Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-80

CWE-80

High likelihood

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Parent: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.

538 vulnerabilities with CWE-80

CVE-2024-41752 MEDIUM

IBM Cognos Analytics 11.2.0-11.2.4 and 12.0.0-12.0.3 - HTML Injection

CVE-2024-12127 MEDIUM

Sikshya LMS <0.0.21 - XSS

CVE-2024-54223 MEDIUM

ARForms Form Builder <1.7.1 - Code Injection

CVE-2024-54128 MEDIUM

Directus 10.10.0-10.13.3 and 11.0.0-13.3.0 - HTML Injection via Comment Feature Client-Side Filter Bypass

CVE-2024-54001 MEDIUM

Kanboard - Stored Cross-Site Scripting in Application Settings

CVE-2024-42195 LOW

HCL DevOps Deploy 8.0.0.0-8.0.1.3 and HCL Launch 7.0.0.0-7.0.5.24 - HTML Injection in Web UI

CVE-2024-11479 MEDIUM

Issuetrak 17.1 - Authenticated HTML Injection in Ticket Comments

CVE-2024-52598 HIGH

2fauth < 5.4.1 - Server-Side Request Forgery and URI Validation Bypass via Preview Endpoint

CVE-2024-52597 MEDIUM

2fauth < 5.4.1 - Stored Cross-Site Scripting via SVG Upload

CVE-2024-11404 MEDIUM

django-filer < 3.3.0 - Unrestricted File Upload and Stored Cross-Site Scripting

CVE-2024-10592 MEDIUM

Mapster WP Maps <= 1.6.0 - Authenticated Stored Cross-Site Scripting via Popup Class Parameter

CVE-2024-52300 CRITICAL

XWiki PDF Viewer Macro < 2.5.6 - Stored Cross-Site Scripting via Width Parameter

CVE-2024-10038 MEDIUM

WP-Strava <= 2.12.1 - Authenticated Stored Cross-Site Scripting via Admin Settings

CVE-2024-51689 HIGH

CF7 WOW Styler <= 1.6.8 - Reflected Cross-Site Scripting

CVE-2024-10621 MEDIUM

Simple Shortcode for Google Maps <1.5.4 - XSS

CVE-2024-20504 MEDIUM

Cisco AsyncOS - Authenticated Stored Cross-Site Scripting in Web Management Interface

CVE-2024-51735 HIGH

Osmedeus <= 4.6.4 - Cross-Site Scripting in Workflow Result Report

CVE-2024-49377 MEDIUM

OctoPrint <= 1.10.2 - Reflected Cross-Site Scripting in Login and Application Key Dialogs

CVE-2024-9147 MEDIUM

Bna Informatics PosPratik < 3.2.1 - Cross-Site Scripting via HTTP Query Strings

CVE-2024-50344 MEDIUM

I, Librarian <5.11.2 - Supplemental File Cross-Site Scripting

CVE-2024-9438 MEDIUM

SEUR Oficial <= 2.2.11 - Unauthenticated Reflected Cross-Site Scripting via change_service Parameter

CVE-2024-20382 MEDIUM

Cisco Adaptive Security Appliance Software - Cross-Site Scripting via VPN Web Client Services

CVE-2024-20341 MEDIUM

Cisco Adaptive Security Appliance Software - Unauthenticated Cross-Site Scripting via VPN Web Client Services

CVE-2024-20460 MEDIUM

Cisco ATA 190 Series Firmware < 12.0.2 (ATA 191) / < 11.2.5 (ATA 192) - Unauthenticated Reflected Cross-Site Scripting

CVE-2024-47139 MEDIUM

BIG-IQ Centralized Management - Authenticated Stored Cross-Site Scripting in Configuration Utility

Previous Page 10 of 22 Next

Details

Vulnerabilities 538

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy