Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-80

CWE-80

High likelihood

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Parent: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.

538 vulnerabilities with CWE-80

CVE-2026-28132 MEDIUM

WooCommerce Photo Reviews <=1.4.4 - XSS

CVE-2026-27578 MEDIUM

n8n <2.10.1/2.9.3/1.123.22 - XSS

CVE-2026-27116 MEDIUM

vikunja/vikunja < 2.0.0 - Reflected HTML Injection via Projects Filter Parameter

CVE-2026-27458 MEDIUM

LinkAce < 2.4.3 - Authenticated Stored Cross-Site Scripting via List Description in Atom Feed

CVE-2026-25006 MEDIUM

XStore <= 9.6.4 - Code Injection via Improper Neutralization of Script-Related HTML Tags

CVE-2026-22422 MEDIUM

Everest Forms <= 3.4.1 - Code Injection via Improper Neutralization of Script-Related HTML Tags

CVE-2026-25935 MEDIUM

vikunja/vikunja < 1.1.0 - Stored Cross-Site Scripting via Task Description Hover

CVE-2026-1282 LOW

GitLab 18.6.0-18.6.5, 18.7.0-18.7.3, 18.8.0-18.8.3 - Authenticated Stored Cross-Site Scripting in Project Label Titles

CVE-2026-25764 LOW

OpenProject < 16.6.7 - Authenticated HTML Injection in Time Tracking Work Package Name

CVE-2026-22254 NONE

Winter CMS < 1.2.10 - Authenticated Stored Cross-Site Scripting via SVG Upload

CVE-2026-25578 MEDIUM

navidrome < 0.60.0 - Stored Cross-Site Scripting via Song Comment Metadata

CVE-2026-25054 MEDIUM

n8n < 1.123.9 and 2.0.0-2.2.1 - Authenticated Stored Cross-Site Scripting in Markdown Renderer

CVE-2026-24128 MEDIUM

XWiki Platform 7.0-milestone-2-16.10.11, 17.0.0-rc-1-17.4.4, 17.5.0-rc-1-17.7.0 - Reflected Cross-Site Scripting

CVE-2026-24564 MEDIUM

Israpil Textmetrics <3.6.3 - Code Injection

CVE-2026-22469 MEDIUM

DeepDigital <= 1.0.2 - Code Injection via Arbitrary Shortcode Execution

CVE-2026-1154 MEDIUM

SourceCodester E-Learning System 1.0 - Cross-Site Scripting via Lesson Module Title/Description

CVE-2026-23528 MEDIUM

Dask distributed < 2026.1.0 - Cross-Site Scripting via Jupyter Lab Dashboard Proxy

CVE-2026-20047 MEDIUM

Cisco Identity Services Engine - Authenticated Stored Cross-Site Scripting in Web Management Interface

CVE-2025-71310 LOW

Backdropcms Gdpr Cookies Module For Backdrop Cms < 1.x-1.3.5 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

CVE-2025-15345 MEDIUM

MapGeo - Interactive Geo Maps <= 1.6.27 - Reflected Cross-Site Scripting via 'map' Parameter

CVE-2025-59854 LOW

HCL DFXAnalytics is affected by an Insecure Security Header Configuration vulnerability

CVE-2025-66486 MEDIUM

IBM Aspera Shares 1.9.9-1.11.0 - HTML Injection

CVE-2025-59540 MEDIUM

Chamilo LMS < 1.11.34 - Stored Cross-Site Scripting in Exercise History Feedback

CVE-2025-52564 MEDIUM

Chamilo LMS < 1.11.30 - Cross-Site Scripting via help.php Open Parameter

CVE-2025-52563 MEDIUM

Chamilo LMS < 1.11.30 - Reflected Cross-Site Scripting via Page Parameter

Previous Page 3 of 22 Next

Details

Vulnerabilities 538

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy