CWE-83
18 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-83page 1 of 1
- CVE-2020-14525LOWCVSS 3.5EG 3.52020-09-18
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a webpage that is served to other users.
- CVE-2022-39262MEDIUMCVSS 5.2EG 5.22022-11-03
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package, GLPI administrator can define rich-text content to be displayed on login page. The displayed content is can contains maliciou…
- CVE-2023-30958MEDIUMCVSS 4.7EG 4.72023-08-03
A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.225.0.
- CVE-2023-32070CRITICALCVSS 9.0EG 9.02023-05-10
XWiki Platform is a generic wiki platform. Prior to version 14.6-rc-1, HTML rendering didn't check for dangerous attributes/attribute values. This allowed cross-site scripting (XSS) attacks via attributes and link URLs, e.g., supported in …
- CVE-2023-37908CRITICALCVSS 9.0EG 9.02023-10-25
XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. The cleaning of attributes during XHTML rendering, introduced in version 14.6-rc-1, allowed the injection of arbitrary HTML co…
- CVE-2024-26283HIGHCVSS 7.8EG 7.82024-02-22
An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme. This vulnerability affects Firefox for iOS < 123.
- CVE-2024-52595HIGHCVSS 7.7EG 7.72024-11-19
lxml_html_clean is a project for HTML cleaning functionalities copied from `lxml.html.clean`. Prior to version 0.4.0, the HTML Parser in lxml does not properly handle context-switching for special HTML tags such as `<svg>`, `<math>` and `<…
- CVE-2024-9103MEDIUMCVSS 6.1EG 6.12025-03-24
Improper Neutralization of Script in Attributes in a Web Page vulnerability in Forcepoint Email Security (Blocked Messages module) allows Stored XSS. This issue affects Email Security through 8.5.5.
- CVE-2025-0125MEDIUMCVSS 6.9EG 0.02025-04-11
An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables a malicious authenticated read-write administrator to impersonate another legitimate authenticated PAN-OS ad…
- CVE-2025-0137MEDIUMCVSS 4.8EG 0.02025-05-14
An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables a malicious authenticated read-write administrator to impersonate another legitimate authenticated PAN-OS ad…
- CVE-2025-11682HIGHCVSS 7.1EG 0.02025-10-27
Stored cross-site scripting (XSS) vulnerability in the LMT Dashboard of the Perx Customer Engagement & Loyalty Platform allows an authenticated attacker to execute arbitrary JavaScript code in a victim's browser. The vulnerability is due t…
- CVE-2025-27145LOWCVSS 3.6EG 3.62025-02-25
copyparty, a portable file server, has a DOM-based cross-site scripting vulnerability in versions prior to 1.16.15. The vulnerability is considered low-risk. By handing someone a maliciously-named file, and then tricking them into dragging…
- CVE-2025-4615HIGHCVSS 7.2EG 7.22025-10-09
An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and execute arbitrary commands. The security r…
- CVE-2025-58746CRITICALCVSS 9.0EG 9.02025-09-08
The Volkov Labs Business Links panel for Grafana provides an interface to navigate using external links, internal dashboards, time pickers, and dropdown menus. Prior to version 2.4.0, a malicious actor with Editor privileges can escalate t…
- CVE-2025-67163MEDIUMCVSS 6.1EG 6.12025-12-18
A stored cross-site scripting (XSS) vulnerability in Simple Machines Forum v2.1.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Forum Name parameter.
- CVE-2026-22849MEDIUMCVSS 4.8EG 4.82026-01-21
Saleor is an e-commerce platform. Starting in version 3.0.0 and prior to versions 3.20.108, 3.21.43, and 3.22.27, Saleor was allowing users to modify rich text fields with HTML without running any backend HTML cleaners thus allowing malici…
- CVE-2026-23516MEDIUMCVSS 5.4EG 5.42026-01-21
CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.2.0 through 2.54.0, an attacker is able to execute arbitrary JavaScript in a victim user's CVAT UI session, provided that they are able t…
- CVE-2026-8245MEDIUMCVSS 5.4EG 5.42026-05-21
Concrete CMS 9.5.0 and below is vulnerable to Reflected XSS in Legacy Pagination via HTML attribute injection. Concrete\Core\Legacy\Pagination builds pagination links by raw-interpolating its $URL field into href="" (<a href="{$linkURL}" …
Map vulnerabilities like CWE-83 to your infrastructure
EchelonGraph correlates every CVE — across CWE-83 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →