CWE-79 在Web页面生成时对输入的转义处理不恰当(跨站脚本) 类弱点 22721 条 CVE 漏洞汇总,含 AI 中文分析。
CWE-79 即跨站脚本攻击,属于输入验证类漏洞。攻击者通过在网页中注入恶意脚本,利用服务器未正确过滤用户输入的特性,使受害者在浏览器中执行非预期代码,从而窃取会话令牌或篡改页面内容。开发者应避免此类风险,需严格对用户输入进行白名单验证,并在输出到 HTML 时实施上下文相关的编码与转义,确保危险字符被正确中和。
$username = $_GET['username']; echo '<div class="header"> Welcome, ' . $username . '</div>';http://trustedSite.example.com/welcome.php?username=<Script Language="Javascript">alert("You've been attacked!");</Script><% String eid = request.getParameter("eid"); %> ... Employee ID: <%= eid %><% protected System.Web.UI.WebControls.TextBox Login; protected System.Web.UI.WebControls.Label EmployeeID; ... EmployeeID.Text = Login.Text; %> <p><asp:label id="EmployeeID" runat="server" /></p>| CVE ID | 标题 | CVSS | 风险等级 | Published |
|---|---|---|---|---|
| CVE-2025-62412 | LibreNMS 安全漏洞 — librenms | 3.8 | Low | 2025-10-16 |
| CVE-2025-62411 | LibreNMS 安全漏洞 — librenms | 5.5 | Medium | 2025-10-16 |
| CVE-2025-11851 | Apeman ID71 代码注入漏洞 — ID71 | 3.5 | Low | 2025-10-16 |
| CVE-2025-55072 | NEOJAPAN desknets NEO 跨站脚本漏洞 — desknet's NEO | 5.4AI | MediumAI | 2025-10-16 |
| CVE-2025-54859 | Desknets Neo 跨站脚本漏洞 — desknet's NEO | 5.4AI | MediumAI | 2025-10-16 |
| CVE-2025-54760 | Desknets Neo 跨站脚本漏洞 — desknet's NEO | 5.4AI | MediumAI | 2025-10-16 |
| CVE-2025-52583 | NEOJAPAN desknets Web Server 跨站脚本漏洞 — desknet's Web Server | 6.1AI | MediumAI | 2025-10-16 |
| CVE-2025-24833 | Desknets Neo 跨站脚本漏洞 — desknet's NEO | 5.4AI | MediumAI | 2025-10-16 |
| CVE-2025-58115 | ChatLuck 跨站脚本漏洞 — ChatLuck | 6.1AI | MediumAI | 2025-10-16 |
| CVE-2025-53858 | ChatLuck 跨站脚本漏洞 — ChatLuck | 5.4AI | MediumAI | 2025-10-16 |
| CVE-2025-41021 | Sergestec Exito 跨站脚本漏洞 — SISTICK | 5.4AI | MediumAI | 2025-10-16 |
| CVE-2025-11814 | WordPress plugin Ultimate Addons for WPBakery 跨站脚本漏洞 — Ultimate Addons for WPBakery | 6.4 | Medium | 2025-10-16 |
| CVE-2025-62380 | mailgen 跨站脚本漏洞 — mailgen | 7.2AI | HighAI | 2025-10-15 |
| CVE-2025-20351 | Cisco SIP Software 跨站脚本漏洞 — Cisco Session Initiation Protocol (SIP) Software | 6.1 | Medium | 2025-10-15 |
| CVE-2025-61933 | F5 BIG-IP 跨站脚本漏洞 — BIG-IP | 6.1 | Medium | 2025-10-15 |
| CVE-2025-59269 | F5 BIG-IP 跨站脚本漏洞 — BIG-IP | 6.1 | Medium | 2025-10-15 |
| CVE-2025-10869 | Oct8ne Chatbot 跨站脚本漏洞 — Chatbot | 5.4AI | MediumAI | 2025-10-15 |
| CVE-2025-10194 | WordPress plugin Shortcode Button 跨站脚本漏洞 — Shortcode Button | 6.4 | Medium | 2025-10-15 |
| CVE-2025-10141 | WordPress plugin Digiseller 跨站脚本漏洞 — Digiseller | 6.4 | Medium | 2025-10-15 |
| CVE-2025-10140 | WordPress plugin Quick Social Login 跨站脚本漏洞 — Quick Social Login | 6.4 | Medium | 2025-10-15 |
| CVE-2025-10135 | WordPress plugin WP ViewSTL 跨站脚本漏洞 — WP ViewSTL | 6.4 | Medium | 2025-10-15 |
| CVE-2025-10132 | WordPress plugin Dhivehi Text 跨站脚本漏洞 — Dhivehi Text | 6.4 | Medium | 2025-10-15 |
| CVE-2025-10133 | WordPress plugin URLYar URL Shortner 跨站脚本漏洞 — URLYar URL Shortner | 6.4 | Medium | 2025-10-15 |
| CVE-2025-10139 | WordPress plugin WP BookWidgets 跨站脚本漏洞 — WP BookWidgets | 6.4 | Medium | 2025-10-15 |
| CVE-2025-49552 | Adobe Connect 跨站脚本漏洞 — Adobe Connect | 8.1 | High | 2025-10-14 |
| CVE-2025-49553 | Adobe Connect 跨站脚本漏洞 — Adobe Connect | 9.3 | Critical | 2025-10-14 |
| CVE-2025-61797 | Adobe Experience Manager 跨站脚本漏洞 — Adobe Experience Manager | 5.4 | Medium | 2025-10-14 |
| CVE-2025-54272 | Adobe Experience Manager 跨站脚本漏洞 — Adobe Experience Manager | 5.4 | Medium | 2025-10-14 |
| CVE-2025-61796 | Adobe Experience Manager 跨站脚本漏洞 — Adobe Experience Manager | 5.4 | Medium | 2025-10-14 |
| CVE-2025-54266 | Adobe Commerce 跨站脚本漏洞 — Adobe Commerce | 4.8 | Medium | 2025-10-14 |
CWE-79(在Web页面生成时对输入的转义处理不恰当(跨站脚本)) 是常见的弱点类别,本平台收录该类弱点关联的 22721 条 CVE 漏洞。