Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-80

CWE-80

High likelihood

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Parent: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.

538 vulnerabilities with CWE-80

CVE-2025-11267 MEDIUM

VK All in One Expansion Unit <9.112.1 - XSS

CVE-2025-11265 MEDIUM

VK All in One Expansion Unit <9.112.1 - XSS

CVE-2025-8386 MEDIUM

AVEVA Application Server - Authenticated XSS via App Objects Help Files

CVE-2025-13180 LOW

Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System < 20250320 - Cross-Site Scripting

CVE-2025-13178 LOW

Bdtask SalesERP < 2025-10-24 - Cross-Site Scripting via User Profile Handler

CVE-2025-54348 MEDIUM

Desktop Alert PingAlert Application Server 6.1.0.11-6.1.1.2 - Stored Cross-Site Scripting

CVE-2025-54346 HIGH

Desktop Alert PingAlert Application Server 6.1.0.11-6.1.1.2 - Reflected Cross-Site Scripting

CVE-2025-12753 MEDIUM

Chart Expert <= 1.0 - Authenticated Stored Cross-Site Scripting via pmzez_chart Shortcode

CVE-2025-11874 MEDIUM

Slippy Slider <= 2.0 - Authenticated Stored XSS via Shortcode Attributes

CVE-2025-64187 MEDIUM

OctoPrint < 1.11.4 - Stored Cross-Site Scripting via Action Command Notifications

CVE-2025-33110 MEDIUM

IBM OpenPages 9.0-9.1 - Cross-Site Scripting

CVE-2025-60244 HIGH

RealMag777 TableOn <= 1.0.5.1 - Code Injection via Improper HTML Tag Neutralization

CVE-2025-49398 MEDIUM

Easy Appointments <= 3.12.14 - Cross-Site Scripting

CVE-2025-11745 MEDIUM

Ad Inserter - Ad Manager & AdSense Ads <2.8.7 - XSS

CVE-2025-11987 MEDIUM

Visual Link Preview <= 2.2.7 - Authenticated Stored Cross-Site Scripting via Shortcode Attributes

CVE-2025-48884 MEDIUM

Galette < 1.2.0 - Cross-Site Scripting in Document Type

CVE-2025-53883 CRITICAL

Container suse/manager/5.0/x86_64/server:latest - Basic XSS

CVE-2025-39663 HIGH

Checkmk < 2.4.0p14, 2.3.0p39, 2.2.0, 2.1.0 - Cross-Site Scripting via Service Output Injection

CVE-2025-62796 MEDIUM

PrivateBin 1.7.7-2.0.1 - Persistent HTML Injection via Attachment Filename

CVE-2025-36121 MEDIUM

IBM OpenPages 9.0-9.1 - Authenticated HTML Injection

CVE-2025-62936 MEDIUM

Jthemes xSmart <= 1.2.9.4 - Basic XSS

CVE-2025-62897 MEDIUM

Brecht WP Recipe Maker <10.1.1 - Basic XSS

CVE-2025-11823 MEDIUM

ShopLentor < 3.2.4 - Authenticated Stored Cross-Site Scripting via wishsuite_button Shortcode

CVE-2025-11992 MEDIUM

Multi Item Responsive Slider <1.0 - CSRF

CVE-2025-58970 MEDIUM

AmentoTech Doctreat <=1.6.7 - Code Injection

Previous Page 5 of 22 Next

Details

Vulnerabilities 538

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy