Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-80 (Web页面中脚本相关HTML标签转义处理不恰当(基本跨站脚本)) — Vulnerability Class 399

399 vulnerabilities classified as CWE-80 (Web页面中脚本相关HTML标签转义处理不恰当(基本跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-22422 WordPress Everest Forms plugin <= 3.4.1 - Arbitrary Shortcode Execution vulnerability — Everest Forms 6.1AIMediumAI2026-02-19
CVE-2025-14289 IBM webMethods Integration Server is vulnerable to HTML injection — webMethods Integration Server 5.4 Medium2026-02-17
CVE-2026-25935 Vikunja Affected by XSS Via Task Preview — vikunja 5.4AIMediumAI2026-02-11
CVE-2026-1282 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in GitLab — GitLab 3.5 Low2026-02-11
CVE-2025-12803 Bold Builder <= 5.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via bt_bb_tabs Shortcode — Bold Page Builder 6.4 Medium2026-02-07
CVE-2026-25764 OpenProject vulnerable to Stored HTML injection — openproject 3.5 Low2026-02-06
CVE-2026-25578 Navidrome is vulnerable to XSS via comment from song metadata — navidrome 6.1 Medium2026-02-04
CVE-2026-25054 n8n is Vulnerable to Stored Cross-Site Scripting via Markdown Rendering in Workflow UI — n8n 5.4AIMediumAI2026-02-04
CVE-2026-24564 WordPress Textmetrics plugin <= 3.6.5 - Content Injection vulnerability — Textmetrics 4.3 Medium2026-01-23
CVE-2026-22469 WordPress DeepDigital theme <= 1.0.2 - Arbitrary Shortcode Execution vulnerability — DeepDigital 5.3 Medium2026-01-22
CVE-2025-47600 WordPress WoodMart theme <= 8.3.7 - Arbitrary Shortcode Execution vulnerability — WoodMart 5.3 Medium2026-01-22
CVE-2025-36397 Security vulnerabilities have been found in IBM Application Gateway — Application Gateway 5.4 Medium2026-01-20
CVE-2026-1154 SourceCodester E-Learning System Lesson index.php cross site scripting — E-Learning System 4.3 Medium2026-01-19
CVE-2026-23528 Dask distributed Vulnerable to Remote Code Execution via Jupyter Proxy and Dashboard — distributed 9.6 -2026-01-16
CVE-2026-20047 Cisco Identity Services Engine Cross-Site Scripting Vulnerability — Cisco Identity Services Engine Software 4.8 Medium2026-01-15
CVE-2025-69169 WordPress Easy Media Download plugin <= 1.1.11 - CSS Injection vulnerability — Easy Media Download 5.4 Medium2026-01-08
CVE-2025-15058 Responsive Pricing Table <= 5.1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'table_currency' — Responsive Pricing Table 6.4 Medium2026-01-07
CVE-2025-14792 Key Figures <= 1.1 - Authenticated (Admin+) Stored Cross-Site Scripting via kf_field_figure_default_color_render — Key Figures 4.4 Medium2026-01-07
CVE-2025-14835 WP Photo Album Plus <= 9.1.05.008 - Reflected Cross-Site Scripting — WP Photo Album Plus 7.1 High2026-01-07
CVE-2025-36230 XSS in IBM Aspera Faspex — Aspera Faspex 5 5.4 Medium2025-12-26
CVE-2025-14735 Amazon affiliate lite Plugin <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting — Amazon affiliate lite Plugin 4.4 Medium2025-12-20
CVE-2025-64225 WordPress Stockie Extra plugin <= 1.2.11 - Content Injection vulnerability — Stockie Extra 6.5 Medium2025-12-18
CVE-2025-64633 WordPress Norebro Extra plugin <= 1.6.8 - Content Injection vulnerability — Norebro Extra 6.1AIMediumAI2025-12-16
CVE-2025-66450 LibreChat JSON Injection in Chat POST Allows Remote Resource Inclusion and PXSS via Image Upload — LibreChat 6.3AIMediumAI2025-12-11
CVE-2025-63068 WordPress Contact Form 7 Dynamic Text Extension plugin <= 5.0.5 - Content Injection vulnerability — Contact Form 7 – Dynamic Text Extension 6.1AIMediumAI2025-12-09
CVE-2025-66481 DeepChat's Incomplete XSS Fix Allows RCE through Mermaid Content — deepchat 9.7 Critical2025-12-09
CVE-2025-14186 Grandstream GXP1625 Network Status api.values.post cross site scripting — GXP1625 3.5 Low2025-12-07
CVE-2025-66512 Nextcloud Server vulnerable to XSS in SVG images when opened outside of Nextcloud — security-advisories 5.4 Medium2025-12-05
CVE-2025-54057 Apache SkyWalking: Stored XSS vulnerability — Apache SkyWalking 6.1 -2025-11-27
CVE-2025-64764 Astro is vulnerable to Reflected XSS via the server islands feature — astro 7.1 High2025-11-19

Vulnerabilities classified as CWE-80 (Web页面中脚本相关HTML标签转义处理不恰当(基本跨站脚本)) represent 399 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.