Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21523

21523 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-66492 Masa CMS vulnerable to Cross-Site Scripting (XSS) through URL Parameter — MasaCMS 8.2 High2025-12-12
CVE-2025-14138 WPLG Default Mail From <= 1.0.0 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] — WPLG Default Mail From 6.1 Medium2025-12-12
CVE-2025-13975 Contact Form 7 with ChatWork <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'api_token' and 'roomid' Settings — Contact Form 7 with ChatWork 4.4 Medium2025-12-12
CVE-2025-13843 VigLink SpotLight By ShortCode <= 1.0.a - Authenticated (Contributor+) Stored Cross-Site Scripting via 'float' Shortcode Attribute — VigLink SpotLight By ShortCode 6.4 Medium2025-12-12
CVE-2025-13850 LS Google Map Router <= 1.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — LS Google Map Router 6.4 Medium2025-12-12
CVE-2025-13747 NewStatPress <= 1.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — NewStatPress 6.4 Medium2025-12-12
CVE-2025-14137 Simple AL Slider <= 1.2.10 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] — Simple AL Slider 6.1 Medium2025-12-12
CVE-2025-12650 Simple post listing <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Simple post listing 6.4 Medium2025-12-12
CVE-2025-12830 Better Elementor Addons <= 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Slider Widget — Better Addons for Elementor 6.4 Medium2025-12-12
CVE-2025-12834 Accept Stripe Payments Using Contact Form 7 <= 3.1 - Reflected Cross-Site Scripting via failure_message — Accept Stripe Payments Using Contact Form 7 6.1 Medium2025-12-12
CVE-2025-13963 FX Currency Converter <= 0.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — FX Currency Converter 6.4 Medium2025-12-12
CVE-2025-13962 Divelogs Widget <= 1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — Divelogs Widget 6.4 Medium2025-12-12
CVE-2025-13885 Zenost Shortcodes <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — Zenost Shortcodes 6.4 Medium2025-12-12
CVE-2025-14132 Category Dropdown List <= 1.0 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] — Category Dropdown List 6.1 Medium2025-12-12
CVE-2025-13971 TWW Protein Calculator <= 1.0.24 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Header' Setting — TWW Protein Calculator 4.4 Medium2025-12-12
CVE-2025-13988 评论小秘书 <= 1.3.2 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] — 评论小秘书 6.1 Medium2025-12-12
CVE-2025-13966 Paypal Payment Shortcode <= 1.01 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'buttom_image' Shortcode Attribute — Paypal Payment Shortcode 6.4 Medium2025-12-12
CVE-2025-13906 WP Flot <= 0.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — WP Flot 6.4 Medium2025-12-12
CVE-2025-13884 Hide Email Address <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — Hide Email Address 6.4 Medium2025-12-12
CVE-2025-13961 Data Visualizer <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — Data Visualizer 6.4 Medium2025-12-12
CVE-2025-14035 DebateMaster <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Color Options via 'debate' Shortcode — DebateMaster 4.4 Medium2025-12-12
CVE-2025-13840 BUKAZU Search widget <= 3.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'shortcode' Shortcode Attribute — Bukazu Search Widget 6.4 Medium2025-12-12
CVE-2025-13960 GPXpress <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — GPXpress 6.4 Medium2025-12-12
CVE-2025-14032 Bold Timeline Lite <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Parameter in 'bold_timeline_group' Shortcode — Bold Timeline Lite 6.4 Medium2025-12-12
CVE-2025-13969 Reviews Sorted <= 2.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'space' Shortcode Attribute — Reviews Sorted 6.4 Medium2025-12-12
CVE-2025-13846 Easy Map Creator <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — Easy Map Creator 6.4 Medium2025-12-12
CVE-2025-14119 App Landing Template Blocks for WPBakery Page Builder <= 2.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — App Landing Template Blocks for WPBakery (Visual Composer) Page Builder 6.4 Medium2025-12-12
CVE-2025-13904 WPGancio <= 1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — WPGancio 6.4 Medium2025-12-12
CVE-2025-14048 SimplyConvert <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'simplyconvert_hash' Option — SimplyConvert 4.4 Medium2025-12-12
CVE-2025-14129 Like DisLike Voting <= 1.0.1 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] — Like DisLike Voting 6.1 Medium2025-12-12

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21523 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.