Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-80

CWE-80

High likelihood

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Parent: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.

538 vulnerabilities with CWE-80

CVE-2025-33138 MEDIUM

IBM Aspera Faspex 5.0.0-5.0.12 - HTML Injection

CVE-2025-20267 MEDIUM

Cisco Identity Services Engine - Authenticated Stored Cross-Site Scripting

CVE-2025-4126 MEDIUM

EG-Series <= 2.1.1 - Authenticated Stored Cross-Site Scripting via Shortcode Title Attribute

CVE-2025-4168 MEDIUM

Subpage List <= 1.3.3 - Authenticated Stored Cross-Site Scripting via 'subpages' Shortcode

CVE-2025-3521 MEDIUM

Team Members - WordPress <3.4.0 - XSS

CVE-2025-39524 MEDIUM

bPlugins Html5 Audio Player <2.2.28 - XSS

CVE-2025-32027 MEDIUM

Yii < 1.1.31 - Reflected Cross-Site Scripting via Fallback Error Renderer

CVE-2025-32230 MEDIUM

Tutor LMS < 3.4.0 - Stored Cross-Site Scripting

CVE-2025-31384 HIGH

Aviplugins Videos < 1.0.5 - Reflected Cross-Site Scripting

CVE-2025-0272 MEDIUM

HCL DevOps Deploy 8.0.0.0-8.0.1.4 and HCL Launch 7.0.0.0-7.0.5.25 - HTML Injection in Web UI

CVE-2025-30676 MEDIUM

Apache OFBiz < 18.12.19 - Cross-Site Scripting

CVE-2025-30210 MEDIUM

Bruno < 1.39.1 - Stored Cross-Site Scripting via Environment Name Tooltip

CVE-2025-30161 MEDIUM

OpenEMR < 7.0.3 - Stored Cross-Site Scripting in Bronchitis Form

CVE-2025-31604 MEDIUM

Cal.com <= 1.0.0 - Stored Cross-Site Scripting

CVE-2025-31575 MEDIUM

Flag Icons <= 2.2 - Stored Cross-Site Scripting

CVE-2025-22501 HIGH

Improve My City <= 1.6 - Reflected Cross-Site Scripting

CVE-2025-31075 MEDIUM

videowhisper MicroPayments <2.9.29 - XSS

CVE-2025-1997 MEDIUM

IBM UrbanCode Deploy/DevOps Deploy <7.3.2.0 - XSS

CVE-2025-29426 MEDIUM

Code-projects Online Class and Exam Scheduling System V1.0 - Cross-Site Scripting via id and cys Parameters

CVE-2025-29427 MEDIUM

Online Class and Exam Scheduling System 1.0 - Cross-Site Scripting via member_first and member_last Parameters

CVE-2025-29430 MEDIUM

Online Class and Exam Scheduling System V1.0 - Cross-Site Scripting via id and rome Parameters

CVE-2025-29431 LOW

Code-projects Online Class and Exam Scheduling System V1.0 - Cross-Site Scripting via id, code, and name Parameters

CVE-2025-25363 MEDIUM

Thepluginpeople Enterprise Mail Handler < 4.1.69-dc - Basic XSS

CVE-2025-28015 MEDIUM

PHPGurukul User Registration & Login and User Management System V3.3 - Cross-Site Scripting via Edit Profile Parameters

CVE-2025-27155 MEDIUM

Pinecone < 218b2801995b174085cb1c8fafe2d3aa661f85bd - Stored Cross-Site Scripting

Previous Page 8 of 22 Next

Details

Vulnerabilities 538

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy