CWE-80

High likelihood

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Parent: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.

538 vulnerabilities with CWE-80
CVE-2019-13923 CRITICAL
IE/WSN-PA Link WirelessHART Gateway - XSS
CVSS 9.6
CVE-2019-5450 MEDIUM
Nextcloud Android App < 3.7.0 - Stored Cross-Site Scripting via Directory Name HTML Injection
CVSS 6.8
CVE-2019-1010018 MEDIUM
Zammad < 2.3.1, 2.2.2, 2.1.3 - Cross-Site Scripting via Ticket View
CVSS 6.1
CVE-2019-10933 MEDIUM
Spectrum Power 3 <= 3.11, 4 < 4.75, 5 < 5.50, 7 <= 2.20 - Unauthenticated Cross-Site Scripting
CVSS 6.1
CVE-2019-6577 MEDIUM
SIMATIC HMI Panels & WinCC < 15.1 - Cross-Site Scripting via SNMP
CVSS 5.4
CVE-2018-25039 LOW
Thomson TCW710 ST5D.10.05 - Stored Cross-Site Scripting via BasicParentalNewKeyword Parameter
CVSS 3.5
CVE-2018-25038 LOW
Thomson TCW710 ST5D.10.05 - Stored Cross-Site Scripting via PppUserName Parameter
CVSS 3.5
CVE-2018-25037 LOW
Thomson TCW710 ST5D.10.05 - Stored Cross-Site Scripting via DdnsHostName Parameter
CVSS 3.5
CVE-2018-25036 LOW
Thomson TCW710 ST5D.10.05 - Stored Cross-Site Scripting via TimeServer Parameter
CVSS 3.5
CVE-2018-25035 LOW
Thomson TCW710 ST5D.10.05 - Stored Cross-Site Scripting via EmailAddress/SmtpServerName Parameter
CVSS 3.5
CVE-2018-25034 LOW
Thomson TCW710 ST5D.10.05 - Stored Cross-Site Scripting via ServiceSetIdentifier Parameter
CVSS 3.5
CVE-2018-19942 MEDIUM
QTS < 4.2.6 - Cross-Site Scripting in File Station
CVSS 6.1
CVE-2018-19956 MEDIUM
QNAP Systems Inc. Photo Station <5.7.11, <6.0.10 - XSS
CVSS 6.1
CVE-2018-19955 MEDIUM
QNAP Systems Inc. Photo Station <5.7.11, <6.0.10 - XSS
CVSS 6.1
CVE-2018-19954 MEDIUM
QNAP Systems Inc. Photo Station <5.7.11, <6.0.10 - XSS
CVSS 6.1
CVE-2018-19952 HIGH
QNAP Music Station < 5.3.11 - SQL Injection
CVSS 7.5
CVE-2018-19951 MEDIUM
QNAP Systems Inc. Music Station <5.1.13, <5.2.9, <5.3.11 - XSS
CVSS 6.1
CVE-2018-19953 MEDIUM KEV
QNAP QTS < 4.2.6 - Cross-Site Scripting
CVSS 6.1
CVE-2018-19943 HIGH KEV
QNAP QTS < 4.2.6 - Cross-Site Scripting
CVSS 8.0
CVE-2018-16555 MEDIUM
SCALANCE S602, S612, S623, S627-2M < V4.0.1.1 - Authenticated Stored Cross-Site Scripting
CVSS 5.4
CVE-2018-4848 MEDIUM
SCALANCE X-200, X-200IRT, X-200RNA, X-300 - Cross-Site Scripting via Malicious Link
CVSS 6.1
CVE-2017-20140 MEDIUM
Itech Movie Portal Script 7.36 - XSS
CVSS 4.3
CVE-2017-20122 LOW
Bitrix Site Manager 12.06.2015 - XSS
CVSS 3.5
CVE-2017-20118 LOW
TrueConf Server < 5.0.2 - Cross-Site Scripting via /admin/conferences/list/ domxss Parameter
CVSS 3.5
CVE-2017-20117 LOW
TrueConf Server < 5.0.2 - Cross-Site Scripting in /admin/group
CVSS 3.5
Details
Vulnerabilities 538
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits