Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21521

21521 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-57897 WordPress Logtik theme <= 2.3 - Cross Site Scripting (XSS) vulnerability — Logtik 7.1 High2025-12-18
CVE-2025-12976 Events Manager <= 7.2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'events_list_grouped' Shortcode — Events Manager – Calendar, Bookings, Tickets, and more! 6.4 Medium2025-12-18
CVE-2025-68461 Roundcube Webmail 跨站脚本漏洞 — Webmail 7.2 High2025-12-18
CVE-2025-12885 Embed Any Document <= 2.7.10 - Authenticated (Contributor+) Stored Cross-Site Scripting — Embed Any Document – Embed PDF, Word, PowerPoint and Excel Files 6.4 Medium2025-12-18
CVE-2025-14202 Cross-Site Request Forgery (CSRF) Leading to Account Takeover via SVG File Upload — LinkDing 8.8AIHighAI2025-12-17
CVE-2023-53931 Revive Adserver 5.4.1 Cross-Site Scripting via Banner Advanced Settings — revive-adserver 6.1 Medium2025-12-17
CVE-2023-53932 Serendipity 2.4.0 Stored Cross-Site Scripting via Admin Entry Creation — Serendipity 5.4 Medium2025-12-17
CVE-2023-53928 PHPFusion 9.10.30 Stored Cross-Site Scripting via File Manager Upload — PHPFusion 5.4 Medium2025-12-17
CVE-2023-53927 PHPJabbers Simple CMS 5.0 Stored Cross-Site Scripting via Section Creation — Simple CMS 5.4 Medium2025-12-17
CVE-2023-53925 UliCMS 2023.1 Stored Cross-Site Scripting via SVG File Upload — Ulicms 6.1 Medium2025-12-17
CVE-2023-53920 PodcastGenerator Stored Cross-Site Scripting via Podcast Title Field — PodcastGenerator 5.4 Medium2025-12-17
CVE-2023-53919 PodcastGenerator Stored Cross-Site Scripting via Freebox Content Field — PodcastGenerator 5.4 Medium2025-12-17
CVE-2023-53918 PodcastGenerator Stored Cross-Site Scripting via Episode Title Field — PodcastGenerator 6.1 Medium2025-12-17
CVE-2023-53916 Zenphoto 1.6 Stored Cross-Site Scripting via User Postal Code Field — Zenphoto 4.6 Medium2025-12-17
CVE-2023-53915 Zenphoto 1.6 Stored Cross-Site Scripting via Album Description — Zenphoto 4.6 Medium2025-12-17
CVE-2023-53911 Textpattern CMS 4.8.8 Authenticated Stored Cross-Site Scripting via Article Excerpt — Textpattern CMS 5.4 Medium2025-12-17
CVE-2023-53909 WBCE CMS 1.6.1 SVG File Content Cross-Site Scripting — WBCE CMS 5.4 Medium2025-12-17
CVE-2023-53910 WBCE CMS 1.6.1 Stored Cross-Site Scripting via Page Content — WBCE CMS 5.4 Medium2025-12-17
CVE-2023-53906 ProjectSend r1605 Stored Cross-Site Scripting via Custom Assets Page — projectSend 4.8 Medium2025-12-17
CVE-2023-53904 Xenforo 2.2.13 Authenticated Stored Cross-Site Scripting via Smilie Categories — Xenforo 4.6 Medium2025-12-17
CVE-2025-68147 opensourcepos has a Cross-site Scripting vulnerability — opensourcepos 8.1 High2025-12-17
CVE-2025-68275 ChurchCRM vulnerable to Stored XSS - Group name > Person Listing — CRM 5.4AIMediumAI2025-12-17
CVE-2025-68401 ChurchCRM has Stored Cross-Site Scripting (XSS) vulnerability that leads to session theft and account takeover — CRM 7.6AIHighAI2025-12-17
CVE-2025-68399 ChurchCRM has Stored Cross-Site Scripting (XSS) In GroupEditor.php — CRM 5.4AIMediumAI2025-12-17
CVE-2025-67876 ChurchCRM has Stored XSS in Group Role Name Leading to Admin Session Hijacking — CRM 5.4AIMediumAI2025-12-17
CVE-2025-67875 ChurchCRM has stored XSS via Person Property Assignment Leading to Admin Session Hijacking — CRM 7.6AIHighAI2025-12-17
CVE-2025-13537 Live Composer – Free WordPress Website Builder <= 2.0.2 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting — Live Composer – Free WordPress Website Builder 6.4 Medium2025-12-17
CVE-2025-13217 Ultimate Member <= 2.11.0 - Authenticated (Subscriber+) Stored Cross-Site Scripting via 'value' — Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin 6.4 Medium2025-12-17
CVE-2025-14347 Reflected XSS in Proliz's OBS — OBS (Student Affairs Information System)0 6.3 Medium2025-12-17
CVE-2025-14154 Better Messages – Live Chat for WordPress, BuddyPress, PeepSo, Ultimate Member, BuddyBoss <= 2.10.2 - Unauthenticated Stored Cross-Site Scripting — Better Messages – Live Chat, Chat Rooms, Real-Time Messaging & Private Messages 6.1 Medium2025-12-17

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21521 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.