CWE-80 (Web页面中脚本相关HTML标签转义处理不恰当(基本跨站脚本)) — Vulnerability Class 399

399 vulnerabilities classified as CWE-80 (Web页面中脚本相关HTML标签转义处理不恰当(基本跨站脚本)). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-58412	Fortinet FortiADC 安全漏洞 — FortiADC	4.2	Medium	2025-11-19
CVE-2025-11267	VK All in One Expansion Unit <= 9.112.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — VK All in One Expansion Unit	6.4	Medium	2025-11-18
CVE-2025-11265	VK All in One Expansion Unit <= 9.112.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — VK All in One Expansion Unit	6.4	Medium	2025-11-18
CVE-2025-8386	AVEVA Application Server IDE Basic Cross-site Scripting — Application Server	6.9	Medium	2025-11-14
CVE-2025-13180	Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System edit_profile cross site scripting — Wholesale Inventory Control and Inventory Management System	3.5	Low	2025-11-14
CVE-2025-13178	Bdtask/CodeCanyon SalesERP User Profile edit_profile cross site scripting — SalesERP	3.5	Low	2025-11-14
CVE-2025-12753	Chart Expert <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — Chart Expert	6.4	Medium	2025-11-11
CVE-2025-11874	Slippy Slider – Responsive Touch Navigation Slider <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting — Slippy Slider – Responsive Touch Navigation Slider	5.4	Medium	2025-11-11
CVE-2025-64187	OctoPrint is vulnerable to XSS through Action Command Notifications and Prompts — OctoPrint	6.1	-	2025-11-07
CVE-2025-33110	IBM OpenPages Vulnerable to HTML Injection — OpenPages	5.4	Medium	2025-11-06
CVE-2025-60244	WordPress TableOn plugin <= 1.0.5.1 - Content Injection vulnerability — TableOn	6.1	-	2025-11-06
CVE-2025-49398	WordPress Easy Appointments plugin <= 3.12.14 - Content Injection vulnerability — Easy Appointments	6.5	Medium	2025-11-06
CVE-2025-11745	Ad Inserter <= 2.8.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Custom Field — Ad Inserter – Ad Manager & AdSense Ads	6.4	Medium	2025-11-05
CVE-2025-11987	Visual Link Preview <= 2.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via visual-link-preview Shortcode — Visual Link Preview	6.4	Medium	2025-11-05
CVE-2025-48884	Galette is vulnerable to XSS through Document Type — galette	6.1^AI	Medium^AI	2025-11-04
CVE-2025-53883	spacewalk-java has various XSS issues on search page — Container suse manager 5.0	6.1^AI	Medium^AI	2025-10-30
CVE-2025-39663	Cross Site Scripting through compromised remote site — Checkmk	6.1^AI	Medium^AI	2025-10-30
CVE-2025-36121	HTML Injection Vulnerability in a Specific URL Endpoint of the IBM OpenPages Application — OpenPages	5.4	Medium	2025-10-27
CVE-2025-62936	WordPress xSmart theme <= 1.2.9.4 - Content Injection vulnerability — xSmart	4.3	Medium	2025-10-27
CVE-2025-62897	WordPress WP Recipe Maker plugin < 10.1.0 - Content Injection vulnerability — WP Recipe Maker	5.3	Medium	2025-10-27
CVE-2025-11823	ShopLentor – WooCommerce Builder for Elementor & Gutenberg +21 Modules – All in One Solution <= 3.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode — ShopLentor – All-in-One WooCommerce Growth & Store Enhancement Plugin	6.4	Medium	2025-10-25
CVE-2025-11992	Multi Item Responsive Slider <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting — Multi Item Responsive Slider	6.1	Medium	2025-10-24
CVE-2025-58970	WordPress Doctreat theme <= 1.6.7 - Content Injection vulnerability — Doctreat	6.3	Medium	2025-10-22
CVE-2025-62415	bagisto - Cross Site Scripting (XSS) in TinyMCE Image Upload (HTML) — bagisto	6.9	Medium	2025-10-16
CVE-2025-62418	bagisto - Cross Site Scripting (XSS) in TinyMCE Image Upload (SVG) — bagisto	6.9	Medium	2025-10-16
CVE-2025-62414	bagisto - Cross Site Scripting (XSS) in Create New Customer — bagisto	6.9	Medium	2025-10-16
CVE-2025-11160	WPBakery Page Builder <= 8.6.1 - Stored Cross-Site Scripting via Custom JS Module — WPBakery Page Builder	6.4	Medium	2025-10-15
CVE-2025-11161	WPBakery Page Builder <= 8.6.1 - Stored Cross-Site Scripting via vc_custom_heading Shortcode — WPBakery Page Builder	6.4	Medium	2025-10-15
CVE-2025-62172	Home Assistant vulnerable to Stored XSS in Energy dashboard from Energy Entity Name — core	5.4^AI	Medium^AI	2025-10-14
CVE-2025-31992	HCL MaxAI Assistant is susceptible to a HTML injection vulnerability — MaxAI Assistant	4.6	Medium	2025-10-12

Vulnerabilities classified as CWE-80 (Web页面中脚本相关HTML标签转义处理不恰当(基本跨站脚本)) represent 399 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-80 (Web页面中脚本相关HTML标签转义处理不恰当(基本跨站脚本)) — Vulnerability Class 399