CWE-80

High likelihood

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Parent: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.

538 vulnerabilities with CWE-80
CVE-2024-28831 MEDIUM
Checkmk < 2.2.0 - Stored Cross-Site Scripting in Confirmation Pop-ups
CVSS 5.4
CVE-2024-37732 MEDIUM
Anchor CMS 0.12.7 - Cross-Site Scripting via Crafted PDF File
CVSS 6.1
CVE-2024-6251 LOW
playSMS 1.4.3 - Cross-Site Scripting via Phonebook List Name/Email Parameter
CVSS 2.4
CVE-2024-6183 MEDIUM
EZ-Suite EZ-Partner 5 - Cross-Site Scripting in Forgot Password Handler
CVSS 4.3
CVE-2024-6108 MEDIUM
Genexis Tilgin Home Gateway 322_AS0500-03_05_13_05 - XSS
CVSS 4.3
CVE-2024-38469 MEDIUM
ibarn v1.5 - Reflected Cross-Site Scripting via $search Parameter
CVSS 6.3
CVE-2024-5741 MEDIUM
Checkmk < 2.3.0p7, < 2.2.0p28, < 2.1.0p45 - Stored Cross-Site Scripting in Inventory Tree Rendering
CVSS 6.5
CVE-2024-36395 MEDIUM
Verint Workforce Optimization - Cross-Site Scripting
CVSS 6.1
CVE-2024-37297 MEDIUM
WooCommerce 8.8.0-8.8.5 - Cross-Site Scripting via Order Attribution URL Parameter
CVSS 5.4
CVE-2024-5851 LOW
playSMS <= 1.4.7 - Cross-Site Scripting via SMS Schedule Handler Name/Message Parameter
CVSS 3.5
CVE-2024-37166 HIGH
ghtml < 2.0.0 - Cross-Site Scripting via Tagged Template Injection
CVSS 8.9
CVE-2024-35680 MEDIUM
YITH WooCommerce Product Add-Ons <= 4.9.2 - Cross-Site Scripting
CVSS 5.3
CVE-2024-37156 MEDIUM
SuluFormBundle 2.0.0-2.5.2 - Cross-Site Scripting via TokenController formName Parameter
CVSS 6.1
CVE-2024-32464 MEDIUM
Action Text <7.1.3.4,7.2.0.beta2 - XSS
CVSS 6.1
CVE-2024-35224 HIGH
OpenProject < 13.4.2 - Authenticated Stored Cross-Site Scripting via Cost Report Table Header
CVSS 7.6
CVE-2024-4214 LOW
Bill Minozzi Car Dealer <4.15 - XSS
CVSS 2.7
CVE-2024-32790 MEDIUM
Supsystic Pricing Table <1.9.12 - XSS
CVSS 4.3
CVE-2024-24874 MEDIUM
CP Polls <= 1.0.71 - Cross-Site Scripting
CVSS 5.3
CVE-2024-23522 MEDIUM
Formidable Forms < 6.7 - Stored Cross-Site Scripting
CVSS 5.3
CVE-2024-34699 MEDIUM
GZCTF < 0.20.1 - Stored Cross-Site Scripting via Team Name
CVSS 6.5
CVE-2024-34070 CRITICAL
Froxlor < 2.1.9 - Unauthenticated Stored Cross-Site Scripting via Login Name Parameter
CVSS 9.6
CVE-2024-34507 HIGH
MediaWiki <1.39.7, <1.40.3, <1.41.1 - XSS
CVSS 7.4
CVE-2024-4439 HIGH
WordPress 6.0-6.5.2 - Stored Cross-Site Scripting via Avatar Block Display Name
CVSS 7.2
CVE-2024-33423 HIGH
CMSimple 5.15 - Stored Cross-Site Scripting via Logout Parameter in Settings Menu
CVSS 7.4
CVE-2024-32966 MEDIUM
static-web-server < 2.30.0 - Stored Cross-Site Scripting via Directory Listing
CVSS 5.8
Details
Vulnerabilities 538
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits