CWE-80

High likelihood

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Parent: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.

538 vulnerabilities with CWE-80
CVE-2020-2495 MEDIUM
QNAP QTS and QuTS hero - Cross-Site Scripting in File Station
CVSS 6.1
CVE-2020-2494 MEDIUM
QNAP Music Station < 5.3.13 - Cross-Site Scripting
CVSS 6.1
CVE-2020-2493 MEDIUM
QNAP Multimedia Console < 1.1.5 - Cross-Site Scripting
CVSS 6.1
CVE-2020-2491 MEDIUM
QNAP Photo Station < 6.0.12 - Cross-Site Scripting
CVSS 6.1
CVE-2020-27126 MEDIUM
Cisco Webex Meetings - Unauthenticated Cross-Site Scripting via API Input
CVSS 6.1
CVE-2020-26218 HIGH
touchbase.ai < 2.0 - Cross-Site Scripting
CVSS 8.0
CVE-2020-15788 MEDIUM
Polarion Subversion Webclient - Cross-Site Scripting via Malicious URL Input
CVSS 6.1
CVE-2020-10043 MEDIUM
SICAM MMU < 2.05, SICAM SGU, SICAM T < 2.18 - Cross-Site Scripting via Malicious Link
CVSS 6.1
CVE-2020-4049 LOW
WordPress 3.7-5.4.1 - Stored Cross-Site Scripting via Theme Folder Name
CVSS 2.4
CVE-2020-4047 MEDIUM
WordPress 3.7-5.4.1 - Authenticated Stored Cross-Site Scripting via Media File Attachment
CVSS 6.8
CVE-2020-4046 MEDIUM
WordPress 3.7-5.4.1 - Authenticated Stored Cross-Site Scripting via Embed Block
CVSS 5.4
CVE-2020-13965 MEDIUM KEV
Roundcube Webmail < 1.3.12 and 1.4.x < 1.4.5 - Stored Cross-Site Scripting via XML Attachment Preview
CVSS 6.1
CVE-2020-11001 MEDIUM
Wagtail 1.9-2.7.1 - Stored Cross-Site Scripting in Page Revision Comparison View
CVSS 5.8
CVE-2020-7575 MEDIUM
Climatix POL908 and POL909 < V11.32 - Stored Cross-Site Scripting via Web Server Access Log Page
CVSS 6.1
CVE-2020-5283 LOW
ViewVC < 1.1.28 - Cross-Site Scripting in CVS show_subdir_lastmod
CVSS 3.1
CVE-2020-8966 MEDIUM
Tiki-Wiki CMS < 20.0 - Cross-Site Scripting in PHP Webpages
CVSS 6.5
CVE-2020-5267 MEDIUM
ActionView < 5.2.4.2 - Cross-Site Scripting via JavaScript Literal Escape Helpers
CVSS 4.0
CVE-2020-7579 MEDIUM
Spectrum Power 5 < 5.50 HF02 - Cross-Site Scripting via Malicious Link
CVSS 6.1
CVE-2020-5241 HIGH
matestack-ui-core < 0.7.4 - Cross-Site Scripting
CVSS 7.7
CVE-2019-25070 LOW
WolfCMS <= 0.8.3.1 - Cross-Site Scripting in User Add Component
CVSS 3.5
CVE-2019-25028 MEDIUM
com.vaadin:vaadin-server <8.8.4 - XSS
CVSS 5.4
CVE-2019-18944 MEDIUM
Micro Focus Solutions Business Manager Application Repository <11.7...
CVSS 4.9
CVE-2019-19285 MEDIUM
XHQ < 6.1.0.0 - Cross-Site Scripting via Malicious Link
CVSS 5.4
CVE-2019-6585 MEDIUM
SCALANCE S602/S612/S623/S627-2M Firmware 3.0-4.1 Authenticated Stored XSS via Configuration Web Server
CVSS 6.1
CVE-2019-13931 MEDIUM
Siemens XHQ < 6.0.0.2 - Authenticated Cross-Site Scripting
CVSS 5.4
Details
Vulnerabilities 538
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits