Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-80 (Web页面中脚本相关HTML标签转义处理不恰当(基本跨站脚本)) — Vulnerability Class 399

399 vulnerabilities classified as CWE-80 (Web页面中脚本相关HTML标签转义处理不恰当(基本跨站脚本)). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-10496 Cookie Notice & Consent <= 1.6.5 - Unauthenticated Stored Cross-Site Scripting — Cookie Notice & Consent 7.2 High2025-10-09
CVE-2025-52654 HCL MyXalytics is affected by an HTML Injection — HCL MyXalytics 4.6 Medium2025-10-03
CVE-2025-11241 Yoast SEO Premium 25.7-25.9 - Authenticated (Contributor+) Stored Cross-Site Scripting — Yoast SEO Premium 6.4 Medium2025-10-03
CVE-2025-58054 Discourse is vulnerable to XSS when quoting chat messages — discourse 3.5 Low2025-10-01
CVE-2025-10128 Eulerpool Research Systems <= 4.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting — Eulerpool Research Systems 6.4 Medium2025-09-30
CVE-2025-60100 WordPress XStore theme < 9.6 - Content Injection vulnerability — XStore 5.3 Medium2025-09-26
CVE-2025-59573 WordPress Cozy Blocks Plugin <= 2.1.29 - Content Injection Vulnerability — Cozy Blocks 5.3 Medium2025-09-22
CVE-2025-57928 WordPress AWP Classifieds plugin <= 4.4.3 - Content Injection vulnerability — AWP Classifieds 5.3 Medium2025-09-22
CVE-2025-10125 Memberlite Shortcodes <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting — Memberlite Shortcodes 6.4 Medium2025-09-17
CVE-2025-58430 listmonk Vulnerable to CSRF to XSS Chain That Can Lead to Admin Account Takeover — listmonk 9.1AICriticalAI2025-09-09
CVE-2025-20342 Cisco Integrated Management Controller Virtual Keyboard Video Monitor (vKVM) Stored Cross-Site Scripting Vulnerability — Cisco Unified Computing System (Managed) 5.4 Medium2025-08-27
CVE-2025-6247 WordPress Automatic Plugin - AI content generator and auto poster plugin <= 3.118.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting — WordPress Automatic Plugin 4.7 Medium2025-08-26
CVE-2025-57730 JetBrains IntelliJ IDEA 安全漏洞 — IntelliJ IDEA 5.2 Medium2025-08-20
CVE-2025-55291 Shaarli allows reflected XSS via searchtags parameter — Shaarli 7.1 High2025-08-18
CVE-2025-54117 NamelessMC allows Stored Cross-Site Scripting (XSS) in dashboard text editor — Nameless 9.1 Critical2025-08-18
CVE-2025-55672 Apache Superset: Stored XSS on charts metadata — Apache Superset 5.4AIMediumAI2025-08-14
CVE-2025-54698 WordPress Classified Listing Plugin plugin <= 5.0.0 - Content Injection Vulnerability — Classified Listing 5.4 Medium2025-08-14
CVE-2025-8621 Mosaic Generator <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'c' Parameter — Mosaic Generator 6.4 Medium2025-08-12
CVE-2025-20331 Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabiliy — Cisco Identity Services Engine Software 5.4 Medium2025-08-06
CVE-2025-54789 Files is Vulnerable to Reflected Self-XSS through its File Move Functionality — cfiles 5.4 -2025-08-01
CVE-2025-52897 GLPI is vulnerable to XSS and open redirection attacks through planning feature — glpi 6.5 Medium2025-07-30
CVE-2025-27514 GLPI is susceptible to Stored XSS attack through project's kanban — glpi 4.5 Medium2025-07-29
CVE-2024-49343 IBM Informix Dynamic Server HTML injection — Informix Dynamic Server 5.4 Medium2025-07-28
CVE-2025-54414 Anubis accepts crafted redirect URLs in pass-challenge 'Try Again' buttons — anubis 7.1 -2025-07-26
CVE-2025-31326 HTML Injection vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence) — SAP BusinessObjects Business Intelligence Platform (Web Intelligence) 4.1 Medium2025-07-08
CVE-2025-27358 WordPress Frontend File Manager plugin <= 23.6 - Content Injection vulnerability — Frontend File Manager 4.6 Medium2025-07-04
CVE-2025-2895 IBM Cloud Pak System HTML injection — Cloud Pak System 5.4 Medium2025-06-30
CVE-2023-38007 IBM Cloud Pak System HTML injection — Cloud Pak System 5.4 Medium2025-06-27
CVE-2025-4367 Download Manager <= 3.3.18 - Authenticated (Author+) Stored Cross-site Scripting via wpdm_user_dashboard Shortcode — Download Manager 6.4 Medium2025-06-19
CVE-2025-4278 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in GitLab — GitLab 8.7 High2025-06-12

Vulnerabilities classified as CWE-80 (Web页面中脚本相关HTML标签转义处理不恰当(基本跨站脚本)) represent 399 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.