CWE-80

High likelihood

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Parent: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.

538 vulnerabilities with CWE-80
CVE-2021-44197 MEDIUM
UBIT Student Information Management System < 20211126 - Cross-Site Scripting
CVSS 6.1
CVE-2021-44196 MEDIUM
UBIT Student Information Management System < 20211126 - Cross-Site Scripting
CVSS 6.1
CVE-2021-37195 MEDIUM
Siemens COMOS V10.2; V10.3 < 10.3.3.3; V10.4 < 10.4.1 - Stored Cross-Site Scripting via Task Attachment
CVSS 6.1
CVE-2021-43862 LOW
jQuery Terminal Emulator <2.31.1 - XSS
CVSS 3.7
CVE-2021-39348 MEDIUM
LearnPress <= 4.1.3.1 - Authenticated Stored Cross-Site Scripting via Custom Profile Parameter
CVSS 5.5
CVE-2021-32735 HIGH
Kirby 3.5.5-3.5.6 - Cross-Site Scripting in Panel ListItem Component
CVSS 7.1
CVE-2021-28803 MEDIUM
QNAP Q'center < 1.11.1004 - Cross-Site Scripting
CVSS 5.4
CVE-2021-32719 LOW
RabbitMQ < 3.8.18 - Authenticated Stored Cross-Site Scripting in Federation Link Consumer Tag
CVSS 3.1
CVE-2021-32718 LOW
RabbitMQ < 3.8.17 - Authenticated Stored Cross-Site Scripting via User Management UI
CVSS 3.1
CVE-2021-29503 HIGH
HedgeDoc < 1.8.2 - Cross-Site Scripting via YAML Metadata in Note Open Graph Section
CVSS 8.1
CVE-2021-29467 MEDIUM
wrongthink < 2.4.1 - Stored Cross-Site Scripting via Fingerprint Check
CVSS 6.1
CVE-2021-29438 MEDIUM
Nextcloud Dialogs < 3.1.2 - Cross-Site Scripting via Toast Input
CVSS 4.6
CVE-2021-1420 MEDIUM
Cisco Webex Meetings - Unauthenticated Stored Cross-Site Scripting via Parameter Injection
CVSS 4.7
CVE-2021-1351 MEDIUM
Cisco Webex Meetings - Unauthenticated Stored Cross-Site Scripting
CVSS 6.1
CVE-2020-26067 MEDIUM
Cisco Webex Teams - Authenticated Stored Cross-Site Scripting via Username
CVSS 5.4
CVE-2020-36544 LOW
SialWeb CMS - Cross-Site Scripting in Search Handler
CVSS 3.5
CVE-2020-36196 MEDIUM
QuLog Center < 1.2.0 - Stored Cross-Site Scripting
CVSS 6.1
CVE-2020-2502 MEDIUM
QNAP Photo Station < 6.0.11 - Cross-Site Scripting
CVSS 6.1
CVE-2020-13564 MEDIUM
phpGACL 3.3.7 - Cross-Site Scripting via Template acl_id Parameter
CVSS 6.1
CVE-2020-13563 MEDIUM
phpGACL 3.3.7 - Cross-Site Scripting via Template Group ID Parameter
CVSS 6.1
CVE-2020-13562 MEDIUM
phpGACL 3.3.7 - Cross-Site Scripting via Template Action Parameter
CVSS 6.1
CVE-2020-2503 CRITICAL
QNAP QES < 2.1.1 - Stored Cross-Site Scripting in File Station
CVSS 9.0
CVE-2020-2498 MEDIUM
QNAP QTS and QuTS hero - Stored Cross-Site Scripting in Certificate Configuration
CVSS 6.1
CVE-2020-2497 MEDIUM
QNAP QTS and QuTS hero - Stored Cross-Site Scripting in System Connection Logs
CVSS 6.1
CVE-2020-2496 MEDIUM
QNAP QTS and QuTS hero - Cross-Site Scripting in File Station
CVSS 6.1
Details
Vulnerabilities 538
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits