Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-80

CWE-80

High likelihood

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Parent: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.

538 vulnerabilities with CWE-80

CVE-2025-11966 MEDIUM

Eclipse Vert.x 4.0.0-4.5.21 and 5.0.0-5.0.4 - Stored Cross-Site Scripting via Directory Listing Filename Injection

CVE-2025-62418 MEDIUM

Bagisto < 2.3.8 - Stored Cross-Site Scripting via SVG File Upload

CVE-2025-62415 MEDIUM

Bagisto < 2.3.8 - Authenticated Stored Cross-Site Scripting via TinyMCE Image Upload

CVE-2025-62414 MEDIUM

Bagisto < 2.3.8 - Stored Cross-Site Scripting in Admin Create Customer Form

CVE-2025-0277 MEDIUM

HCL BigFix Mobile < 3.3 - Cross-Site Scripting via Insecure CSP Directives

CVE-2025-0276 MEDIUM

HCL BigFix Modern Client Management < 3.3 - Cross-Site Scripting via Insecure CSP Directives

CVE-2025-11161 MEDIUM

WPBakery Page Builder <= 8.6.1 - Authenticated Stored Cross-Site Scripting via vc_custom_heading Shortcode

CVE-2025-11160 MEDIUM

WPBakery Page Builder <= 8.6.1 - Authenticated Stored Cross-Site Scripting via Custom JS Module

CVE-2025-62172 HIGH

Pypi Homeassistant < 2025.10.2 - Basic XSS

CVE-2025-31992 MEDIUM

HCL MaxAI Assistant - Cross-Site Scripting

CVE-2025-10496 HIGH

Cookie Notice & Consent <1.6.5 - XSS

CVE-2025-52654 MEDIUM

HCL MyXalytics 6.6 - HTML Injection

CVE-2025-11241 MEDIUM

Yoast SEO Premium 25.7-25.9 - Stored Cross-Site Scripting via Flawed Attribute Regex

CVE-2025-61583 MEDIUM

ts3_manager < 2.2.2 - Reflected Cross-Site Scripting via Login Page Error Handling

CVE-2025-58054 LOW

Discourse < 3.5.1 - Stored Cross-Site Scripting via Chat Channel and Thread Title Quote

CVE-2025-10128 MEDIUM

Eulerpool Research Systems <4.0.1 - XSS

CVE-2025-60100 MEDIUM

8theme XStore < 9.6 - Stored Cross-Site Scripting

CVE-2025-59573 MEDIUM

CozyBlocks <2.1.29 - Code Injection

CVE-2025-57928 MEDIUM

Strategy11 Team AWP Classifieds <4.3.5 - Basic XSS

CVE-2025-10125 MEDIUM

Memberlite Shortcodes <= 1.4 - Authenticated Stored Cross-Site Scripting via Row Shortcode Attributes

CVE-2025-58430 MEDIUM

listmonk <= 1.1.0 - Cross-Site Scripting via Nonce Bypass

CVE-2025-20342 MEDIUM

Cisco Unified Computing System (Managed) - Authenticated Stored Cross-Site Scripting via vKVM Data Field

CVE-2025-6247 MEDIUM

WordPress Automatic Plugin <3.118.0 - CSRF

CVE-2025-51989 HIGH

Evolution Consulting Kft. HRmaster <v235 - Code Injection

CVE-2025-57730 MEDIUM

JetBrains IntelliJ IDEA < 2025.2.0 - HTML Injection via Remote Development Feature

Previous Page 6 of 22 Next

Details

Vulnerabilities 538

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy