CWE-80

High likelihood

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Parent: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.

538 vulnerabilities with CWE-80
CVE-2025-55291 HIGH
Shaarli < 0.15.0 - Reflected Cross-Site Scripting via Cloud Tag Page
CVSS 7.1
CVE-2025-54421 HIGH
NamelessMC < 2.2.4 - Authenticated Cross-Site Scripting via Default Keywords Parameter
CVSS 7.2
CVE-2025-54117 CRITICAL
NamelessMC < 2.2.4 - Authenticated Cross-Site Scripting via Dashboard Text Editor
CVSS 9.0
CVE-2025-55672 MEDIUM
Apache Superset < 5.0.0 - Authenticated Stored Cross-Site Scripting in Chart Column Label
CVSS 5.4
CVE-2025-54698 MEDIUM
RadiusTheme Classified Listing <5.0.0 - Basic XSS
CVSS 5.4
CVE-2025-8621 MEDIUM
Mosaic Generator <= 1.0.5 - Authenticated Stored Cross-Site Scripting via 'c' Parameter
CVSS 6.4
CVE-2025-20331 MEDIUM
Cisco Identity Services Engine Software - Authenticated Stored Cross-Site Scripting
CVSS 5.4
CVE-2025-54789 MEDIUM
humhub/files < 0.16.10 - Stored Cross-Site Scripting via File Move Functionality
CVSS 6.1
CVE-2025-54589 MEDIUM
copyparty < 1.18.7 - Reflected Cross-Site Scripting via Recent Uploads Filter Parameter
CVSS 6.3
CVE-2025-52897 MEDIUM
GLPI 9.1.0-10.0.18 - Unauthenticated Cross-Site Scripting via Planning Feature
CVSS 6.5
CVE-2025-27514 MEDIUM
GLPI 9.5.0-10.0.18 - Stored Cross-Site Scripting in Project Kanban
CVSS 4.5
CVE-2025-54414 MEDIUM
Anubis < 1.21.3 - Open Redirect via Pass-Challenge Redir Parameter
CVE-2025-8029 HIGH
Firefox and Thunderbird < 128.13.0 and < 141.0 - Cross-Site Scripting via JavaScript URLs in Object and Embed Tags
CVSS 8.1
CVE-2025-53835 CRITICAL
XWiki 5.4.5-14.10 - Stored Cross-Site Scripting via Raw Block HTML Injection
CVSS 9.0
CVE-2025-31326 MEDIUM
SAP BusinessObjects - HTML Injection
CVSS 4.1
CVE-2025-27358 MEDIUM
N-Media Frontend File Manager <23.2 - XSS
CVSS 4.6
CVE-2025-2895 MEDIUM
IBM Cloud Pak System 2.3.3.6-2.3.4.1 - Cross-Site Scripting
CVSS 5.4
CVE-2025-53093 HIGH
StarCitizenTools TabberNeue 3.0.0-3.1.0 - Stored Cross-Site Scripting via Tabber Tag Attribute Injection
CVSS 8.6
CVE-2025-52902 HIGH
filebrowser < 2.33.7 - Stored Cross-Site Scripting in Markdown Preview
CVSS 7.6
CVE-2025-4367 MEDIUM
Download Manager <= 3.3.18 - Authenticated Stored Cross-Site Scripting via wpdm_user_dashboard Shortcode
CVSS 6.4
CVE-2025-4278 HIGH
GitLab 18.0.0-18.0.1 - HTML Injection in New Search Page
CVSS 8.7
CVE-2025-49137 HIGH
PSU Haxcms-nodejs < 11.0.0 - Basic XSS
CVSS 8.5
CVE-2025-5686 MEDIUM
Paged Gallery <= 0.7 - Authenticated Stored Cross-Site Scripting via Gallery Shortcode
CVSS 6.4
CVE-2025-23393 MEDIUM
SUSE Manager Server Module 4.3 < 4.3.85-150400.3.105.3 - Cross-Site Scripting in spacewalk-java
CVSS 5.2
CVE-2025-23392 MEDIUM
SUSE Manager Server Module < 4.3.85-150400.3.105.3 - Cross-Site Scripting
CVSS 5.2
Details
Vulnerabilities 538
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits