Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21521

21521 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2021-24169 Advanced Order Export For WooCommerce < 3.1.8 - Reflected Cross-Site Scripting (XSS) — Advanced Order Export For WooCommerce 6.1 -2021-04-05
CVE-2021-24176 JH 404 Logger <= 1.1 - Unauthenticated Stored Cross-Site Scripting (XSS) — JH 404 Logger 5.4 -2021-04-05
CVE-2021-24152 Popup Builder < 3.74 - Authenticated Reflected Cross-Site Scripting (XSS) — Popup Builder – Responsive WordPress Pop up – Subscription & Newsletter 6.1 -2021-04-05
CVE-2021-24153 Yoast SEO < 3.4.1 - Authenticated Stored Cross-Site Scripting (XSS) — Yoast SEO 5.4 -2021-04-05
CVE-2021-24156 Testimonial Rotator <= 3.0.3 - Authenticated Stored Cross-Site Scripting — Testimonial Rotator 5.4 -2021-04-05
CVE-2021-24157 Orbit Fox by ThemeIsle < 2.10.3 - Authenticated Stored Cross Site Scripting — Orbit Fox by ThemeIsle 5.4 -2021-04-05
CVE-2021-21418 Potential XSS injection in the newsletter conditions field — ps_emailsubscription 4.6 Medium2021-03-31
CVE-2021-21398 Possible XSS injection through DataColumn Grid class — PrestaShop 5.4 Medium2021-03-30
CVE-2021-21332 Cross-site scripting (XSS) vulnerability in the password reset endpoint — synapse 6.9 Medium2021-03-26
CVE-2021-22886 Rocket.Chat 跨站脚本漏洞 — Rocket.Chat 6.1 -2021-03-26
CVE-2021-22889 Revive Adserver 跨站脚本漏洞 — https://github.com/revive-adserver/revive-adserver 6.1 -2021-03-25
CVE-2021-22888 Revive Adserver 跨站脚本漏洞 — https://github.com/revive-adserver/revive-adserver 6.1 -2021-03-25
CVE-2021-1374 Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family Stored Cross-Site Scripting Vulnerability — Cisco IOS XE Software 4.8 Medium2021-03-24
CVE-2021-21370 Cross-Site Scripting in Content Preview (CType menu) — TYPO3.CMS 5.4 Medium2021-03-23
CVE-2021-21340 Cross-Site Scripting in Content Preview — TYPO3.CMS 5.4 Medium2021-03-23
CVE-2021-21358 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in typo3/cms-form — TYPO3.CMS 5.4 Medium2021-03-23
CVE-2021-27436 研华 Advantech WebAccess/SCADA 跨站脚本漏洞 — Advantech WebAccess/SCADA 6.1 -2021-03-18
CVE-2021-21383 XSS in Wiki.js — wiki 7.6 High2021-03-18
CVE-2021-24147 Modern Events Calendar Lite < 5.16.5 - Authenticated Stored Cross-Site Scripting (XSS) — Modern Events Calendar Lite 5.4 -2021-03-18
CVE-2021-24134 Constant Contact Forms < 1.8.8 - Multiple Authenticated Stored XSS — Constant Contact Forms 4.8 -2021-03-18
CVE-2021-24135 WP Customer Reviews < 3.4.3 - Multiple Unauthenticated and Low Priv Authenticated Stored XSS — WP Customer Reviews 5.4 -2021-03-18
CVE-2021-24136 Testimonials Widget < 4.0.0 - Multiple Authenticated Stored XSS — Testimonials Widget 5.4 -2021-03-18
CVE-2021-24124 WP Shieldon 1.6.3 - Unauthenticated Cross-Site Scripting (XSS) — WP Shieldon 6.1 -2021-03-18
CVE-2021-24126 Envira Gallery Lite < 1.8.3.3 - Authenticated Stored Cross-Site Scripting — Envira Gallery Lite 5.4 -2021-03-18
CVE-2021-24127 ThirstyAffiliates < 3.9.3 - Authenticated Stored XSS — ThirstyAffiliates 5.4 -2021-03-18
CVE-2021-24128 Team Members < 5.0.4 - Authenticated Stored Cross-Site Scripting (XSS) — Team Members 5.4 -2021-03-18
CVE-2021-24129 Themify Portfolio Post < 1.1.6 - Authenticated Stored Cross-Site Scripting — Themify Portfolio Post 5.4 -2021-03-18
CVE-2019-18233 Advantech Spectre RT ERT351 firmware 跨站脚本漏洞 — Advantech Spectre RT Industrial Routers ERT351 6.1 -2021-03-17
CVE-2021-20280 Moodle 跨站脚本漏洞 — moodle 5.4 -2021-03-15
CVE-2021-20279 Moodle 跨站脚本漏洞 — moodle 5.4 -2021-03-15

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21521 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.