Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21521

21521 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-14385 WP Recipe Maker <= 10.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — WP Recipe Maker 6.4 Medium2025-12-17
CVE-2025-13861 HTML Forms – Simple WordPress Forms Plugin <= 1.6.0 - Unauthenticated Stored Cross-Site Scripting — HTML Forms – Simple WordPress Forms Plugin 6.1 Medium2025-12-17
CVE-2025-13977 Essential Addons for Elementor – Popular Elementor Templates & Widgets <= 6.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — Essential Addons for Elementor – Popular Elementor Templates & Widgets 6.4 Medium2025-12-17
CVE-2025-14801 xiweicheng TMS create createComment cross site scripting — TMS 2.4 Low2025-12-17
CVE-2025-14701 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Crafty Controller — Crafty Controller 7.1 High2025-12-17
CVE-2023-53900 Spip 4.1.10 Admin Account Spoofing via Malicious SVG Upload — spip 8.8 High2025-12-16
CVE-2023-53903 WebsiteBaker 2.13.3 Stored Cross-Site Scripting via SVG File Upload — WebsiteBaker 5.4 Medium2025-12-16
CVE-2023-53898 Rukovoditel 3.4.1 Multiple Stored Cross-Site Scripting via Configuration — Rukovoditel 5.4 Medium2025-12-16
CVE-2023-53897 Rukovoditel 3.4.1 Multiple Stored Cross-Site Scripting via Comments — Rukovoditel 5.4 Medium2025-12-16
CVE-2025-68116 FileRise vulnerable to Cross-Site Scripting (XSS) in SVG File Handling — FileRise 8.9 High2025-12-16
CVE-2025-59935 GLPI Vulnerable to Unauthenticated Stored XSS on the Inventory page — glpi 6.5 Medium2025-12-16
CVE-2025-68268 JetBrains TeamCity 跨站脚本漏洞 — TeamCity 5.4 Medium2025-12-16
CVE-2025-68166 JetBrains TeamCity 跨站脚本漏洞 — TeamCity 5.4 Medium2025-12-16
CVE-2025-68165 JetBrains TeamCity 跨站脚本漏洞 — TeamCity 5.4 Medium2025-12-16
CVE-2025-68163 JetBrains TeamCity 跨站脚本漏洞 — TeamCity 3.5 Low2025-12-16
CVE-2025-11220 Elementor <= 3.33.3 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Text Path — Elementor Website Builder – more than just a page builder 6.4 Medium2025-12-16
CVE-2025-68078 WordPress Salient Portfolio theme <= 1.8.2 - Cross Site Scripting (XSS) vulnerability — Salient Portfolio 6.5 Medium2025-12-16
CVE-2025-68080 WordPress User Avatar - Reloaded plugin <= 1.2.2 - Cross Site Scripting (XSS) vulnerability — User Avatar - Reloaded 6.5 Medium2025-12-16
CVE-2025-68079 WordPress Salient Shortcodes plugin <= 1.5.4 - Cross Site Scripting (XSS) vulnerability — Salient Shortcodes 6.5 Medium2025-12-16
CVE-2025-68076 WordPress Stockholm Core plugin <= 2.4.6 - Cross Site Scripting (XSS) vulnerability — Stockholm Core 6.5 Medium2025-12-16
CVE-2025-68070 WordPress VK Google Job Posting Manager plugin <= 1.2.22 - Cross Site Scripting (XSS) vulnerability — VK Google Job Posting Manager 6.5 Medium2025-12-16
CVE-2025-68077 WordPress Stockholm theme <= 9.14.1 - Cross Site Scripting (XSS) vulnerability — Stockholm 6.5 Medium2025-12-16
CVE-2025-67983 WordPress WP Visitor Statistics (Real Time Traffic) plugin <= 8.3 - Cross Site Scripting (XSS) vulnerability — WP Visitor Statistics (Real Time Traffic) 6.5 Medium2025-12-16
CVE-2025-67986 WordPress Document Library Lite plugin <= 1.1.7 - Cross Site Scripting (XSS) vulnerability — Document Library Lite 5.9 Medium2025-12-16
CVE-2025-67951 WordPress WPZOOM Addons for Elementor plugin <= 1.2.10 - Cross Site Scripting (XSS) vulnerability — WPZOOM Addons for Elementor 6.5 Medium2025-12-16
CVE-2025-67912 WordPress Stars Testimonials plugin <= 3.3.4 - Cross Site Scripting (XSS) vulnerability — Stars Testimonials 6.5 Medium2025-12-16
CVE-2025-68115 Parse Server vulnerable to Cross-Site Scripting (XSS) via Unescaped Mustache Template Variables — parse-server 6.1AIMediumAI2025-12-16
CVE-2025-64338 ClipBucket's Manage Photos Feature is Vulnerable to Stored XSS via Collection Name — clipbucket-v5--2025-12-15
CVE-2025-14722 vion707 DMadmin Backend AddonsController.class.php add cross site scripting — DMadmin 2.4 Low2025-12-15
CVE-2023-53891 Blackcat CMS 1.4 Stored Cross-Site Scripting via Page Modification — Blackcat CMS 5.4AIMediumAI2025-12-15

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21521 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.