Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21523

21523 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-9488 Redux Framework <= 4.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via data Parameter — Redux Framework 6.4 Medium2025-12-13
CVE-2025-12077 WP to LinkedIn Auto Publish <= 1.9.8 - Reflected Cross-Site Scripting via PostMessage — WP to LinkedIn Auto Publish 6.1 Medium2025-12-13
CVE-2025-8617 YITH WooCommerce Quick View <= 2.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via yith_quick_view Shortcode — YITH WooCommerce Quick View 6.4 Medium2025-12-13
CVE-2025-12076 Social Media Auto Publish <= 3.6.5 - Reflected Cross-Site Scripting via PostMessage — Social Media Auto Publish 6.1 Medium2025-12-13
CVE-2025-7058 Kingcabs <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via progressbarLayout Parameter — Kingcabs 6.4 Medium2025-12-13
CVE-2025-13705 Custom Frames <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'class' Shortcode Parameter — Custom Frames 6.4 Medium2025-12-13
CVE-2025-11376 Colibri Page Builder <= 1.0.335 - Authenticated (Contributor+) Stored Cross-Site Scripting — Colibri Page Builder 6.4 Medium2025-12-13
CVE-2025-14378 Quick Testimonials <= 2.1 - Authenticated (Admin+) Stored Cross-Site Scripting — Quick Testimonials 4.4 Medium2025-12-13
CVE-2025-9873 a3 Lazy Load <= 2.7.5 - Authenticated (Contributor+) Stored Cross-Site Scripting — a3 Lazy Load 6.4 Medium2025-12-13
CVE-2025-14278 HT Slider for Elementor <= 1.7.4 - Authenticated (Contributor+) Stored Cross-Site Scripting — HT Slider For Elementor 6.4 Medium2025-12-13
CVE-2025-14056 Custom Post Type UI <= 1.18.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'label' Import Parameter — Custom Post Type UI 4.4 Medium2025-12-13
CVE-2025-67634 Software Acquisition Guide Supplier Response Web Tool XSS — Software Acquisition Guide Tool 4.4 Medium2025-12-12
CVE-2025-14580 Qualitor viewDocumento.php cross site scripting — Qualitor 3.5 Low2025-12-12
CVE-2024-58305 WonderCMS 4.3.2 Cross-Site Scripting Remote Code Execution via Module Installation — WonderCMS 8.8 High2025-12-12
CVE-2025-67734 Frappe Authenticated Users can Execute JavaScript through its Job Form — lms 5.4AIMediumAI2025-12-12
CVE-2025-8082 Vuetify XSS via unsanitized 'titleDateFormat' in 'VDatePicker' — Vuetify 6.3 Medium2025-12-12
CVE-2025-14030 AI Feeds <= 1.0.22 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'aife_post_meta' Shortcode — AI Feeds 6.4 Medium2025-12-12
CVE-2025-12965 Magical Posts Display <= 1.2.54 - Authenticated (Author+) Stored Cross-Site Scripting via Magical Posts Accordion Widget — Magical Posts Display – Elementor Advanced Posts widgets 6.4 Medium2025-12-12
CVE-2025-13993 MailerLite – Signup forms (official) <= 1.7.16 - Authenticated (Administrator+) Stored Cross-Site Scripting — MailerLite – Signup forms (official) 5.5 Medium2025-12-12
CVE-2025-67730 Frappe authenticated users can execute XSS through form description fields — lms 5.4AIMediumAI2025-12-12
CVE-2025-14049 VikRentItems Flexible Rental Management System <= 1.2.0 - Reflected Cross-Site Scripting via 'delto' Parameter — VikRentItems Flexible Rental Management System 6.1 Medium2025-12-12
CVE-2025-11876 Mailgun Subscriptions <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Mailgun Subscriptions 6.4 Medium2025-12-12
CVE-2025-4970 BSK PDF Manager <= 3.7.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via SVG File Upload — BSK PDF Manager 5.5 Medium2025-12-12
CVE-2025-12570 Fancy Product Designer <= 6.4.8 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload — Fancy Product Designer 7.2 High2025-12-12
CVE-2025-67724 Tornado vulnerable to Header Injection and XSS via reason argument — tornado 5.4 Medium2025-12-12
CVE-2025-65120 Japan Total System多款产品 跨站脚本漏洞 — GroupSession Free edition 4.8AIMediumAI2025-12-12
CVE-2025-57883 Japan Total System GroupSession Free edition和Japan Total System GroupSession byCloud 跨站脚本漏洞 — GroupSession Free edition 4.8AIMediumAI2025-12-12
CVE-2025-66284 Japan Total System多款产品 跨站脚本漏洞 — GroupSession Free edition 5.4AIMediumAI2025-12-12
CVE-2025-53523 Japan Total System GroupSession Free edition和Japan Total System GroupSession byCloud 跨站脚本漏洞 — GroupSession Free edition 5.4AIMediumAI2025-12-12
CVE-2025-54407 Japan Total System多款产品 跨站脚本漏洞 — GroupSession Free edition 5.4AIMediumAI2025-12-12

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21523 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.