Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21527

21527 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2021-24388 Vik Rent Car < 1.1.7 - CSRF to Stored XSS — VikRentCar Car Rental Management System 5.4 -2021-07-06
CVE-2021-24386 WP SVG Images < 3.4 - Authenticated (author+) Stored XSS via SVG — WP SVG images 5.4 -2021-07-06
CVE-2021-33192 Display information UI XSS — Apache Jena Fuseki 6.1 -2021-07-05
CVE-2021-32737 XSS Injection in Media Collection Title was possible — sulu 8.4 High2021-07-02
CVE-2020-36194 XSS Vulnerability in QTS and QuTS heroCommand Injection Vulnerabilities in QTS and QuTS hero — QTS 6.1 Medium2021-07-01
CVE-2021-21084 Adobe Experience Manager stored cross-site scripting vulnerability in resource resolver factory could lead to arbitrary code execution — Experience Manager 7.3 High2021-06-28
CVE-2021-28556 Magento Commerce DOM-based cross-site scripting (XSS) could lead to arbitrary javascript execution — Magento Commerce 6.9 Medium2021-06-28
CVE-2021-21004 Cross-site Scripting Vulnerability in Phoenix Contact FL SWITCH SMCS series products — FL SWITCH 7.4 High2021-06-25
CVE-2021-32702 Reflected XSS from the callback handler's error query parameter — nextjs-auth0 8.0 High2021-06-25
CVE-2021-32713 Authenticated Stored XSS — shopware 4.8 Medium2021-06-24
CVE-2021-27659 exacqVision Web Service CSS — exacqVision Web Service 5.3 Medium2021-06-24
CVE-2021-27658 exacqVision Enterprise Manager CSS — exacqVision Enterprise Manager 4.3 Medium2021-06-24
CVE-2021-25656 Avaya Aura Experience Portal XSS vulnerabilities — Product 5.3 Medium2021-06-24
CVE-2021-32644 Cross-site Scripting in Random.php — ampache 6.4 Medium2021-06-22
CVE-2010-4264 Vanilla Forums 跨站脚本漏洞 — vanilla forums 6.1 -2021-06-22
CVE-2021-24383 WP Google Maps < 8.1.12 - Authenticated Stored Cross-Site Scripting (XSS) — WP Google Maps 5.4 -2021-06-21
CVE-2021-24378 Autoptimize < 2.7.8 - Authenticated Stored XSS via File Upload — Autoptimize 4.8 -2021-06-21
CVE-2021-24373 WP Hardening < 1.2.2 - Reflected XSS via historyvalue — WP Hardening – Fix Your WordPress Security 6.1 -2021-06-21
CVE-2021-24372 WP Hardening < 1.2.2 - Reflected XSS via URI — WP Hardening – Fix Your WordPress Security 6.1 -2021-06-21
CVE-2021-24369 GetPaid < 2.3.4 - Authenticated Stored XSS — WordPress Payments Plugin | GetPaid 5.4 -2021-06-21
CVE-2021-24367 WP Config File Editor <= 1.7.1 - Authenticated Stored Cross-Site Scripting (XSS) — WP Config File Editor 5.4 -2021-06-21
CVE-2021-24364 Jannah < 5.4.4 - Reflected Cross-Site Scripting (XSS) — Jannah 6.1 -2021-06-21
CVE-2021-24339 Pods < 2.7.27 - Authenticated Stored Cross-Site Scripting (XSS) — Pods – Custom Content Types and Fields 5.4 -2021-06-21
CVE-2021-24338 Pods < 2.7.27 - Authenticated Stored Cross-Site Scripting (XSS) — Pods – Custom Content Types and Fields 5.4 -2021-06-21
CVE-2021-21422 XSS Vulnerability in mongo-express — mongo-express 8.1 High2021-06-21
CVE-2021-24368 Quiz And Survey Master < 7.1.18 - Reflected Cross-Site Scripting (XSS) — Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress 6.1 -2021-06-20
CVE-2021-32536 MCU Technologies MCUsystem - Reflected XSS — MCUsystem 6.1 Medium2021-06-18
CVE-2021-32681 Improper escaping of HTML ('Cross-site Scripting') in Wagtail StreamField blocks — wagtail 5.4 Medium2021-06-17
CVE-2021-1395 Cisco Unified Intelligence Center Reflected Cross-Site Scripting Vulnerability — Cisco Unified Contact Center Express 4.7 Medium2021-06-16
CVE-2021-27479 ZOLL Defibrillator Dashboard 跨站脚本漏洞 — ZOLL Defibrillator Dashboard 5.4 -2021-06-16

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21527 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.