CWE-80— Improper Neutralization of Script-Related HTML Tags
522 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-80page 1 of 11
- CVE-2001-0829NONECVSS 0.0EG 0.02001-12-06
A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.
- CVE-2003-5003MEDIUMCVSS 5.0EG 6.12022-03-28
A vulnerability was found in ISS BlackICE PC Protection. It has been rated as problematic. Affected by this issue is the Update Handler. The manipulation with an unknown input leads to cross site scripting. The attack may be launched remot…
- CVE-2005-3745NONECVSS 0.0EG 0.02005-11-22
Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request han…
- CVE-2006-0149MEDIUMCVSS 6.1EG 6.12006-01-09
Cross-site scripting (XSS) vulnerability in SimpBook 1.0, with html_enable on (the default), allows remote attackers to inject arbitrary web script or HTML via the message field.
- CVE-2007-3383NONECVSS 0.0EG 0.02007-07-25
Cross-site scripting (XSS) vulnerability in SendMailServlet in the examples web application (examples/jsp/mail/sendmail.jsp) in Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.36 allows remote attackers to inject arbitrary web scri…
- CVE-2007-3384NONECVSS 0.0EG 0.02007-08-08
Multiple cross-site scripting (XSS) vulnerabilities in examples/servlet/CookieExample in Apache Tomcat 3.3 through 3.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Value field, related to error me…
- CVE-2008-10001MEDIUMCVSS 5.5EG 6.12022-03-28
A vulnerability, which was classified as problematic, has been found in Pro2col Stingray FTS. The manipulation of the argument Username leads to cross site scripting. The attack may be initiated remotely. It is recommended to upgrade the a…
- CVE-2014-2353NONECVSS 0.0EG 0.02014-05-30
Cross-site scripting (XSS) vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2016-9493MEDIUMCVSS 6.1EG 6.12018-07-13
The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to stored cross-site scripting. In the generated form.lib.php file, upload file types are checked against a hard-coded list of dangerous extensions. This …
- CVE-2016-9500MEDIUMCVSS 6.1EG 6.12018-07-13
Accellion FTP server prior to version FTA_9_12_220 uses the Accusoft Prizm Content flash component, which contains multiple parameters (customTabCategoryName, customButton1Image) that are vulnerable to cross-site scripting.
- CVE-2017-16015MEDIUMCVSS 6.1EG 6.12018-06-04
Forms is a library for easily creating HTML forms. Versions before 1.3.0 did not have proper html escaping. This means that if the application did not sanitize html on behalf of forms, use of forms may be vulnerable to cross site scripting
- CVE-2017-16043MEDIUMCVSS 6.1EG 6.12018-06-04
Shout is an IRC client. Because the `/topic` command in messages is unescaped, attackers have the ability to inject HTML scripts that will run in the victim's browser. Affects shout >=0.44.0 <=0.49.3.
- CVE-2017-20026MEDIUMCVSS 4.3EG 6.12022-06-09
A vulnerability has been found in HumHub up to 1.0.1 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting (Reflected). The attack can be launched remotely…
- CVE-2017-20027MEDIUMCVSS 4.3EG 6.12022-06-09
A vulnerability was found in HumHub up to 1.0.1 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting (DOM). The attack may be launched remotely. The exploit has…
- CVE-2017-20033MEDIUMCVSS 4.3EG 6.12022-06-10
A vulnerability classified as problematic has been found in PHPList 3.2.6. This affects an unknown part of the file /lists/admin/. The manipulation of the argument page with the input send\'\";><script>alert(8)</script> leads to cross site…
- CVE-2017-20034LOWCVSS 3.5EG 5.42022-06-10
A vulnerability classified as problematic was found in PHPList 3.2.6. This vulnerability affects unknown code of the file /lists/admin/ of the component List Name. The manipulation leads to cross site scripting (Persistent). The attack can…
- CVE-2017-20035LOWCVSS 3.5EG 5.42022-06-10
A vulnerability, which was classified as problematic, has been found in PHPList 3.2.6. This issue affects some unknown processing of the file /lists/admin/ of the component Subscribe. The manipulation leads to cross site scripting (Persist…
- CVE-2017-20036LOWCVSS 3.5EG 5.42022-06-10
A vulnerability, which was classified as problematic, was found in PHPList 3.2.6. Affected is an unknown function of the file /lists/admin/ of the component Bounce Rule. The manipulation leads to cross site scripting (Persistent). It is po…
- CVE-2017-20043MEDIUMCVSS 4.3EG 5.42022-06-13
A vulnerability was found in Navetti PricePoint 4.6.0.0 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting (Persistent). The attack may be launched remo…
- CVE-2017-20044MEDIUMCVSS 4.3EG 5.42022-06-13
A vulnerability was found in Navetti PricePoint 4.6.0.0. It has been classified as problematic. This affects an unknown part. The manipulation leads to basic cross site scripting (Reflected). It is possible to initiate the attack remotely.…
- CVE-2017-20054LOWCVSS 3.5EG 5.42022-06-16
A vulnerability was found in XYZScripts Contact Form Manager Plugin. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. The attack may be launched r…
- CVE-2017-20055LOWCVSS 3.5EG 5.42022-06-16
A vulnerability classified as problematic has been found in BestWebSoft Contact Form Plugin 4.0.0. This affects an unknown part. The manipulation leads to basic cross site scripting (Stored). It is possible to initiate the attack remotely.…
- CVE-2017-20056LOWCVSS 3.5EG 5.42022-06-16
A vulnerability was found in weblizar User Login Log Plugin 2.2.1. It has been classified as problematic. Affected is an unknown function. The manipulation leads to basic cross site scripting (Stored). It is possible to launch the attack r…
- CVE-2017-20057MEDIUMCVSS 4.3EG 4.32022-06-20
A vulnerability classified as problematic has been found in Elefant CMS 1.3.12-RC. Affected is an unknown function. The manipulation of the argument username leads to basic cross site scripting (Persistent). It is possible to launch the at…
- CVE-2017-20058MEDIUMCVSS 4.3EG 4.32022-06-20
A vulnerability classified as problematic was found in Elefant CMS 1.3.12-RC. Affected by this vulnerability is an unknown functionality of the component Version Comparison. The manipulation leads to basic cross site scripting (Persistent)…
- CVE-2017-20059LOWCVSS 3.5EG 3.52022-06-20
A vulnerability, which was classified as problematic, has been found in Elefant CMS 1.3.12-RC. Affected by this issue is some unknown functionality of the component Title Handler. The manipulation with the input </title><img src=no onerror…
- CVE-2017-20060LOWCVSS 3.5EG 3.52022-06-20
A vulnerability, which was classified as problematic, was found in Elefant CMS 1.3.12-RC. This affects an unknown part of the component Blog Post Handler. The manipulation leads to basic cross site scripting (Persistent). It is possible to…
- CVE-2017-20061MEDIUMCVSS 4.3EG 4.32022-06-20
A vulnerability has been found in Elefant CMS 1.3.12-RC and classified as problematic. This vulnerability affects unknown code of the file /admin/extended. The manipulation of the argument name with the input %3Cimg%20src=no%20onerror=aler…
- CVE-2017-20085LOWCVSS 3.5EG 5.42022-06-23
A vulnerability has been found in Atahualpa Theme and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to basic cross site scripting. The attack can be launched remotely.
- CVE-2017-20087LOWCVSS 3.5EG 6.12022-06-23
A vulnerability, which was classified as problematic, has been found in Alpine PhotoTile for Instagram Plugin 1.2.7.7. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. The attack m…
- CVE-2017-20089LOWCVSS 3.5EG 6.12022-06-23
A vulnerability was found in Gwolle Guestbook Plugin 1.7.4. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to basic cross site scripting. The attack may be initiated remotely.
- CVE-2017-20092LOWCVSS 3.5EG 6.12022-06-24
A vulnerability classified as problematic was found in Google Analytics Dashboard Plugin 2.1.1. Affected by this vulnerability is an unknown functionality. The manipulation leads to basic cross site scripting. The attack can be launched re…
- CVE-2017-20094LOWCVSS 3.5EG 5.42022-06-24
A vulnerability, which was classified as problematic, has been found in NewStatPress Plugin 1.2.4. This issue affects some unknown processing. The manipulation leads to basic cross site scripting (Persistent). The attack may be initiated r…
- CVE-2017-20096LOWCVSS 3.5EG 6.12022-06-24
A vulnerability classified as problematic has been found in WP-SpamFree Anti-Spam Plugin 2.1.1.4. This affects an unknown part. The manipulation leads to basic cross site scripting. It is possible to initiate the attack remotely.
- CVE-2017-20097LOWCVSS 3.5EG 6.12022-06-24
A vulnerability was found in WP-Filebase Download Manager Plugin 3.4.4. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. The attack may be launche…
- CVE-2017-20098LOWCVSS 3.5EG 4.82022-06-27
A vulnerability was found in Admin Custom Login Plugin 2.4.5.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to basic cross site scripting (Persistent). It is possible to launch the attack …
- CVE-2017-20100LOWCVSS 3.5EG 6.12022-06-27
A vulnerability was found in Air Transfer 1.0.14/1.2.1. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. The attack may be launched remotely. The …
- CVE-2017-20108LOWCVSS 3.5EG 5.42022-06-29
A vulnerability classified as problematic has been found in Easy Table Plugin 1.6. This affects an unknown part of the file /wordpress/wp-admin/options-general.php. The manipulation with the input "><script>alert(1)</script> leads to basic…
- CVE-2017-20113LOWCVSS 3.5EG 5.42022-06-29
A vulnerability, which was classified as problematic, was found in TrueConf Server 4.3.7. This affects an unknown part. The manipulation leads to basic cross site scripting (Stored). It is possible to initiate the attack remotely. The expl…
- CVE-2017-20114LOWCVSS 3.5EG 5.42022-06-29
A vulnerability has been found in TrueConf Server 4.3.7 and classified as problematic. This vulnerability affects unknown code of the file /admin/conferences/get-all-status/. The manipulation of the argument keys[] leads to basic cross sit…
- CVE-2017-20115LOWCVSS 3.5EG 5.42022-06-29
A vulnerability was found in TrueConf Server 4.3.7 and classified as problematic. This issue affects some unknown processing of the file /admin/conferences/list/. The manipulation of the argument sort leads to basic cross site scripting (R…
- CVE-2017-20116LOWCVSS 3.5EG 5.42022-06-29
A vulnerability was found in TrueConf Server 4.3.7. It has been classified as problematic. Affected is an unknown function of the file /admin/group/list/. The manipulation of the argument checked_group_id leads to basic cross site scriptin…
- CVE-2017-20117LOWCVSS 3.5EG 5.42022-06-29
A vulnerability was found in TrueConf Server 4.3.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/group. The manipulation leads to basic cross site scripting (DOM). The a…
- CVE-2017-20118LOWCVSS 3.5EG 5.42022-06-29
A vulnerability was found in TrueConf Server 4.3.7. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/conferences/list/. The manipulation of the argument domxss leads to basic cross s…
- CVE-2017-20122LOWCVSS 3.5EG 5.42022-06-30
A vulnerability classified as problematic was found in Bitrix Site Manager 12.06.2015. Affected by this vulnerability is an unknown functionality of the component Contact Form. The manipulation of the argument text with the input <img src=…
- CVE-2017-20140MEDIUMCVSS 4.3EG 6.12022-07-22
A vulnerability was found in Itech Movie Portal Script 7.36. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /movie.php. The manipulation of the argument f with the input <img src=i onerro…
- CVE-2018-16555MEDIUMCVSS 5.4EG 5.42018-12-13
A vulnerability has been identified in SCALANCE S602 (All versions < V4.0.1.1), SCALANCE S612 (All versions < V4.0.1.1), SCALANCE S623 (All versions < V4.0.1.1), SCALANCE S627-2M (All versions < V4.0.1.1). The integrated web server could a…
- CVE-2018-19942MEDIUMCVSS 6.1EG 6.12021-04-16
A cross-site scripting (XSS) vulnerability has been reported to affect earlier versions of File Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the fol…
- CVE-2018-19943HIGHCVSS 8.0EG 9.0⚠ KEV2020-10-28
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed these issues in the following QTS versions. QTS 4.4.2.1270 build 20200410 and later QTS 4.4.1.1261 build 20…
- CVE-2018-19951MEDIUMCVSS 6.1EG 6.12020-11-02
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. This issue affects: QNAP Systems Inc. Music Station versions prior to 5.1.13; versions prior to 5.2.9; versions prior to 5.3.11.
Map vulnerabilities like CWE-80 to your infrastructure
EchelonGraph correlates every CVE — across CWE-80 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →