Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-80

CWE-80

High likelihood

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Parent: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.

538 vulnerabilities with CWE-80

CVE-2022-39240 MEDIUM

mygraph < 1.0.4 - Stored Cross-Site Scripting

CVE-2022-36097 HIGH

XWiki Platform Attachment UI 14.0-rc-1-14.3 - Stored Cross-Site Scripting via Attachment Name

CVE-2022-36096 HIGH

XWiki Platform Index UI < 13.10.6 - Stored Cross-Site Scripting via Deleted Attachments Index

CVE-2022-36094 HIGH

XWiki Platform <13.10.6 & <14.30-rc-1 - XSS

CVE-2022-36057 MEDIUM

discourse-chat < 0.9 - Cross-Site Scripting via Chat Title and Description

CVE-2022-35278 MEDIUM

Apache ActiveMQ Artemis < 2.24.0 - Cross-Site Scripting via Address or Queue Name

CVE-2022-36325 MEDIUM

Siemens SCALANCE - DOM-based XSS via Web Interface

CVE-2022-1293 MEDIUM

Thales Citadel < 7.1.2 - Cross-Site Scripting via Script Tag Neutralization Bypass

CVE-2022-20916 MEDIUM

Cisco IoT Control Center - Unauthenticated Stored Cross-Site Scripting

CVE-2022-29168 CRITICAL

wire-webapp - Stored Cross-Site Scripting via @mentions Rendering

CVE-2022-29258 HIGH

XWiki Platform <12.10.11-14.0-rc-1-13.4.7-13.10.3 - XSS

CVE-2022-20765 MEDIUM

Cisco UCS Director < 6.6 - Authenticated Cross-Site Scripting via User Input

CVE-2022-29252 HIGH

XWiki Platform Wiki UI Main Wiki <5.3-milestone-2 - XSS

CVE-2022-29251 HIGH

XWiki Platform Flamingo Theme UI <12.10.11,14.0-rc-1,13.4.7,13.10.3...

CVE-2022-21238 MEDIUM

InRouter302 Firmware < 3.5.37 - Cross-Site Scripting in info.jsp

CVE-2022-20740 MEDIUM

Cisco Firepower Management Center - XSS

CVE-2022-21145 MEDIUM

Lansweeper 9.1.20.2 - Stored Cross-Site Scripting in WebUserActions.aspx

CVE-2022-25756 MEDIUM

Siemens SCALANCE X Series < 4.1.4 - Cross-Site Scripting via Integrated Web Server

CVE-2022-0989 HIGH

NS WooCommerce Watermark < 2.11.3 - Unauthenticated Cross-Site Scripting via Image Loading

CVE-2022-28648 MEDIUM

JetBrains YouTrack <2022.1.43563 - XSS

CVE-2022-25620 LOW

SambaBox < 4.0 - Authenticated Cross-Site Scripting in Group Functionality

CVE-2022-1002 LOW

Mattermost < 6.4.0 - Cross-Site Scripting via Guest User Email Invitation

CVE-2022-24749 MEDIUM

Sylius <1.9.10, <1.10.11, <1.11.2 - XSS

CVE-2021-47948 MEDIUM

WordPress GetPaid Plugin 2.4.6 HTML Injection via Help Text

CVE-2021-27915 HIGH

Mautic < 4.4.12 - Authenticated Stored Cross-Site Scripting in Description Fields

Previous Page 17 of 22 Next

Details

Vulnerabilities 538

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy