CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21548

21548 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-32961	CUBA JPA Web API Vulnerable to Cross-Site Scripting (XSS) in the /download Endpoint — jpawebapi	6.4	Medium	2025-04-22
CVE-2025-32960	CUBA Generic REST API Vulnerable to Cross-Site Scripting (XSS) in the /files Endpoint — restapi	6.4	Medium	2025-04-22
CVE-2025-32951	io.jmix.rest:jmix-rest allows XSS in the /files Endpoint of the Generic REST API — jmix	6.4	Medium	2025-04-22
CVE-2025-23175	Tecnick - Multiple XSS (CWE-79) — TCExam	6.1	Medium	2025-04-22
CVE-2025-3458	Ocean Extra <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'ocean_gallery_id' — Ocean Extra	6.4	Medium	2025-04-22
CVE-2025-3457	Ocean Extra <= 2.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Ocean Extra	6.4	Medium	2025-04-22
CVE-2025-46254	WordPress Visual Composer Website Builder plugin <= 45.10.0 - Cross Site Scripting (XSS) vulnerability — Visual Composer Website Builder	6.5	Medium	2025-04-22
CVE-2025-46253	WordPress GutenKit plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability — GutenKit	6.5	Medium	2025-04-22
CVE-2025-46250	WordPress VForm plugin <= 3.1.14 - Cross Site Scripting (XSS) Vulnerability — VPSUForm	5.9	Medium	2025-04-22
CVE-2025-46240	WordPress Simple Download Counter plugin <= 2.2 - Cross Site Scripting (XSS) Vulnerability — Simple Download Counter	6.5	Medium	2025-04-22
CVE-2025-46239	WordPress Theme Switcha plugin <= 3.4 - Cross Site Scripting (XSS) Vulnerability — Theme Switcha	6.5	Medium	2025-04-22
CVE-2025-46238	WordPress List Last Changes plugin <= 1.2.1 - Cross Site Scripting (XSS) Vulnerability — List Last Changes	6.5	Medium	2025-04-22
CVE-2025-46237	WordPress Link Library plugin <= 7.8 - Cross Site Scripting (XSS) Vulnerability — Link Library	6.5	Medium	2025-04-22
CVE-2025-46236	WordPress HTML Forms plugin <= 1.5.2 - Cross Site Scripting (XSS) Vulnerability — HTML Forms	6.5	Medium	2025-04-22
CVE-2025-46235	WordPress SKT Blocks – Gutenberg based Page Builder plugin <= 2.0 - Cross Site Scripting (XSS) Vulnerability — SKT Blocks	6.5	Medium	2025-04-22
CVE-2025-46233	WordPress Sirv plugin <= 7.5.3 - Cross Site Scripting (XSS) Vulnerability — Sirv	6.5	Medium	2025-04-22
CVE-2025-46229	WordPress Textmetrics plugin <= 3.6.2 - Cross Site Scripting (XSS) Vulnerability — Textmetrics	5.9	Medium	2025-04-22
CVE-2025-46227	WordPress Custom Related Posts plugin <= 1.7.4 - Cross Site Scripting (XSS) Vulnerability — Custom Related Posts	6.5	Medium	2025-04-22
CVE-2025-46228	WordPress Event post plugin <= 5.9.11 - Cross Site Scripting (XSS) Vulnerability — Event post	6.5	Medium	2025-04-22
CVE-2025-46226	WordPress MPL-Publisher plugin <= 2.18.0 - Cross Site Scripting (XSS) Vulnerability — MPL-Publisher	6.5	Medium	2025-04-22
CVE-2025-46225	WordPress Post in page for Elementor plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability — Post in page for Elementor	6.5	Medium	2025-04-22
CVE-2025-3814	Tax Switch for WooCommerce <= 1.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via class-name Parameter — Tax Switch for WooCommerce	6.4	Medium	2025-04-22
CVE-2025-2839	WP Import Export Lite <= 3.9.27 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting — WP Import Export Lite	6.4	Medium	2025-04-22
CVE-2024-12863	Stored XSS in Discussions functionality — OpenText Content Management	5.4	-	2025-04-21
CVE-2025-3840	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') — OVA based Connect	6.1	-	2025-04-21
CVE-2025-3826	SourceCodester Web-based Pharmacy Product Management System add-supplier.php cross site scripting — Web-based Pharmacy Product Management System	2.4	Low	2025-04-20
CVE-2025-3825	SourceCodester Web-based Pharmacy Product Management System add-category.php cross site scripting — Web-based Pharmacy Product Management System	2.4	Low	2025-04-20
CVE-2025-3824	SourceCodester Web-based Pharmacy Product Management System add-product.php cross site scripting — Web-based Pharmacy Product Management System	2.4	Low	2025-04-20
CVE-2025-3823	SourceCodester Web-based Pharmacy Product Management System add-stock.php cross site scripting — Web-based Pharmacy Product Management System	2.4	Low	2025-04-20
CVE-2025-3822	SourceCodester Web-based Pharmacy Product Management System changepassword.php cross site scripting — Web-based Pharmacy Product Management System	2.4	Low	2025-04-20

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21548 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21548