CWE-80

High likelihood

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Parent: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.

538 vulnerabilities with CWE-80
CVE-2023-3971 HIGH
Ansible Automation Controller - HTML Injection in User Interface Settings
CVSS 7.3
CVE-2023-20179 MEDIUM
Cisco Catalyst SD-WAN Manager - XSS
CVSS 4.3
CVE-2023-42458 LOW
Zope < 4.8.10 - Stored Cross-Site Scripting via SVG Image Upload
CVSS 3.7
CVE-2023-41048 LOW
plone.namedfile < 5.6.1 - Stored Cross-Site Scripting via SVG Image Scales
CVSS 3.7
CVE-2023-4663 MEDIUM
Saphira Connect < 9 - Reflected Cross-Site Scripting
CVSS 6.1
CVE-2023-3481 MEDIUM
Critters 0.0.17-0.0.19 - Cross-Site Scripting in HTML Parser
CVSS 5.7
CVE-2023-20222 MEDIUM
Cisco Prime Infrastructure and Evolved Programmable Network Manager - Unauthenticated Stored Cross-Site Scripting
CVSS 4.8
CVE-2023-20228 MEDIUM
Cisco Integrated Management Controller 3.2-3.2.15.1 and 4.2-4.3.2.230207 - Unauthenticated Stored Cross-Site Scripting
CVSS 6.1
CVE-2023-39217 MEDIUM
Zoom Meeting SDK < 5.14.10 - Unauthenticated Denial of Service via Network Access
CVSS 5.3
CVE-2023-39216 CRITICAL
Zoom Desktop Client <5.14.7 - Privilege Escalation
CVSS 9.6
CVE-2023-20218 MEDIUM
Cisco SPA500 Series ATAs - Authenticated Stored Cross-Site Scripting
CVSS 5.8
CVE-2023-20181 MEDIUM
Cisco Small Business SPA500 Series IP Phones - Unauthenticated Stored Cross-Site Scripting
CVSS 6.1
CVE-2023-23548 MEDIUM
Checkmk < 2.2.0p8, < 2.1.0p32, < 2.0.0p38, <= 1.6.0p30 - Reflected Cross-Site Scripting in Business Intelligence
CVSS 5.4
CVE-2023-24497 MEDIUM
Milesight VPN 2.0.2 - Cross-Site Scripting via Remote Subnet Field
CVSS 4.7
CVE-2023-24496 MEDIUM
Milesight VPN 2.0.2 - Cross-Site Scripting via Name Field in detail_device Request Handler
CVSS 4.7
CVE-2023-35157 HIGH
XWiki Platform < 14.10.6 - Cross-Site Scripting via Delete Attachment Action
CVSS 8.4
CVE-2023-35153 CRITICAL
XWiki 5.4.4-14.4.7 - Stored Cross-Site Scripting via AppWithinMinutes.FormFieldCategoryClass Page Title
CVSS 9.0
CVE-2023-3017 LOW
SourceCodester Lost and Found Information System 1.0 - XSS
CVSS 2.4
CVE-2023-2981 LOW
Pydio Cells 4.2.0 - Cross-Site Scripting in Chat Component
CVSS 3.5
CVE-2023-33196 MEDIUM
Craft CMS 4.0.1-4.4.6 - Cross-Site Scripting via Review Volumes
CVSS 5.5
CVE-2023-33194 LOW
Craft CMS 3.0.0-3.8.5 and 4.0.0-RC1-4.4.5 - Stored Cross-Site Scripting in Quick Post Validation Error Message
CVSS 3.7
CVE-2023-33197 MEDIUM
Craft CMS < 4.4.6 - Cross-Site Scripting via Update Asset Index Utility
CVSS 5.5
CVE-2023-30615 MEDIUM
dfir-iris/iris < 2.2.1 - Authenticated Stored Cross-Site Scripting
CVSS 6.3
CVE-2023-0007 MEDIUM
PAN-OS 8.1.0-8.1.24 - Authenticated Stored Cross-Site Scripting in Web Interface
CVSS 6.5
CVE-2023-25833 MEDIUM
Esri Portal for ArcGIS < 11.0 - Authenticated HTML Injection via Crafted Link
CVSS 5.4
Details
Vulnerabilities 538
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits