Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-80 (Web页面中脚本相关HTML标签转义处理不恰当(基本跨站脚本)) — Vulnerability Class 399

399 vulnerabilities classified as CWE-80 (Web页面中脚本相关HTML标签转义处理不恰当(基本跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-11954 Pimcore Search Document cross site scripting — Pimcore 2.4 Low2025-01-28
CVE-2025-24680 WordPress WP Multi Store Locator Plugin <= 2.4.7 - Cross Site Scripting (XSS) vulnerability — WP Multistore Locator 7.1 High2025-01-27
CVE-2024-35112 IBM Control Center cross-site scripting — Control Center 5.4 Medium2025-01-25
CVE-2025-24678 WordPress Listamester Plugin <= 2.3.4 - Cross Site Scripting (XSS) vulnerability — Listamester 6.5 Medium2025-01-24
CVE-2025-24673 WordPress Ketchup Shortcodes Plugin <= 0.1.2 - Cross Site Scripting (XSS) vulnerability — Ketchup Shortcodes 6.5 Medium2025-01-24
CVE-2025-23919 WordPress Slides & Presentations Plugin <= 0.0.39 - Content Injection vulnerability — Slides & Presentations 5.4 Medium2025-01-16
CVE-2024-39363 WAVLINK AC3000 安全漏洞 — Wavlink AC3000 9.6 Critical2025-01-14
CVE-2024-52967 Fortinet FortiPortal 安全漏洞 — FortiPortal 3.3 Low2025-01-14
CVE-2024-51472 IBM DevOps Deploy / IBM UrbanCode Deploy HTML injection — DevOps Deploy 3.1 Low2025-01-06
CVE-2024-41752 IBM Cognos Analytics HTML injection — Cognos Analytics 5.4 Medium2024-12-18
CVE-2024-12127 Learning Management System, eLearning, Course Builder, WordPress LMS Plugin – Sikshya LMS <= 0.0.21 - Reflected Cross-Site Scripting via page Parameter — Learning Management System, eLearning, Course Builder, WordPress LMS Plugin – Sikshya LMS 6.1 Medium2024-12-17
CVE-2024-54223 WordPress ARForms plugin <= 1.7.1 - HTML Injection vulnerability — ARForms Form Builder 5.3 Medium2024-12-09
CVE-2023-47869 WordPress wpForo plugin <= 2.2.5 - Broken Access Control + CSRF vulnerability — wpForo Forum 4.3 Medium2024-12-09
CVE-2024-54128 Directus has an HTML Injection in Comment — directus 5.7 Medium2024-12-05
CVE-2024-54001 Kanboard allows a persistent HTML injection site scripting in settings page date format — kanboard 5.5 Medium2024-12-05
CVE-2024-42195 HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection — DevOps Deploy / Launch 3.1 Low2024-12-05
CVE-2020-26067 Cisco Webex Teams Web Interface Cross-Site Scripting Vulnerability — Cisco Webex Teams 5.4 Medium2024-11-18
CVE-2024-10592 Mapster WP Maps <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Mapster WP Maps 6.4 Medium2024-11-16
CVE-2022-20654 Cisco Webex Meetings Cross-Site Scripting Vulnerability — Cisco Webex Meetings 6.1 Medium2024-11-15
CVE-2024-52300 macro-pdfviewer has a XSS through the width parameter — macro-pdfviewer 9.1 Critical2024-11-13
CVE-2024-10038 WP-Strava <= 2.12.1 - Authenticated (Administrator+) Stored Cross-Site Scripting — WP-Strava 6.1 Medium2024-11-13
CVE-2024-51689 WordPress CF7 WOW Styler plugin <= 1.6.8 - Reflected Cross Site Scripting (XSS) vulnerability — CF7 WOW Styler 7.1 High2024-11-09
CVE-2024-10621 Simple Shortcode for Google Maps <= 1.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Simple Shortcode for Google Maps 6.4 Medium2024-11-08
CVE-2024-20504 Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance Stored Cross-Site Scripting Vulnerabilities — Cisco Secure Email 5.4 Medium2024-11-06
CVE-2024-9147 HTML Injection in Bna Informatics' PosPratik — PosPratik 6.1AIMediumAI2024-11-04
CVE-2024-50344 I, Librarian has a Stored XSS vulnerability in Supplemental Files — i-librarian-free 4.6 Medium2024-10-30
CVE-2024-9438 SEUR Oficial <= 2.2.11 - Reflected Cross-Site Scripting — SEUR Oficial 6.1 Medium2024-10-29
CVE-2024-20382 Cisco Firepower Threat Defense和Cisco Adaptive Security Appliance 安全漏洞 — Cisco Adaptive Security Appliance (ASA) Software 6.1 Medium2024-10-23
CVE-2024-20341 Cisco Adaptive Security Appliance WebVPN Cross-Site Scripting Vulnerability — Cisco Adaptive Security Appliance (ASA) Software 6.1 Medium2024-10-23
CVE-2024-20460 Cisco ATA 190 Series Analog Telephone Adapter Firmware Reflected Cross-Site Scripting Vulnerability — Cisco Analog Telephone Adaptor (ATA) Software 6.1 Medium2024-10-16

Vulnerabilities classified as CWE-80 (Web页面中脚本相关HTML标签转义处理不恰当(基本跨站脚本)) represent 399 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.