Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-80 (Web页面中脚本相关HTML标签转义处理不恰当(基本跨站脚本)) — Vulnerability Class 399

399 vulnerabilities classified as CWE-80 (Web页面中脚本相关HTML标签转义处理不恰当(基本跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-5686 Paged Gallery <= 0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting — Paged Gallery 6.4 Medium2025-06-06
CVE-2025-23393 Reflected XSS in spacewalk-java — Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1 5.2 Medium2025-05-27
CVE-2025-23392 Reflected XSS in SystemsController.java in spacewalk-java — Container suse/manager/5.0/x86_64/server:5.0.4.7.19.1 5.2 Medium2025-05-26
CVE-2025-33138 IBM Aspera Faspex HTML injection — Aspera Faspex 5.4 Medium2025-05-22
CVE-2025-20267 Cisco Identity Services Stored Cross-Site Scripting Vulnerability — Cisco Identity Services Engine Software 4.8 Medium2025-05-21
CVE-2024-51475 IBM Content Navigator HTML injection — Content Navigator 5.4 Medium2025-05-16
CVE-2025-4126 EG-Series <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — EG-Series 6.4 Medium2025-05-15
CVE-2025-4168 Subpage List <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — Subpage List 6.4 Medium2025-05-03
CVE-2025-3521 Team Members – Best WordPress Team Plugin with Team Slider, Team Showcase & Team Builder <= 3.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Team Members Showcase 6.4 Medium2025-05-01
CVE-2025-39524 WordPress Html5 Audio Player plugin <= 2.2.28 - Cross Site Scripting (XSS) Vulnerability — Html5 Audio Player 6.5 Medium2025-04-16
CVE-2025-32230 WordPress Tutor LMS plugin <= 3.4.0 - HTML Injection vulnerability — Tutor LMS 4.3 Medium2025-04-10
CVE-2025-31384 WordPress Videos plugin <= 1.0.5 - Cross Site Scripting (XSS) vulnerability — Videos 7.1 High2025-04-04
CVE-2025-0272 HCL DevOps Deploy / HCL Launch is susceptible to an HTML injection vulnerability — HCL DevOps Deploy / HCL Launch 5.4 Medium2025-04-03
CVE-2025-30676 Apache OFBiz: Stored XSS Vulnerability — Apache OFBiz 6.1 -2025-04-01
CVE-2025-30210 Bruno XSS On Environment Name — bruno 6.1AIMediumAI2025-04-01
CVE-2025-30161 OpenEMR Stored XSS in OpenEMR Bronchitis Form — openemr 5.4 -2025-03-31
CVE-2025-31604 WordPress Cal.com plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability — Cal.com 6.5 Medium2025-03-31
CVE-2025-31575 WordPress Flag Icons plugin <= 2.2 - Cross Site Scripting (XSS) vulnerability — Flag Icons 5.9 Medium2025-03-31
CVE-2025-22501 WordPress Improve My City plugin <= 1.6 - Cross Site Scripting (XSS) vulnerability — Improve My City 7.1 High2025-03-28
CVE-2025-31075 WordPress MicroPayments plugin <= 2.9.29 - Cross Site Scripting (XSS) vulnerability — MicroPayments 6.5 Medium2025-03-28
CVE-2025-1997 IBM UrbanCode Deploy (UCD) / IBM DevOps Deploy HTML injection — UrbanCode Deploy 5.4 Medium2025-03-27
CVE-2024-13497 WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto <= 8.0.9 - Unauthenticated Stored Cross-Site Scripting — WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto 7.2 High2025-03-15
CVE-2025-27099 Tuleap allows XSS via the tracker names used in the semantic timeframe deletion message — tuleap 4.8 Medium2025-03-03
CVE-2025-1807 Eastnets PaymentSafe Edit Manual Reply directRouter.rfc cross site scripting — PaymentSafe 3.5 Low2025-03-02
CVE-2025-22274 HTML injection in CyberArk Endpoint Privilege Manager — Endpoint Privilege Manager 5.4 -2025-02-28
CVE-2024-49337 IBM OpenPages HTML injection — OpenPages with Watson 5.4 Medium2025-02-20
CVE-2024-13704 Super Testimonials <= 4.0.1 - Unauthenticated Stored Cross-Site Scripting — Super Testimonial – Testimonial & Customer Review Slider Plugin for WordPress 7.2 High2025-02-18
CVE-2024-46910 Apache Atlas: An authenticated user can perform XSS and potentially impersonate another user — Apache Atlas 5.4 -2025-02-13
CVE-2025-22402 Dell Update Manager Plugin 安全漏洞 — Update Manager Plugin 2.6 Low2025-02-07
CVE-2024-38318 IBM Aspera Shares HTML injection — Aspera Shares 4.8 Medium2025-02-05

Vulnerabilities classified as CWE-80 (Web页面中脚本相关HTML标签转义处理不恰当(基本跨站脚本)) represent 399 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.