CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21527

21527 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-9289	Cross-Site Scripting (XSS) on Omada Controllers — Omada Software Controller	4.7^AI	Medium^AI	2026-01-22
CVE-2026-0535	Stored XSS in Electronic Library Component Description — Fusion	7.1	High	2026-01-22
CVE-2026-0534	Stored XSS in the value of a part attribute — Fusion	7.1	High	2026-01-22
CVE-2026-0533	Stored XSS in Fusion desktop when attempting to delete a file — Fusion	7.1	High	2026-01-22
CVE-2026-24389	WordPress Gallery PhotoBlocks plugin <= 1.3.2 - Cross Site Scripting (XSS) vulnerability — Gallery PhotoBlocks	6.5	Medium	2026-01-22
CVE-2026-24383	WordPress B Slider plugin <= 2.0.6 - Cross Site Scripting (XSS) vulnerability — B Slider	6.5	Medium	2026-01-22
CVE-2026-24361	WordPress LearnPress – Course Review plugin <= 4.1.9 - Cross Site Scripting (XSS) vulnerability — LearnPress – Course Review	6.5	Medium	2026-01-22
CVE-2026-24355	WordPress Houzez Theme - Functionality plugin <= 4.2.6 - Cross Site Scripting (XSS) vulnerability — Houzez Theme - Functionality	6.5	Medium	2026-01-22
CVE-2026-24354	WordPress Penci Shortcodes & Performance plugin <= 6.1 - Cross Site Scripting (XSS) vulnerability — Penci Shortcodes & Performance	6.5	Medium	2026-01-22
CVE-2026-23976	WordPress Modula Image Gallery plugin <= 2.13.4 - Cross Site Scripting (XSS) vulnerability — Modula Image Gallery	5.9	Medium	2026-01-22
CVE-2026-22463	WordPress Form to Chat App plugin <= 1.2.5 - Cross Site Scripting (XSS) vulnerability — Form to Chat App	6.5	Medium	2026-01-22
CVE-2026-22388	WordPress Owl Carousel WP plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability — Owl Carousel WP	5.9	Medium	2026-01-22
CVE-2026-22353	WordPress teachPress plugin <= 9.0.12 - Cross Site Scripting (XSS) vulnerability — teachPress	6.5	Medium	2026-01-22
CVE-2026-22347	WordPress Carousel Horizontal Posts Content Slider plugin <= 3.3.2 - Cross Site Scripting (XSS) vulnerability — Carousel Horizontal Posts Content Slider	6.5	Medium	2026-01-22
CVE-2026-22349	WordPress Menu In Post plugin <= 1.4.1 - Cross Site Scripting (XSS) vulnerability — Menu In Post	6.5	Medium	2026-01-22
CVE-2025-69320	WordPress Grand Magazine theme <= 3.5.7 - Reflected Cross Site Scripting (XSS) vulnerability — Grand Magazine	7.1	High	2026-01-22
CVE-2025-69321	WordPress Grand Spa theme <= 3.5.5 - Reflected Cross Site Scripting (XSS) vulnerability — Grand Spa	7.1	High	2026-01-22
CVE-2025-69317	WordPress CarSpot theme < 2.4.6 - Reflected Cross Site Scripting (XSS) vulnerability — CarSpot	7.1	High	2026-01-22
CVE-2025-69318	WordPress JobWP plugin <= 2.4.5 - Cross Site Scripting (XSS) vulnerability — JobWP	7.1	High	2026-01-22
CVE-2025-69316	WordPress TableOn plugin <= 1.0.4.2 - Reflected Cross Site Scripting (XSS) vulnerability — TableOn	7.1	High	2026-01-22
CVE-2025-69102	WordPress WP Test Email plugin <= 1.1.7 - Reflected Cross Site Scripting (XSS) vulnerability — WP Test Email	7.1	High	2026-01-22
CVE-2025-69098	WordPress Hide My WP plugin <= 6.2.12 - Reflected Cross Site Scripting (XSS) vulnerability — Hide My WP	7.1	High	2026-01-22
CVE-2025-69054	WordPress Super Logos Showcase plugin <= 2.8 - Reflected Cross Site Scripting (XSS) vulnerability — Super Logos Showcase	7.1	High	2026-01-22
CVE-2025-69056	WordPress Hotel Listing plugin <= 1.4.0 - Reflected Cross Site Scripting (XSS) vulnerability — Hotel Listing	7.1	High	2026-01-22
CVE-2025-69053	WordPress Universal Video Player plugin <= 3.8.4 - Reflected Cross Site Scripting (XSS) vulnerability — Universal Video Player	7.1	High	2026-01-22
CVE-2025-69051	WordPress ListingPro Reviews theme <= 1.7 - Reflected Cross Site Scripting (XSS) vulnerability — ListingPro Reviews	7.1	High	2026-01-22
CVE-2025-69048	WordPress Universal Video Player plugin <= 3.8.4 - Reflected Cross Site Scripting (XSS) vulnerability — Universal Video Player	7.1	High	2026-01-22
CVE-2025-69003	WordPress KenthaRadio theme <= 2.2.0 - Reflected Cross Site Scripting (XSS) vulnerability — KenthaRadio	7.1	High	2026-01-22
CVE-2025-68906	WordPress JNews - Video plugin <= 11.0.2 - Reflected Cross Site Scripting (XSS) vulnerability — JNews - Video	7.1	High	2026-01-22
CVE-2025-68900	WordPress Enfold theme <= 7.1.3 - Cross Site Scripting (XSS) vulnerability — Enfold	6.5	Medium	2026-01-22

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21527 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21527