Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-80

CWE-80

High likelihood

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Parent: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.

517 vulnerabilities with CWE-80

CVE-2026-32891 CRITICAL

Anchorr Privilege Escalation: Jellyseerr User → Anchorr Admin via Stored XSS

CVE-2026-29106 MEDIUM

SuiteCRM has blind XSS in return_id parameter

CVE-2026-32753 HIGH

FreeScout: Stored XSS through SVG file upload with filter bypass

CVE-2026-27166 MEDIUM

Discourse vulnerable to HTML injection via prohibited iframe URLs

CVE-2026-28499 MEDIUM

LeafKit's HTML escaping may be skipped for Collection values, enabling XSS

CVE-2026-32732 NONE

@leanprover/unicode-input-component <0.2.0 - XSS

CVE-2026-20070 MEDIUM

Cisco ASA/FTD - XSS

CVE-2026-28132 MEDIUM

WooCommerce Photo Reviews <=1.4.4 - XSS

CVE-2026-27578 MEDIUM

n8n <2.10.1/2.9.3/1.123.22 - XSS

CVE-2026-27116 MEDIUM

Vikunja <2.0.0 - XSS

CVE-2026-27458 MEDIUM

LinkAce <=2.4.2 - Stored XSS

CVE-2026-25006 MEDIUM

8theme XStore <=9.6.4 - XSS

CVE-2026-22422 MEDIUM

Everest Forms <=3.4.1 - XSS

CVE-2026-25935 MEDIUM

Code.vikunja.io API - Basic XSS

CVE-2026-1282 LOW

Gitlab < 18.6.6 - Basic XSS

CVE-2026-25764 LOW

Openproject < 16.6.7 - Basic XSS

CVE-2026-22254 NONE

Winter Wn-cms-module < 1.2.10 - Basic XSS

CVE-2026-25578 MEDIUM

Navidrome < 0.60.0 - Basic XSS

CVE-2026-25054 MEDIUM

N8n < 1.123.9 - Basic XSS

CVE-2026-24128 MEDIUM

XWiki Platform <17.7.0 - XSS

CVE-2026-24564 MEDIUM

Israpil Textmetrics <3.6.3 - Code Injection

CVE-2026-22469 MEDIUM

mwtemplates <1.0.2 - XSS

CVE-2026-1154 MEDIUM

Janobe E-learning System - Basic XSS

CVE-2026-23528 MEDIUM

Dask distributed <2026.1.0 - XSS

CVE-2026-20047 MEDIUM

Cisco ISE/PIC - XSS

Previous Page 2 of 21 Next

Details

Vulnerabilities 517

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy