Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-87 (替代XSS语法转义处理不恰当) — Vulnerability Class 33

33 vulnerabilities classified as CWE-87 (替代XSS语法转义处理不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-40321 DotNetNuke.Core has stored cross-site-scripting (XSS) via SVG upload — Dnn.Platform 8.1 High2026-04-17
CVE-2025-14732 Elementor Website Builder <= 3.35.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via REST API — Elementor Website Builder – more than just a page builder 6.4 Medium2026-04-08
CVE-2026-22711 Stored XSS through system messages in WikiLove — Mediawiki - Wikilove Extension 6.1AIMediumAI2026-04-07
CVE-2026-33510 DOM-Based XSS in Homarr /auth/login Redirect — homarr 8.8 High2026-04-06
CVE-2026-33506 DOM-Based XSS in Ory Polis Login Page — polis 8.8 High2026-03-26
CVE-2025-54369 Node-SAML SAML Authentication Bypass — node-saml--2025-12-12
CVE-2025-65961 Contao is vulnerable to cross-site scripting in templates — contao 3.3 Low2025-11-25
CVE-2025-48076 Galette is vulnerable to Cross-site Scripting — galette 5.4AIMediumAI2025-11-04
CVE-2025-8561 Ova Advent <= 1.1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Ova Advent 6.4 Medium2025-10-15
CVE-2025-27793 Vega vulnerable to Cross-site Scripting via RegExp.prototype[@@replace] — vega 5.4AIMediumAI2025-03-27
CVE-2024-8505 WordPress Infinite Scroll - Ajax Load More <= 7.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via button_label Parameter — Ajax Load More – Infinite Scroll, Load More, & Lazy Load 6.4 Medium2024-10-02
CVE-2024-4459 Themesflat Addons For Elementor <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Titles — Themesflat Addons For Elementor 6.4 Medium2024-06-06
CVE-2024-2657 Font Farsi <= 1.6.6 - Authenticated (Administrator+) Stored Cross-Site Scripting — Font Farsi 4.4 Medium2024-05-30
CVE-2024-2618 Elementor Header & Footer Builder <= 1.6.26 - Authenticated (Contributor+) Stored Cross-Site Scripting — Ultimate Addons for Elementor 6.4 Medium2024-05-24
CVE-2024-3666 Opal Estate Pro – Property Management and Submission <= 1.7.6 - Authenticated (Contributor+) Stored Cross-Site Scripting — Opal Estate Pro – Property Management and Submission 6.4 Medium2024-05-22
CVE-2024-3519 Media Library Assistant <= 3.15 - Reflected Cross-Site Scripting via lang — Media Library Assistant 6.1 Medium2024-05-21
CVE-2024-2750 Exclusive Addons for Elementor <= 2.6.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Widget — Exclusive Addons for Elementor 6.4 Medium2024-05-02
CVE-2024-3162 Jeg Elementor Kit <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonial — Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress 6.4 Medium2024-04-03
CVE-2024-25640 Improper Neutralization of Alternate XSS Syntax in iris-web — iris-web 4.6 Medium2024-02-19
CVE-2023-6446 Calculated Fields Form <= 1.2.40 - Authenticated (Admin+) Stored Cross-Site Scripting — Calculated Fields Form 4.4 Medium2024-01-11
CVE-2023-50712 Improper Neutralization of Alternate XSS Syntax in iris-web — iris-web 4.6 Medium2023-12-22
CVE-2023-20208 Cisco Identity Services Engine 安全漏洞 — Cisco Identity Services Engine Software 4.8 Medium2023-11-21
CVE-2023-20188 多款Cisco产品 跨站脚本漏洞 — Cisco Small Business Smart and Managed Switches 4.8 Medium2023-06-28
CVE-2023-35161 XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in DeleteApplication page — xwiki-platform 9.7 Critical2023-06-23
CVE-2023-35160 XWiki Platform vulnerable to reflected cross-site scripting via back and xcontinue parameters in resubmit template — xwiki-platform 9.7 Critical2023-06-23
CVE-2023-35159 XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in deletespace template — xwiki-platform 9.7 Critical2023-06-23
CVE-2023-35158 XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in restore template — xwiki-platform 9.7 Critical2023-06-23
CVE-2023-35156 XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in delete template — xwiki-platform 9.7 Critical2023-06-23
CVE-2022-20963 Cisco Identity Services Engine 跨站脚本漏洞 — Cisco Identity Services Engine Software 5.4 Medium2022-11-03
CVE-2022-39295 Improper Neutralization of Alternate XSS Syntax in Knowage-Server — Knowage-Server 6.1 Medium2022-10-13

Vulnerabilities classified as CWE-87 (替代XSS语法转义处理不恰当) represent 33 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.