Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21529

21529 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2021-24535 Light Messages <= 1.0 - CSRF to Stored XSS — Light Messages 6.1 -2021-08-16
CVE-2021-24534 PhoneTrack Meu Site Manager <= 0.1 - Authenticated Stored XSS — PhoneTrack Meu Site Manager 5.4 -2021-08-16
CVE-2021-24526 Form Maker < 1.13.60 - Authenticated Stored XSS — Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder 5.4 -2021-08-16
CVE-2021-24519 Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS) — VikRentCar Car Rental Management System 4.8 -2021-08-16
CVE-2021-24518 WPFront Notification Bar < 2.0.0.07176 - Authenticated Stored XSS — WPFront Notification Bar 4.8 -2021-08-16
CVE-2021-24512 Video Posts Webcam Recorder < 3.2.4 - Authenticated Reflected XSS — Video Posts Webcam Recorder 5.4 -2021-08-16
CVE-2021-24471 YouTube Embed < 5.2.2 - Contributor+ Stored XSS — YouTube Embed 6.1 -2021-08-16
CVE-2021-24466 Verse-O-Matic <= 4.1.1 - CSRF to Stored XSS — Verse-O-Matic 4.7 -2021-08-16
CVE-2021-24445 My Site Audit <= 1.2.4 - Authenticated Stored Cross-Site Scripting (XSS) — My Site Audit 4.8 -2021-08-16
CVE-2021-24410 Telugu Bible Verse Daily <= 1.0 - CSRF to Stored XSS — తెలుగు బైబిల్ వచనములు 6.1 -2021-08-16
CVE-2021-24411 Social Tape <= 1.0 - CSRF to Stored XSS — Social Tape 6.1 -2021-08-16
CVE-2021-24362 Photo Gallery < 1.5.75 - Stored Cross-Site Scripting via Uploaded SVG — Photo Gallery by 10Web – Mobile-Friendly Image Gallery 6.1 -2021-08-16
CVE-2021-25955 Stored XSS in “Dolibarr” leads to privilege escalation — dolibarr 9.0 Critical2021-08-15
CVE-2021-37695 Execution of JavaScript code using malformed HTML in ckeditor — ckeditor4 7.3 High2021-08-12
CVE-2021-37700 Clipboard-based DOM-XSS — paste-markdown 6.5 Medium2021-08-12
CVE-2021-32808 Cross-site scripting in ckeditor via abuse of undo functionality — ckeditor4 7.6 High2021-08-12
CVE-2021-34640 Securimage-WP-Fixed <= 3.5.4 Reflected Cross-Site Scripting — Securimage-WP-Fixed 6.1 Medium2021-08-11
CVE-2021-32768 Cross-Site Scripting via Rich-Text Content — TYPO3.CMS 6.1 Medium2021-08-10
CVE-2021-33702 SAP Enterprise Portal 跨站脚本漏洞 — SAP NetWeaver Enterprise Portal 6.1 -2021-08-10
CVE-2021-33703 SAP Netweaver 跨站脚本漏洞 — SAP NetWeaver Enterprise Portal (Application Extensions) 6.1 -2021-08-10
CVE-2021-22676 Advantech WebAccess/SCADA 跨站脚本漏洞 — WebAccess/SCADA 6.1 -2021-08-10
CVE-2021-32798 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in notebook — notebook 10.0 Critical2021-08-09
CVE-2021-32797 JupyterLab: XSS due to lack of sanitization of the action attribute of an html <form> — jupyterlab 7.4 High2021-08-09
CVE-2021-37634 LeafKit allows XSS with untrusted user input — leaf-kit 7.4 High2021-08-09
CVE-2021-37633 XSS via d-popover and d-html-popover attribute — discourse 7.4 High2021-08-09
CVE-2021-34660 WP Fusion Lite <= 3.37.18 Reflected Cross-Site Scripting — WP Fusion Lite 6.1 Medium2021-08-09
CVE-2021-24522 ProfilePress < 3.1.11 - Unauthenticated Cross-Site Scripting (XSS) in tabbed login/register widget — User Registration, User Profile, Login & Membership – ProfilePress (Formerly WP User Avatar) 6.1 -2021-08-09
CVE-2021-24509 Page View Counts < 2.4.9 - Contributor+ Stored XSS — Page View Count 5.4 -2021-08-09
CVE-2021-24505 Forms < 1.12.3 - Authenticated Stored Cross-Site Scripting (XSS) — Forms 5.4 -2021-08-09
CVE-2021-24502 WP Google Map < 1.7.7 - Authenticated Stored Cross-Site Scripting (XSS) — Maps Plugin using Google Maps for WordPress – WP Google Map 4.8 -2021-08-09

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21529 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.