Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21524

21524 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-34401 MailEnable < 10.54 Reflected XSS in FieldBcc Parameter of AddressBook.aspx — MailEnable 6.1 -2025-12-09
CVE-2025-34402 MailEnable < 10.54 Reflected XSS in FieldCc Parameter of AddressBook.aspx — MailEnable 6.1 -2025-12-09
CVE-2025-34403 MailEnable < 10.54 Reflected XSS in FieldTo Parameter of AddressBook.aspx — MailEnable 6.1 -2025-12-09
CVE-2025-34406 MailEnable < 10.54 Reflected XSS in Id Parameter of Mobile/ContactDetails.aspx — MailEnable 6.1 -2025-12-09
CVE-2025-34404 MailEnable < 10.54 Reflected XSS in InstanceScope Parameter of CAL/compose.aspx — MailEnable 6.1 -2025-12-09
CVE-2025-34397 MailEnable < 10.54 Reflected XSS in Message Parameter of Mobile/Compose.aspx — MailEnable 6.1 -2025-12-09
CVE-2025-34407 MailEnable < 10.54 Reflected XSS in theme Parameter of Statistics.aspx — MailEnable 6.1 -2025-12-09
CVE-2025-64672 Microsoft SharePoint Server Spoofing Vulnerability — Microsoft SharePoint Server Subscription Edition 8.8 High2025-12-09
CVE-2025-54353 Fortinet FortiSandbox 跨站脚本漏洞 — FortiSandbox 5.3 Medium2025-12-09
CVE-2025-9638 i-Educar 2.10.0 - Stored Cross-Site Scripting (XSS) in admin panel — i-Educar 5.4AIMediumAI2025-12-09
CVE-2025-10573 Ivanti Endpoint Manager 跨站脚本漏洞 — Endpoint Manager 9.6 Critical2025-12-09
CVE-2025-63075 WordPress Betheme theme <= 28.2 - Cross Site Scripting (XSS) vulnerability — Betheme 6.5 Medium2025-12-09
CVE-2025-63073 WordPress The7 theme < 12.9.0 - Cross Site Scripting (XSS) vulnerability — The7 6.5 Medium2025-12-09
CVE-2025-63072 WordPress Cornerstone plugin <= 7.7.3 - Cross Site Scripting (XSS) vulnerability — Cornerstone 6.5 Medium2025-12-09
CVE-2025-63066 WordPress Porto Theme - Functionality plugin < 3.7.3 - Cross Site Scripting (XSS) vulnerability — Porto Theme - Functionality 6.5 Medium2025-12-09
CVE-2025-63064 WordPress EventON plugin <= 4.9.12 - Cross Site Scripting (XSS) vulnerability — EventON 6.5 Medium2025-12-09
CVE-2025-63061 WordPress KALLYAS theme < 4.25.0 - Cross Site Scripting (XSS) vulnerability — KALLYAS 6.5 Medium2025-12-09
CVE-2025-63059 WordPress Ninja Popups plugin <= 4.7.8 - Cross Site Scripting (XSS) vulnerability — Ninja Popups 6.5 Medium2025-12-09
CVE-2025-63057 WordPress Wp Ultimate Review plugin <= 2.3.7 - Cross Site Scripting (XSS) vulnerability — Wp Ultimate Review 6.5 Medium2025-12-09
CVE-2025-63055 WordPress Master Addons for Elementor plugin <= 2.0.9.9.4 - Cross Site Scripting (XSS) vulnerability — Master Addons for Elementor 6.5 Medium2025-12-09
CVE-2025-63050 WordPress REHub Framework plugin < 19.9.9.7 - Cross Site Scripting (XSS) vulnerability — REHub Framework 6.5 Medium2025-12-09
CVE-2025-63048 WordPress ListingPro Lead Form plugin <= 1.0.7 - Cross Site Scripting (XSS) vulnerability — ListingPro Lead Form 6.5 Medium2025-12-09
CVE-2025-63052 WordPress SimpLy Gallery plugin <= 3.3.2.1 - Cross Site Scripting (XSS) vulnerability — SimpLy Gallery 6.5 Medium2025-12-09
CVE-2025-63045 WordPress Master Slider Pro plugin <= 3.7.12 - Cross Site Scripting (XSS) vulnerability — Master Slider Pro 6.5 Medium2025-12-09
CVE-2025-63044 WordPress Xpro Elementor Addons plugin <= 1.4.19.1 - Cross Site Scripting (XSS) vulnerability — Xpro Elementor Addons 6.5 Medium2025-12-09
CVE-2025-63042 WordPress Tutor LMS Elementor Addons plugin <= 3.0.1 - Cross Site Scripting (XSS) vulnerability — Tutor LMS Elementor Addons 6.5 Medium2025-12-09
CVE-2025-63046 WordPress ListingPro plugin <= 2.9.9 - Cross Site Scripting (XSS) vulnerability — ListingPro 6.5 Medium2025-12-09
CVE-2025-63037 WordPress Ronneby Theme Core plugin <= 1.5.68 - Cross Site Scripting (XSS) vulnerability — Ronneby Theme Core 6.5 Medium2025-12-09
CVE-2025-63033 WordPress Make Section & Column Clickable For Elementor plugin <= 2.4 - Cross Site Scripting (XSS) vulnerability — Make Section & Column Clickable For Elementor 5.9 Medium2025-12-09
CVE-2025-63035 WordPress WPLMS plugin <= 1.9.9.5.4 - Cross Site Scripting (XSS) vulnerability — WPLMS 6.5 Medium2025-12-09

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21524 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.