Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-80

CWE-80

High likelihood

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Parent: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.

538 vulnerabilities with CWE-80

CVE-2023-1384 MEDIUM

Amazon Fire OS < 6.2.9.5 - Cross-Site Scripting via setMediaSource Function

CVE-2023-22309 MEDIUM

Tribe29 Checkmk Appliance <1.6.4 - XSS

CVE-2023-29508 HIGH

XWiki < 13.10.11 - Stored Cross-Site Scripting via Live Data Macro

CVE-2023-29112 LOW

SAP Application Interface (Message Monitoring) -600,700 - XSS

CVE-2023-29110 LOW

SAP ABAP Platform - Cross-Site Scripting via HTML Tag Injection

CVE-2023-28851 MEDIUM

Silverstripe Form Capture <3.1.1 - XSS

CVE-2023-1013 MEDIUM

Vira-Investing < 1.0.84.86 - Cross-Site Scripting

CVE-2023-26047 MEDIUM

kitabisa/teler-waf < 0.2.0 - Cross-Site Scripting via Hex Entity Bypass

CVE-2023-26046 MEDIUM

kitabisa/teler-waf < 0.1.1 - Cross-Site Scripting via HTML Entity Bypass

CVE-2023-22464 MEDIUM

ViewVC < 1.1.30 and < 1.2.3 - Authenticated Cross-Site Scripting via Unsafe Filename Rendering

CVE-2023-22461 HIGH

sanitize-svg < 0.4.0 - Cross-Site Scripting via Incomplete Deny-List Pattern

CVE-2022-20654 MEDIUM

Cisco Webex Meetings - Unauthenticated Stored Cross-Site Scripting

CVE-2022-38055 MEDIUM

wpForo Forum < 2.0.9 - Cross-Site Scripting

CVE-2022-35850 MEDIUM

FortiAuthenticator 6.1.0-6.3.3 - Unauthenticated Reflected Cross-Site Scripting via Reset-Password Page

CVE-2022-1274 MEDIUM

Keycloak < 20.0.5 - Cross-Site Scripting via Execute-Actions-Email Endpoint

CVE-2022-38210 MEDIUM

Esri Portal for ArcGIS <10.9.1 - XSS

CVE-2022-23543 MEDIUM

silverwaregames < 1.1.34 - Stored Cross-Site Scripting via Custom HTML Attributes in YouTube Iframe

CVE-2022-28703 MEDIUM

Lansweeper 10.1.1.0 - Stored Cross-Site Scripting in HdConfigActions.aspx altertextlanguages

CVE-2022-46350 MEDIUM

SCALANCE X204RNA - XSS

CVE-2022-39372 LOW

GLPI 0.70-10.0.3 - Authenticated Stored Cross-Site Scripting in Account Information

CVE-2022-39371 HIGH

GLPI 10.0.0-10.0.3 - Stored Cross-Site Scripting in Assets Inventory Information

CVE-2022-39277 MEDIUM

GLPI 0.60-10.0.3 - Cross-Site Scripting via External Link Sanitization Bypass

CVE-2022-3844 LOW

Webmin 2.001 - Cross-Site Scripting in xterm/index.cgi

CVE-2022-39348 MEDIUM

Twisted 0.9.4-22.10.0rc1 - Cross-Site Scripting via Host Header in NameVirtualHost

CVE-2022-39301 HIGH

sra-admin < 1.1.1 - Authenticated Stored Cross-Site Scripting via Profile Picture Upload

Previous Page 16 of 22 Next

Details

Vulnerabilities 538

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy