Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21523

21523 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-13989 WP Dropzone <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'callback' Shortcode Attribute — WP Dropzone 6.4 Medium2025-12-12
CVE-2025-14125 Complag <= 1.0.2 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] — Complag 6.1 Medium2025-12-12
CVE-2025-14143 Ayo Shortcodes <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'color' Shortcode Attribute — Ayo Shortcodes 6.4 Medium2025-12-12
CVE-2025-14393 Wpik WordPress Basic Ajax Form <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Wpik WordPress Basic Ajax Form 6.4 Medium2025-12-12
CVE-2025-14467 WP Job Portal <= 2.4.4 - Authenticated (Editor+) Stored Cross-Site Scripting via Job Description Field — WP Job Portal – AI-Powered Recruitment System for Company or Job Board website 4.4 Medium2025-12-12
CVE-2025-13889 Simple Nivo Slider <= 0.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — Simple Nivo Slider 6.4 Medium2025-12-12
CVE-2025-13839 LJUsers <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'name' Shortcode Attribute — LJUsers 6.4 Medium2025-12-12
CVE-2025-66452 LibreChat's lack of JSON parsing error handling can lead to XSS — LibreChat 6.1AIMediumAI2025-12-11
CVE-2024-58304 SPA-CART CMS 1.9.0.3 Stored Cross-Site Scripting — SPA-CART CMS 7.5 High2025-12-11
CVE-2024-58297 PyroCMS v3.0.1 Stored Cross-Site Scripting via Admin Redirects — PyroCMS 5.4AIMediumAI2025-12-11
CVE-2024-58296 CE Phoenix v3.0.1 Stored Cross-Site Scripting via admin/currencies.php — CE Phoenix 5.4AIMediumAI2025-12-11
CVE-2024-58292 XMB Forum 1.9.12.06 Persistent Cross-Site Scripting via Admin Templates — XMB Forum 4.8AIMediumAI2025-12-11
CVE-2024-58291 Flatboard 3.2 Authenticated Stored Cross-Site Scripting via Forum Information Field — Flatboard 4.8AIMediumAI2025-12-11
CVE-2024-58289 Microweber 2.0.15 Stored Cross-Site Scripting via User Profile Fields — Microweber 5.4AIMediumAI2025-12-11
CVE-2025-14538 yangshare warehouseManager 仓库管理系统 CustomerManageHandler.java addCustomer cross site scripting — warehouseManager 仓库管理系统 3.5 Low2025-12-11
CVE-2025-14046 Insufficient HTML Sanitization Allows User-Controlled DOM Elements to Overwrite Server-Initialized Data Islands and Trigger Unintended Server-Side POST Requests — Enterprise Server 4.6AIMediumAI2025-12-11
CVE-2025-67741 JetBrains TeamCity 跨站脚本漏洞 — TeamCity 4.8 Medium2025-12-11
CVE-2025-14519 baowzh hfly advtext add cross site scripting — hfly 3.5 Low2025-12-11
CVE-2025-12029 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLab 8.0 High2025-12-11
CVE-2025-12716 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab — GitLab 8.7 High2025-12-11
CVE-2025-9436 Widgets for Google Reviews <= 13.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via trustindex Shortcode — Widgets for Google Reviews 6.4 Medium2025-12-11
CVE-2025-67648 Shopware's inproper input validation can lead to Reflected XSS through Storefront Login Page — shopware 7.1 High2025-12-10
CVE-2025-66472 XWiki vulnerable to a reflected XSS via xredirect parameter in DeleteApplication — xwiki-platform 6.1AIMediumAI2025-12-10
CVE-2024-58285 Chyrp 2.5.2 Stored Cross-Site Scripting Vulnerability via Post Title — Chyrp 5.4AIMediumAI2025-12-10
CVE-2025-64622 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) — Adobe Experience Manager 5.4 Medium2025-12-10
CVE-2025-64582 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) — Adobe Experience Manager 5.4 Medium2025-12-10
CVE-2025-64547 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) — Adobe Experience Manager 5.4 Medium2025-12-10
CVE-2025-64833 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) — Adobe Experience Manager 5.4 Medium2025-12-10
CVE-2025-64613 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) — Adobe Experience Manager 5.4 Medium2025-12-10
CVE-2025-64829 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) — Adobe Experience Manager 5.4 Medium2025-12-10

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21523 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.