Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-80

CWE-80

High likelihood

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Parent: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.

538 vulnerabilities with CWE-80

CVE-2025-27099 MEDIUM

Tuleap < 16.3-10 and < 16.4.99.1740067916 - Cross-Site Scripting via Tracker Name in Semantic Timeframe Deletion Message

CVE-2025-1807 LOW

Eastnets PaymentSafe <2.5.26.0 - XSS

CVE-2025-22274 LOW

CyberArk Endpoint Privilege Manager <24.7.1 - XSS

CVE-2025-25299 LOW

CKEditor 5 Real-Time Collaboration 41.3.0-44.2.0 - Cross-Site Scripting in User Markers

CVE-2025-22402 LOW

Dell Update Manager Plugin 1.5.0-1.6.0 - Cross-Site Scripting

CVE-2025-24680 HIGH

WP Multi Store Locator <= 2.4.7 - Reflected Cross-Site Scripting

CVE-2025-24678 MEDIUM

Listamester <= 2.3.4 - Stored Cross-Site Scripting

CVE-2025-24673 MEDIUM

AyeCode Ltd Ketchup Shortcodes <0.1.2 - XSS

CVE-2025-23919 MEDIUM

Ella van Durpe Slides & Presentations <0.0.39 - Basic XSS

CVE-2025-21612 HIGH

TabberNeue 1.9.1-2.7.1 - Cross-Site Scripting in TabberTransclude.php

CVE-2024-49343 MEDIUM

IBM Informix Dynamic Server 12.10 and 14.10 - Cross-Site Scripting

CVE-2024-51475 MEDIUM

IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 - HTML Injection

CVE-2024-13497 HIGH

Tripetto WordPress Plugin < 8.0.9 - Unauthenticated Stored Cross-Site Scripting via Attachment Uploads

CVE-2024-34398 MEDIUM

BMC Remedy Mid Tier <7.6.04 - Info Disclosure

CVE-2024-49337 MEDIUM

IBM OpenPages with Watson 8.3-8.3.0.2 - Authenticated HTML Injection in Workflow Email Notifications

CVE-2024-13704 HIGH

Super Testimonials <= 4.0.1 - Unauthenticated Stored Cross-Site Scripting via st_user_title Parameter

CVE-2024-46910 HIGH

Apache Atlas < 2.4.0 - Authenticated Cross-Site Scripting

CVE-2024-38318 MEDIUM

IBM Aspera Shares <1.9.0-1.10.0 PL6 - XSS

CVE-2024-57004 MEDIUM

Roundcube Webmail 1.6.9 - Authenticated Stored Cross-Site Scripting via Email Attachment

CVE-2024-11954 LOW

pimcore 11.4.2 - Cross-Site Scripting in Search Document

CVE-2024-35112 MEDIUM

IBM Control Center 6.2.1 and 6.3.1 - Information Disclosure via Detailed Error Messages

CVE-2024-39363 CRITICAL

Wavlink AC3000 M33A8.V5030.210505 - Unauthenticated Cross-Site Scripting in login.cgi set_lang_CountryCode()

CVE-2024-52967 LOW

FortiPortal 6.0.0-6.0.14 - Cross-Site Scripting via HTML Injection

CVE-2024-51472 LOW

IBM UrbanCode Deploy 7.2-7.2.3.13 and IBM DevOps Deploy 8.0-8.0.1.3 - HTML Injection in Web UI

CVE-2024-56199 MEDIUM

phpMyFAQ 3.2.10-4.0.2 - Stored Cross-Site Scripting in FAQ Editor

Previous Page 9 of 22 Next

Details

Vulnerabilities 538

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy