Search

Blog Stats Labs CLI MCP API Limits About Privacy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Blog Statistics Labs CLI Tool MCP Server API Documentation Rate Limits About Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-80

CWE-80

High likelihood

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Parent: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.

485 vulnerabilities with CWE-80

Chamilo <1.11.34 - Stored XSS

CVE-2026-20070 MEDIUM

Cisco ASA/FTD - XSS

CVE-2025-52564 MEDIUM

Chamilo <1.11.30 - XSS

CVE-2025-52563 MEDIUM

Chamilo <1.11.30 - XSS

CVE-2026-28132 MEDIUM

WooCommerce Photo Reviews <=1.4.4 - XSS

CVE-2026-27578 MEDIUM

n8n <2.10.1/2.9.3/1.123.22 - XSS

CVE-2026-27116 MEDIUM

Vikunja <2.0.0 - XSS

CVE-2026-27458 MEDIUM

LinkAce <=2.4.2 - Stored XSS

CVE-2026-25006 MEDIUM

8theme XStore <=9.6.4 - XSS

CVE-2026-22422 MEDIUM

Everest Forms <=3.4.1 - XSS

CVE-2025-14289 MEDIUM

IBM webMethods Integration Server 12.0 - XSS

CVE-2026-25935 MEDIUM

Code.vikunja.io API - Basic XSS

CVE-2026-1282 LOW

Gitlab < 18.6.6 - Basic XSS

CVE-2025-12803 MEDIUM

Bold Page Builder <5.5.1 - XSS

CVE-2026-25764 LOW

Openproject < 16.6.7 - Basic XSS

CVE-2026-22254 NONE

Winter Wn-cms-module < 1.2.10 - Basic XSS

CVE-2026-25578 MEDIUM

Navidrome < 0.60.0 - Basic XSS

CVE-2026-25054 MEDIUM

N8n < 1.123.9 - Basic XSS

CVE-2025-65924 MEDIUM

ERPNext <15.88.1 - XSS

CVE-2025-45160 MEDIUM

Cacti <=1.2.29 - HTML Injection

CVE-2026-24128 MEDIUM

XWiki Platform <17.7.0 - XSS

CVE-2026-24564 MEDIUM

Israpil Textmetrics <3.6.3 - Code Injection

CVE-2026-22469 MEDIUM

mwtemplates <1.0.2 - XSS

CVE-2025-47600 MEDIUM

xtemos WoodMart <=8.3.7 - Code Injection

CVE-2025-36397 MEDIUM

IBM Application Gateway < 25.09 - Basic XSS

Page 1 of 20 Next

Details

Vulnerabilities 485

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy