Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-80

CWE-80

High likelihood

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Parent: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.

538 vulnerabilities with CWE-80

CVE-2026-46492 HIGH

md-fileserver: Stored/Reflected XSS when viewing Markdown (raw HTML allowed)

CVE-2026-34033 MEDIUM

Apache Answer: HTML Content Injection in Email

CVE-2026-11511 LOW

Bolt CMS HTML Attribute TextType.php HTML injection

CVE-2026-9646 MEDIUM

ScadaBR Unauthenticated Reflected Cross-Site Scripting

CVE-2026-44839 MEDIUM

RabbitMQ: Unsanitized vhost names allow for XSS in management UI

CVE-2026-39642 MEDIUM

WordPress Nyla theme <= 1.7 - Arbitrary Shortcode Execution vulnerability

CVE-2026-34246 MEDIUM

CtrlPanel: Stored XSS in Admin Role Management via Unescaped DataTable HTML Output

CVE-2026-45346 MEDIUM

Open WebUI: Stored Cross-Site Scripting in SVG Renderer

CVE-2026-44369 HIGH

CVAT: Stored XSS via annotation guides

CVE-2026-44259 MEDIUM

efw4.X: Stored XSS via previewServlet

CVE-2026-41611 HIGH

Visual Studio Code Remote Code Execution Vulnerability

CVE-2026-43939 HIGH

YAF.NET: Stored XSS in Forum Thread Posts/Replies Allowing Arbitrary JavaScript Execution for All Thread Viewers

CVE-2026-43938 HIGH

YAF.NET: Unauthenticated Stored Second-Order XSS in Admin Event Log via Reflected `User-Agent` Header

CVE-2026-42451 MEDIUM

Grimmory: Stored XSS via Malicious EPUB Enables Session Token Theft

CVE-2026-42030 MEDIUM

MapServer: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in OpenLayers viewer

CVE-2026-41575 MEDIUM

th30d4y/IP: DOM-Based Cross-Site Scripting (XSS) Vulnerability

CVE-2026-44264 MEDIUM

Weblate is vulnerable to XSS via crafted Markdown

CVE-2026-6002 HIGH

HTML Injection in DivvyDrive Information Technologies' DivvyDrive

CVE-2026-40875 HIGH

mailcow: dockerized vulnerable to stored XSS in user login history real_rip

CVE-2026-40873 HIGH

mailcow: dockerized vulnerable to stored XSS in Quarantine attachment filenames

CVE-2026-40872 CRITICAL

mailcow: dockerized vulnerable to stored XSS in autodiscover logs email address field

CVE-2026-1564 MEDIUM

Pega Platform 8.1.0 to 25.1.1 - UI HTML Injection

CVE-2026-20170 MEDIUM

Cisco Webex Contact Center - Unauthenticated Cross-Site Scripting

CVE-2026-40105 MEDIUM

XWiki has Reflected Cross-Site Scripting (XSS) in its page history compare functionality

CVE-2026-39425 MEDIUM

MaxKB: Stored XSS via Unsanitized html_rander Tags in Markdown Rendering

Page 1 of 22 Next

Details

Vulnerabilities 538

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy