CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21521

21521 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2023-53890	Perch CMS 3.2 Stored Cross-Site Scripting via SVG File Upload — Perch	5.4^AI	Medium^AI	2025-12-15
CVE-2023-53887	Zomplog 3.9 Cross-Site Scripting Vulnerability via Page Creation — Zomplog	5.4^AI	Medium^AI	2025-12-15
CVE-2023-53884	Webedition CMS v2.9.8.8 Stored Cross-Site Scripting via SVG Upload — Webedition CMS	5.4^AI	Medium^AI	2025-12-15
CVE-2023-53882	JLex GuestBook 1.6.4 Reflected Cross-Site Scripting via URL Parameter — JLex GuestBook	6.1^AI	Medium^AI	2025-12-15
CVE-2023-53880	Lucee 5.4.2.17 Authenticated Reflected Cross-Site Scripting via Admin Interfaces — Lucee	5.4^AI	Medium^AI	2025-12-15
CVE-2023-53870	Jorani 1.0.3 Cross-Site Scripting Vulnerability via Language Parameter — Jorani	6.1^AI	Medium^AI	2025-12-15
CVE-2025-14387	LearnPress – WordPress LMS Plugin <= 4.3.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via get_profile_social — LearnPress – WordPress LMS Plugin for Create and Sell Online Courses	6.4	Medium	2025-12-15
CVE-2025-13728	FluentAuth - Auth Security Plugin <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'fluent_auth_reset_password' Shortcode — FluentAuth – The Ultimate Authorization & Security Plugin for WordPress	6.4	Medium	2025-12-15
CVE-2025-13610	RegistrationMagic <= 6.0.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'RM_Forms' Shortcode — RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login	6.4	Medium	2025-12-15
CVE-2025-13367	User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin <= 4.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder	6.4	Medium	2025-12-15
CVE-2025-13608	CC Child Pages <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'child_pages' Shortcode — CC Child Pages	6.4	Medium	2025-12-15
CVE-2025-37732	Kibana Cross-site Scripting via the Integration Package Upload Functionality — Kibana	5.4	Medium	2025-12-15
CVE-2025-67906	MISP 安全漏洞 — MISP	5.4	Medium	2025-12-15
CVE-2025-13740	Lightweight Accordion <= 1.5.20 - Authenticated (Contributor+) Stored Cross-Site Scripting — Lightweight Accordion	6.4	Medium	2025-12-15
CVE-2025-14691	Mayan EDMS authentication cross site scripting — EDMS	4.3	Medium	2025-12-14
CVE-2025-14663	code-projects Student File Management System update_student.php cross site scripting — Student File Management System	2.4	Low	2025-12-14
CVE-2025-14662	code-projects Student File Management System Update User update_user.php cross site scripting — Student File Management System	2.4	Low	2025-12-14
CVE-2025-12537	Addon Elements for Elementor <= 1.14.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — Addon Elements for Elementor (formerly Elementor Addon Elements)	6.4	Medium	2025-12-14
CVE-2025-8780	Livemesh SiteOrigin Widgets <= 3.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Hero Header and Pricing Table Widgets — Livemesh SiteOrigin Widgets	6.4	Medium	2025-12-13
CVE-2025-8687	Enter Addons <= 2.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown and Image Comparison Widgets — Enter Addons – Ultimate Template Builder for Elementor	6.4	Medium	2025-12-13
CVE-2025-8199	MarqueeAddons <= 2.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonial Marquee Widget — Marquee Addons for Elementor – Essential Motion Widgets & Templates	6.4	Medium	2025-12-13
CVE-2025-9856	Popup Builder – Create highly converting, mobile friendly marketing popups. <= 4.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Popup Builder – Create highly converting, mobile friendly marketing popups.	6.4	Medium	2025-12-13
CVE-2025-8195	JetWidgets For Elementor <= 1.0.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Comparison and Subscribe Widgets — JetWidgets For Elementor	6.4	Medium	2025-12-13
CVE-2025-7960	King Addons for Elementor <= 51.1.39 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets — King Addons for Elementor – 80+ Elementor Widgets, 4 000+ Elementor Templates, WooCommerce, Mega Menu, Popup Builder	6.4	Medium	2025-12-13
CVE-2025-36748	Stored Cross-Site Scripting (XSS) vulnerability in Growatt ShineLan-X — ShineLan-X	5.4^AI	Medium^AI	2025-12-13
CVE-2025-36750	Stored cross site scripting (XSS) vulnerability in Growatt ShineLan-X — ShineLan-X	4.8^AI	Medium^AI	2025-12-13
CVE-2025-8779	All-in-One Addons for Elementor – WidgetKit <= 2.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team and Countdown Widgets — All-in-One Addons for Elementor – WidgetKit	6.4	Medium	2025-12-13
CVE-2025-12109	Header Footer Script Adder – Insert Code in Header, Body & Footer <= 2.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting — Header Footer Script Adder – Insert Code in Header, Body & Footer	6.4	Medium	2025-12-13
CVE-2025-9488	Redux Framework <= 4.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via data Parameter — Redux Framework	6.4	Medium	2025-12-13
CVE-2025-12077	WP to LinkedIn Auto Publish <= 1.9.8 - Reflected Cross-Site Scripting via PostMessage — WP to LinkedIn Auto Publish	6.1	Medium	2025-12-13

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21521 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21521