Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-80

CWE-80

High likelihood

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Parent: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.

538 vulnerabilities with CWE-80

CVE-2023-47869 MEDIUM

wpForo Forum <= 2.2.5 - Cross-Site Scripting

CVE-2023-32193 HIGH

rancher/norman <0.0.0-20240207153100-3bb70b772b52 - Unauthenticated Cross-Site Scripting via Public API Endpoint

CVE-2023-32192 HIGH

rancher/apiserver < 0.0.0-20240207153957-4fd7d821d952 - Unauthenticated Cross-Site Scripting via Public API Endpoint

CVE-2023-35006 MEDIUM

IBM Security QRadar EDR 3.12 - HTML Injection

CVE-2023-49852 MEDIUM

Vsourz Digital Responsive Slick Slider WordPress - Basic XSS

CVE-2023-48285 MEDIUM

Tips and Tricks HQ Stripe Payments <2.0.79 - XSS

CVE-2023-47513 MEDIUM

ARI Stream Quiz < 1.3.2 - Cross-Site Scripting

CVE-2023-46310 MEDIUM

gVectors Team wpDiscuz <7.6.10 - Basic XSS

CVE-2023-45635 MEDIUM

WP Darko Responsive Tabs <4.0.6 - Basic XSS

CVE-2023-45053 MEDIUM

pluginever WP Content Pilot - Basic XSS

CVE-2023-40557 MEDIUM

PickPlugins Tabs & Accordion <1.3.10 - Basic XSS

CVE-2023-39161 MEDIUM

WP Discussion Board Discussion Board < 2.4.8 - Cross-Site Scripting

CVE-2023-23735 MEDIUM

Brainstorm Force Spectra <= 2.3.0 - Unauthenticated Email HTML Injection

CVE-2023-48763 MEDIUM

Crocoblock JetFormBuilder <3.1.4 - Basic XSS

CVE-2023-44396 MEDIUM

iTop < 2.7.1 - Cross-Site Scripting via Dashlet Edit AJAX Endpoint

CVE-2023-43790 MEDIUM

iTop 3.1.0 - Cross-Site Scripting via Object Friendlyname Field

CVE-2023-50933 MEDIUM

IBM PowerSC 1.3, 2.0, and 2.1 - HTML Injection

CVE-2023-5933 MEDIUM

GitLab 13.7-16.6.5, 16.7-16.7.3, 16.8 - Cross-Site Scripting via User Name Input

CVE-2023-20257 MEDIUM

Cisco Prime Infrastructure and Evolved Programmable Network Manager - Authenticated Stored Cross-Site Scripting

CVE-2023-46722 MEDIUM

Pimcore Admin Classic Bundle <1.2.0 - XSS

CVE-2023-46235 MEDIUM

fogproject < 1.5.10.15 - Stored Cross-Site Scripting via Log File Display

CVE-2023-5582 LOW

ZZZCMS 2.2.0 - Cross-Site Scripting in Personal Profile Page

CVE-2023-34354 LOW

Peplink Surf SOHO Firmware - Authenticated Stored Cross-Site Scripting via upload_brand.cgi

CVE-2023-36555 LOW

FortiOS 7.2.0-7.2.4 - Cross-Site Scripting via SAML and Security Fabric Components

CVE-2023-44393 CRITICAL

Piwigo < 14.0.0beta4 - Reflected Cross-Site Scripting via plugin_id Parameter

Previous Page 14 of 22 Next

Details

Vulnerabilities 538

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy