Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-80 (Web页面中脚本相关HTML标签转义处理不恰当(基本跨站脚本)) — Vulnerability Class 399

399 vulnerabilities classified as CWE-80 (Web页面中脚本相关HTML标签转义处理不恰当(基本跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-1564 Pega Platform versions 8.1.0 through 25.1.1 are affected by an HTML Injection vulnerability in a user interface component. Requires a high privileged user with a developer role. — Pega Infinity 5.5 -2026-04-15
CVE-2026-20170 Cisco Webex Contact Center 安全漏洞 — Cisco Webex Contact Center 6.1 Medium2026-04-15
CVE-2026-40105 XWiki has Reflected Cross-Site Scripting (XSS) in its page history compare functionality — xwiki-platform 8.8 -2026-04-15
CVE-2026-39425 MaxKB: Stored XSS via Unsanitized html_rander Tags in Markdown Rendering — MaxKB 5.4 -2026-04-14
CVE-2026-33657 EspoCRM: Stored HTML injection in email notifications about stream notes via unescaped post field — espocrm 4.6 Medium2026-04-13
CVE-2026-34718 Zammad improperly neutralizes of script-related HTML tags in ticket articles — zammad 5.4AIMediumAI2026-04-08
CVE-2026-39712 WordPress tagDiv Composer plugin <= 5.4.3 - Arbitrary Shortcode Execution vulnerability — tagDiv Composer 6.1AIMediumAI2026-04-08
CVE-2026-39628 WordPress DukaMarket theme <= 1.3.0 - Arbitrary Shortcode Execution vulnerability — DukaMarket 6.1AIMediumAI2026-04-08
CVE-2026-39629 WordPress Uminex theme <= 1.0.9 - Arbitrary Shortcode Execution vulnerability — Uminex 6.1AIMediumAI2026-04-08
CVE-2026-39626 WordPress Armania theme <= 1.4.8 - Arbitrary Shortcode Execution vulnerability — Armania 6.1AIMediumAI2026-04-08
CVE-2026-39625 WordPress TechOne theme <= 3.0.3 - Arbitrary Shortcode Execution vulnerability — TechOne 6.1AIMediumAI2026-04-08
CVE-2026-39837 Stored XSS through the dynamic table format in Cargo — Mediawiki - Cargo Extension 6.1AIMediumAI2026-04-07
CVE-2026-39841 Stored XSS through list fields on Cargo's page values and Special:CargoTables — Mediawiki - Cargo Extension 6.1AIMediumAI2026-04-07
CVE-2026-39839 Stored XSS through URLs in Cargo's map format — Mediawiki - Cargo Extension 6.1AIMediumAI2026-04-07
CVE-2026-39344 Reflected XSS the login page through the 'username' parameter — CRM 6.1AIMediumAI2026-04-07
CVE-2026-35460 Papra has an HTML Injection in Transactional Emails via Unescaped User Display Name — papra 4.3 Medium2026-04-07
CVE-2025-66486 Multiple vulnerabilities have been addressed in IBM Aspera Shares — Aspera Shares 4.8 Medium2026-04-01
CVE-2026-1834 Ibtana - WordPress Website Builder <= 1.2.5.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Ibtana – WordPress Website Builder 6.4 Medium2026-03-31
CVE-2026-2995 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in GitLab — GitLab 7.7 High2026-03-25
CVE-2026-32891 Anchorr Privilege Escalation: Jellyseerr User → Anchorr Admin via Stored XSS — Anchorr 9.1 Critical2026-03-20
CVE-2026-32753 FreeScout: Stored XSS through SVG file upload with filter bypass — freescout 6.1 -2026-03-19
CVE-2026-27166 Discourse vulnerable to HTML injection via prohibited iframe URLs — discourse 4.1 Medium2026-03-19
CVE-2026-32732 XSS in @leanprover/unicode-input-component — vscode-lean4 6.1AIMediumAI2026-03-13
CVE-2025-59540 Chamilo: Stored Cross-Site Scripting (XSS) in Chamilo LMS Exercise Feedback — chamilo-lms 4.8 -2026-03-06
CVE-2026-20070 Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software VPN Web Services Cross-Site Scripting Vulnerability — Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 6.1 Medium2026-03-04
CVE-2025-52564 Chamilo: HTML injection via open parameter — chamilo-lms 6.1AIMediumAI2026-03-02
CVE-2026-28132 WordPress WooCommerce Photo Reviews plugin <= 1.4.4 - Content Injection vulnerability — WooCommerce Photo Reviews 6.1AIMediumAI2026-02-26
CVE-2026-27578 n8n Vulnerable to Stored XSS via Various Nodes — n8n 5.4AIMediumAI2026-02-25
CVE-2026-27458 LinkAce: Stored XSS in Atom Feed via CDATA Escape in List Description — LinkAce 5.4AIMediumAI2026-02-21
CVE-2026-25006 WordPress XStore theme <= 9.6.4 - Arbitrary Shortcode Execution vulnerability — XStore 5.3 Medium2026-02-19

Vulnerabilities classified as CWE-80 (Web页面中脚本相关HTML标签转义处理不恰当(基本跨站脚本)) represent 399 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.