Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-80

CWE-80

High likelihood

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Parent: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.

538 vulnerabilities with CWE-80

CVE-2024-33831 HIGH

yapi 1.10.2 - Stored Cross-Site Scripting in Advanced Expectation Response Body Field

CVE-2024-32875 MEDIUM

Hugo 0.123.0-0.125.2 - Cross-Site Scripting in Markdown Title Arguments

CVE-2024-27306 MEDIUM

aiohttp < 3.9.4 - Cross-Site Scripting in Static File Index Pages

CVE-2024-32472 MEDIUM

excalidraw 0.16.0-0.16.3 and 0.17.0-0.17.5 - Stored Cross-Site Scripting via iframe srcdoc and Attribute Injection

CVE-2024-32746 MEDIUM

WonderCMS 3.4.3 - Stored Cross-Site Scripting via Menu Parameter

CVE-2024-32489 MEDIUM

TCPDF < 6.7.4 - Cross-Site Scripting via HTML Syntax Mishandling

CVE-2024-2380 MEDIUM

Checkmk < 2.3.0b4 - Stored Cross-Site Scripting in Graph Rendering

CVE-2024-25690 MEDIUM

Esri Portal for ArcGIS < 11.1 - Unauthenticated HTML Injection via Crafted Link

CVE-2024-20362 MEDIUM

Cisco Small Business RV016-325 - XSS

CVE-2024-31062 MEDIUM

insurance_management_system < 1.0 - Stored Cross-Site Scripting via Street Input Field

CVE-2024-28108 MEDIUM

phpmyfaq 3.2.5 - Unauthenticated Stored Cross-Site Scripting via ContentLink Parameter

CVE-2024-1606 MEDIUM

BMC Control-M 9.0.20-9.0.20.237 and 9.0.21-9.0.21.199 - Authenticated Cross-Site Scripting

CVE-2024-28417 MEDIUM

Webedition CMS 9.2.2.0 - Stored Cross-Site Scripting via we_cmd.php

CVE-2024-26282 HIGH

Firefox for iOS < 123.0 - Cross-Site Scripting via AMP URL Canonical Element

CVE-2024-25873 MEDIUM

Enhavo 0.13.1 - Cross-Site Scripting in Blockquote Author Text Field

CVE-2024-26482 HIGH

Kirby CMS 4.1.0 - HTML Injection in Edit Content Layout Module

CVE-2024-24812 MEDIUM

frappe < 14.59.0 - Cross-Site Scripting via Portal Pages

CVE-2024-24807 LOW

Sulu 2.0.0-2.4.15 - Authenticated Stored Cross-Site Scripting in Tag Name Autocomplete

CVE-2024-24574 MEDIUM

phpMyFAQ < 3.2.5 - Cross-Site Scripting via Unsafe Filename Echo in Attachments Admin

CVE-2024-24571 MEDIUM

facilemanager < 4.5.1 - Stored Cross-Site Scripting via Input Fields

CVE-2024-23841 HIGH

apollo-client-nextjs < 0.7.0 - Cross-Site Scripting via Malicious GraphQL Input

CVE-2024-23817 HIGH

Dolibarr 18.0.4 - HTML Injection in Home Page

CVE-2024-0183 LOW

RRJ Nueva Ecija Engineer Online Portal 1.0 - Cross-Site Scripting in /admin/students.php

CVE-2023-38007 MEDIUM

IBM Cloud Pak System 2.3.3.6-2.3.5.0 - Cross-Site Scripting

CVE-2023-51308 MEDIUM

PHPJabbers Car Park Booking System v3.0 - XSS

Previous Page 13 of 22 Next

Details

Vulnerabilities 538

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy