Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-80

CWE-80

High likelihood

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Parent: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.

538 vulnerabilities with CWE-80

CVE-2024-47815 MEDIUM

IncidentReporting - Authenticated Cross-Site Scripting

CVE-2024-47812 MEDIUM

ImportDump - Stored Cross-Site Scripting in Special:RequestImportQueue Date Messages

CVE-2024-47782 HIGH

WikiDiscover < 2024-10-06 - Stored Cross-Site Scripting in Special:WikiDiscover Page

CVE-2024-38039 MEDIUM

Esri Portal for ArcGIS <=11.0 - XSS

CVE-2024-47765 MEDIUM

jgniecki/minecraft_motd_parser < 1.0.6 - Cross-Site Scripting via Malformed MOTD Color and Text Properties

CVE-2024-47612 LOW

DataDump < 601688ee8e8808a23b102fa305b178f27cbd226d - Stored Cross-Site Scripting via Unescaped Interface Messages

CVE-2024-8981 HIGH

Broken Link Checker <= 2.4.0 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg

CVE-2024-47536 MEDIUM

starcitizen.tools/citizen < 2.31.0 - Stored Cross-Site Scripting via Real Name Field

CVE-2024-8872 MEDIUM

Store Hours for WooCommerce < 4.3.20 - Unauthenticated Reflected Cross-Site Scripting via add_query_arg

CVE-2024-8680 MEDIUM

MC4WP: Mailchimp for WordPress <4.9.16 - XSS

CVE-2024-2010 MEDIUM

Tebilisim V5 < 6.2 - Basic XSS

CVE-2024-45406 MEDIUM

Craft CMS 5.0.0-5.1.1 - Stored Cross-Site Scripting in Breadcrumb List and Title Fields

CVE-2024-38859 MEDIUM

Checkmk < 2.3.0p14, < 2.2.0p33, < 2.1.0p47 - Stored Cross-Site Scripting in SLA Column Title

CVE-2024-8145 LOW

ClassCMS 4.8 - Cross-Site Scripting via Article Title Parameter

CVE-2024-7629 MEDIUM

Responsive video < 1.0 - Authenticated Stored Cross-Site Scripting via Video Settings Function

CVE-2024-41697 MEDIUM

Priority < 24.0 - Cross-Site Scripting

CVE-2024-41947 CRITICAL

XWiki 11.8-15.10.7 - Stored Cross-Site Scripting via Edit Conflict

CVE-2024-41693 MEDIUM

Mashov < 3.8.46 - Cross-Site Scripting

CVE-2024-41810 MEDIUM

twisted < 24.7.0rc1 - Reflected Cross-Site Scripting via redirectTo Function

CVE-2024-32484 HIGH

Anki 24.04 - Reflected Cross-Site Scripting via Invalid Path Handling

CVE-2024-25639 MEDIUM

khoj < 1.13.0 - Cross-Site Scripting via AI Model Response and User Input

CVE-2024-27716 MEDIUM

Eskooly Web Product < 3.0 - Cross-Site Scripting via Message Sending and User Input Fields

CVE-2024-22277 MEDIUM

VMware Cloud Director Availability - XSS

CVE-2024-6052 MEDIUM

checkmk < 2.3.0p8, 2.2.0p29, 2.1.0p45 - Stored Cross-Site Scripting via HTML Element Injection

CVE-2024-28832 MEDIUM

Checkmk < 2.3.0p7, < 2.2.0p28, < 2.1.0p45 - Stored Cross-Site Scripting in Crash Report Page

Previous Page 11 of 22 Next

Details

Vulnerabilities 538

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy