5.4 Medium2025-12-18
CVE-2024-58322 Kentico Xperience <= 13.0.158 Shipping Options Stored XSS — Xperience 5.4 Medium2025-12-18
CVE-2024-58318 Kentico Xperience <= 13.0.162 Rich Text Editor Stored XSS — Xperience 6.1 Medium2025-12-18
CVE-2024-58319 Kentico Xperience <= 13.0.160 Pages Dashboard Widget Reflected XSS — Xperience 6.1 Medium2025-12-18
CVE-2023-53939 TinyWebGallery v2.5 Stored Cross-Site Scripting via Folder Name Parameter — TinyWebGallery 5.4 Medium2025-12-18
CVE-2023-53938 RockMongo 1.1.7 Stored Cross-Site Scripting Vulnerability via Multiple Parameters — RockMongo 5.4 Medium2025-12-18
CVE-2023-53936 Cameleon CMS 2.7.4 Authenticated Persistent Cross-Site Scripting via Post Creation — Cameleon CMS 4.8 Medium2025-12-18
CVE-2023-53737 Kentico Xperience <= 13.0.101 Localization Application Stored XSS — Xperience 4.8 Medium2025-12-18

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21520 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.