CWE-79 在Web页面生成时对输入的转义处理不恰当(跨站脚本) 类弱点 22584 条 CVE 漏洞汇总,含 AI 中文分析。
CWE-79 即跨站脚本攻击,属于输入验证类漏洞。攻击者通过在网页中注入恶意脚本,利用服务器未正确过滤用户输入的特性,使受害者在浏览器中执行非预期代码,从而窃取会话令牌或篡改页面内容。开发者应避免此类风险,需严格对用户输入进行白名单验证,并在输出到 HTML 时实施上下文相关的编码与转义,确保危险字符被正确中和。
$username = $_GET['username']; echo '<div class="header"> Welcome, ' . $username . '</div>';http://trustedSite.example.com/welcome.php?username=<Script Language="Javascript">alert("You've been attacked!");</Script><% String eid = request.getParameter("eid"); %> ... Employee ID: <%= eid %><% protected System.Web.UI.WebControls.TextBox Login; protected System.Web.UI.WebControls.Label EmployeeID; ... EmployeeID.Text = Login.Text; %> <p><asp:label id="EmployeeID" runat="server" /></p>| CVE ID | 标题 | CVSS | 风险等级 | Published |
|---|---|---|---|---|
| CVE-2025-10194 | WordPress plugin Shortcode Button 跨站脚本漏洞 — Shortcode Button | 6.4 | Medium | 2025-10-15 |
| CVE-2025-10141 | WordPress plugin Digiseller 跨站脚本漏洞 — Digiseller | 6.4 | Medium | 2025-10-15 |
| CVE-2025-10140 | WordPress plugin Quick Social Login 跨站脚本漏洞 — Quick Social Login | 6.4 | Medium | 2025-10-15 |
| CVE-2025-10135 | WordPress plugin WP ViewSTL 跨站脚本漏洞 — WP ViewSTL | 6.4 | Medium | 2025-10-15 |
| CVE-2025-10132 | WordPress plugin Dhivehi Text 跨站脚本漏洞 — Dhivehi Text | 6.4 | Medium | 2025-10-15 |
| CVE-2025-10133 | WordPress plugin URLYar URL Shortner 跨站脚本漏洞 — URLYar URL Shortner | 6.4 | Medium | 2025-10-15 |
| CVE-2025-10139 | WordPress plugin WP BookWidgets 跨站脚本漏洞 — WP BookWidgets | 6.4 | Medium | 2025-10-15 |
| CVE-2025-49552 | Adobe Connect 跨站脚本漏洞 — Adobe Connect | 8.1 | High | 2025-10-14 |
| CVE-2025-49553 | Adobe Connect 跨站脚本漏洞 — Adobe Connect | 9.3 | Critical | 2025-10-14 |
| CVE-2025-61797 | Adobe Experience Manager 跨站脚本漏洞 — Adobe Experience Manager | 5.4 | Medium | 2025-10-14 |
| CVE-2025-54272 | Adobe Experience Manager 跨站脚本漏洞 — Adobe Experience Manager | 5.4 | Medium | 2025-10-14 |
| CVE-2025-61796 | Adobe Experience Manager 跨站脚本漏洞 — Adobe Experience Manager | 5.4 | Medium | 2025-10-14 |
| CVE-2025-54266 | Adobe Commerce 跨站脚本漏洞 — Adobe Commerce | 4.8 | Medium | 2025-10-14 |
| CVE-2025-54264 | Adobe Commerce 跨站脚本漏洞 — Adobe Commerce | 8.1 | High | 2025-10-14 |
| CVE-2025-59429 | FreePBX 跨站脚本漏洞 — core | 6.1AI | MediumAI | 2025-10-14 |
| CVE-2025-8459 | Centreon 安全漏洞 — Infra Monitoring | 7.7 | High | 2025-10-14 |
| CVE-2025-8430 | Centreon 安全漏洞 — Infra Monitoring | 6.8 | Medium | 2025-10-14 |
| CVE-2025-8429 | Centreon 安全漏洞 — Infra Monitoring | 6.8 | Medium | 2025-10-14 |
| CVE-2025-54893 | Centreon 安全漏洞 — Infra Monitoring | 6.8 | Medium | 2025-10-14 |
| CVE-2025-62366 | mailgen 跨站脚本漏洞 — mailgen | 6.1AI | MediumAI | 2025-10-14 |
| CVE-2025-31366 | Fortinet多款产品 跨站脚本漏洞 — FortiProxy | 4.5 | Medium | 2025-10-14 |
| CVE-2025-58324 | Fortinet FortiSIEM 跨站脚本漏洞 — FortiSIEM | 6.1 | Medium | 2025-10-14 |
| CVE-2025-54891 | Centreon 安全漏洞 — Infra Monitoring | 6.8 | Medium | 2025-10-14 |
| CVE-2025-54892 | Centreon 安全漏洞 — Infra Monitoring | 6.8 | Medium | 2025-10-14 |
| CVE-2025-54889 | Centreon 安全漏洞 — Infra Monitoring | 6.8 | Medium | 2025-10-14 |
| CVE-2024-44088 | Apache Geode 安全漏洞 — Apache Geode | 6.1AI | MediumAI | 2025-10-14 |
| CVE-2025-8428 | Centreon 安全漏洞 — Infra Monitoring | 6.8 | Medium | 2025-10-14 |
| CVE-2025-7329 | Rockwell Automation Comms-1783-NATR 安全漏洞 — Comms - 1783-NATR | 5.4AI | MediumAI | 2025-10-14 |
| CVE-2025-40772 | Siemens SiPass integrated 跨站脚本漏洞 — SiPass integrated | 7.4 | High | 2025-10-14 |
| CVE-2025-62365 | LibreNMS 跨站脚本漏洞 — librenms | 6.1AI | MediumAI | 2025-10-13 |
CWE-79(在Web页面生成时对输入的转义处理不恰当(跨站脚本)) 是常见的弱点类别,本平台收录该类弱点关联的 22584 条 CVE 漏洞。