Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21521

21521 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2023-53737 Kentico Xperience <= 13.0.101 Localization Application Stored XSS — Xperience 4.8 Medium2025-12-18
CVE-2023-53738 Kentico Xperience <= 13.0.109 Page Preview Reflected XSS — Xperience 5.4 Medium2025-12-18
CVE-2023-53736 Kentico Xperience <= 13.0.120 Administration Interface Reflected XSS — Xperience 5.4 Medium2025-12-18
CVE-2022-50685 Kentico Xperience <= 13.0.56 File Upload Stored XSS — Xperience 5.4 Medium2025-12-18
CVE-2022-50684 Kentico Xperience <= 13.0.71 Form Emails HTML Injection — Xperience 6.1 Medium2025-12-18
CVE-2022-50683 Kentico Xperience <= 13.0.74 Form Configuration Stored XSS — Xperience 5.4 Medium2025-12-18
CVE-2022-50681 Kentico Xperience <= 13.0.88 Rich Text Editor Reflected XSS — Xperience 6.1 Medium2025-12-18
CVE-2022-50680 Kentico Xperience <= 13.0.92 Email Marketing Stored XSS — Xperience 4.8 Medium2025-12-18
CVE-2020-36891 Kentico Xperience <= 12.0.49 File Upload Stored XSS — Xperience 5.4 Medium2025-12-18
CVE-2020-36889 Kentico Xperience <= 12.0.90 Administration Interface Stored XSS — Xperience 5.4 Medium2025-12-18
CVE-2025-64355 WordPress JetElements For Elementor plugin <= 2.7.12 - Cross Site Scripting (XSS) vulnerability — JetElements For Elementor 6.5 Medium2025-12-18
CVE-2025-9787 Stored XSS — ManageEngine Applications Manager 6.1 Medium2025-12-18
CVE-2025-40893 HTML injection in Asset List in Guardian/CMC before 25.5.0 — Guardian 6.1 Medium2025-12-18
CVE-2025-40892 Stored Cross-Site Scripting (XSS) in Reports in Guardian/CMC before 25.5.0 — Guardian 8.9 High2025-12-18
CVE-2025-40891 HTML injection in in Time Machine functionality in Guardian/CMC before 25.5.0 — Guardian 4.7 Medium2025-12-18
CVE-2025-13730 OpenID Connect Generic Client <= 3.10.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — OpenID Connect Generic Client 6.4 Medium2025-12-18
CVE-2025-66119 WordPress Hostel plugin <= 1.1.5.9 - Cross Site Scripting (XSS) vulnerability — Hostel 7.1 High2025-12-18
CVE-2025-66118 WordPress Sprout Clients plugin <= 3.2.1 - Cross Site Scripting (XSS) vulnerability — Sprout Clients 7.1 High2025-12-18
CVE-2025-66102 WordPress FV Antispam plugin <= 2.7 - Cross Site Scripting (XSS) vulnerability — FV Antispam 7.1 High2025-12-18
CVE-2025-64376 WordPress ListingPro theme < 2.9.10 - Cross Site Scripting (XSS) vulnerability — ListingPro 7.1 High2025-12-18
CVE-2025-64372 WordPress Traveler theme < 3.2.6 - Cross Site Scripting (XSS) vulnerability — Traveler 7.1 High2025-12-18
CVE-2025-64260 WordPress ANAC XML Bandi di Gara plugin <= 7.7 - Cross Site Scripting (XSS) vulnerability — ANAC XML Bandi di Gara 7.1 High2025-12-18
CVE-2025-64221 WordPress Reservation Plugin plugin <= 1.6 - Cross Site Scripting (XSS) vulnerability — Reservation Plugin 7.1 High2025-12-18
CVE-2025-64217 WordPress Photography theme <= 7.7.2 - Cross Site Scripting (XSS) vulnerability — Photography 7.1 High2025-12-18
CVE-2025-64207 WordPress Jannah theme <= 7.6.0 - Cross Site Scripting (XSS) vulnerability — Jannah 7.1 High2025-12-18
CVE-2025-64203 WordPress Mailster plugin < 4.1.14 - Cross Site Scripting (XSS) vulnerability — Mailster 7.1 High2025-12-18
CVE-2025-6324 WordPress Easy Invoice plugin <= 2.0.9 - Cross Site Scripting (XSS) vulnerability — Easy Invoice 7.1 High2025-12-18
CVE-2025-64191 WordPress XStore theme < 9.6.1 - Cross Site Scripting (XSS) vulnerability — XStore 7.1 High2025-12-18
CVE-2025-64189 WordPress XStore Core plugin < 5.6 - Cross Site Scripting (XSS) vulnerability — XStore Core 7.1 High2025-12-18
CVE-2025-60182 WordPress Support Board plugin < 3.8.7 - Cross Site Scripting (XSS) vulnerability — Support Board 7.1 High2025-12-18

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21521 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.