Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) — Vulnerability Class 21529

21529 vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-67983 WordPress WP Visitor Statistics (Real Time Traffic) plugin <= 8.3 - Cross Site Scripting (XSS) vulnerability — WP Visitor Statistics (Real Time Traffic) 6.5 Medium2025-12-16
CVE-2025-67986 WordPress Document Library Lite plugin <= 1.1.7 - Cross Site Scripting (XSS) vulnerability — Document Library Lite 5.9 Medium2025-12-16
CVE-2025-67951 WordPress WPZOOM Addons for Elementor plugin <= 1.2.10 - Cross Site Scripting (XSS) vulnerability — WPZOOM Addons for Elementor 6.5 Medium2025-12-16
CVE-2025-67912 WordPress Stars Testimonials plugin <= 3.3.4 - Cross Site Scripting (XSS) vulnerability — Stars Testimonials 6.5 Medium2025-12-16
CVE-2025-68115 Parse Server vulnerable to Cross-Site Scripting (XSS) via Unescaped Mustache Template Variables — parse-server 6.1AIMediumAI2025-12-16
CVE-2025-64338 ClipBucket's Manage Photos Feature is Vulnerable to Stored XSS via Collection Name — clipbucket-v5--2025-12-15
CVE-2025-14722 vion707 DMadmin Backend AddonsController.class.php add cross site scripting — DMadmin 2.4 Low2025-12-15
CVE-2023-53891 Blackcat CMS 1.4 Stored Cross-Site Scripting via Page Modification — Blackcat CMS 5.4AIMediumAI2025-12-15
CVE-2023-53890 Perch CMS 3.2 Stored Cross-Site Scripting via SVG File Upload — Perch 5.4AIMediumAI2025-12-15
CVE-2023-53887 Zomplog 3.9 Cross-Site Scripting Vulnerability via Page Creation — Zomplog 5.4AIMediumAI2025-12-15
CVE-2023-53884 Webedition CMS v2.9.8.8 Stored Cross-Site Scripting via SVG Upload — Webedition CMS 5.4AIMediumAI2025-12-15
CVE-2023-53882 JLex GuestBook 1.6.4 Reflected Cross-Site Scripting via URL Parameter — JLex GuestBook 6.1AIMediumAI2025-12-15
CVE-2023-53880 Lucee 5.4.2.17 Authenticated Reflected Cross-Site Scripting via Admin Interfaces — Lucee 5.4AIMediumAI2025-12-15
CVE-2023-53870 Jorani 1.0.3 Cross-Site Scripting Vulnerability via Language Parameter — Jorani 6.1AIMediumAI2025-12-15
CVE-2025-14387 LearnPress – WordPress LMS Plugin <= 4.3.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via get_profile_social — LearnPress – WordPress LMS Plugin for Create and Sell Online Courses 6.4 Medium2025-12-15
CVE-2025-13728 FluentAuth - Auth Security Plugin <= 2.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'fluent_auth_reset_password' Shortcode — FluentAuth – The Ultimate Authorization & Security Plugin for WordPress 6.4 Medium2025-12-15
CVE-2025-13610 RegistrationMagic <= 6.0.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'RM_Forms' Shortcode — RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login 6.4 Medium2025-12-15
CVE-2025-13367 User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin <= 4.4.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder 6.4 Medium2025-12-15
CVE-2025-13608 CC Child Pages <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'child_pages' Shortcode — CC Child Pages 6.4 Medium2025-12-15
CVE-2025-37732 Kibana Cross-site Scripting via the Integration Package Upload Functionality — Kibana 5.4 Medium2025-12-15
CVE-2025-67906 MISP 安全漏洞 — MISP 5.4 Medium2025-12-15
CVE-2025-13740 Lightweight Accordion <= 1.5.20 - Authenticated (Contributor+) Stored Cross-Site Scripting — Lightweight Accordion 6.4 Medium2025-12-15
CVE-2025-14691 Mayan EDMS authentication cross site scripting — EDMS 4.3 Medium2025-12-14
CVE-2025-14663 code-projects Student File Management System update_student.php cross site scripting — Student File Management System 2.4 Low2025-12-14
CVE-2025-14662 code-projects Student File Management System Update User update_user.php cross site scripting — Student File Management System 2.4 Low2025-12-14
CVE-2025-12537 Addon Elements for Elementor <= 1.14.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — Addon Elements for Elementor (formerly Elementor Addon Elements) 6.4 Medium2025-12-14
CVE-2025-8780 Livemesh SiteOrigin Widgets <= 3.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Hero Header and Pricing Table Widgets — Livemesh SiteOrigin Widgets 6.4 Medium2025-12-13
CVE-2025-8687 Enter Addons <= 2.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Countdown and Image Comparison Widgets — Enter Addons – Ultimate Template Builder for Elementor 6.4 Medium2025-12-13
CVE-2025-8199 MarqueeAddons <= 2.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonial Marquee Widget — Marquee Addons for Elementor – Essential Motion Widgets & Templates 6.4 Medium2025-12-13
CVE-2025-9856 Popup Builder – Create highly converting, mobile friendly marketing popups. <= 4.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Popup Builder – Create highly converting, mobile friendly marketing popups. 6.4 Medium2025-12-13

Vulnerabilities classified as CWE-79 (在Web页面生成时对输入的转义处理不恰当(跨站脚本)) represent 21529 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.