CWE-83 (Web页面属性中脚本转义处理不恰当) — Vulnerability Class 12

12 vulnerabilities classified as CWE-83 (Web页面属性中脚本转义处理不恰当). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-23516	CVAT vulnerable to XSS via skeleton SVG images — cvat	6.5^AI	Medium^AI	2026-01-21
CVE-2026-22849	Saleor lacks proper HTML sanitization in rich text fields — saleor	5.4^AI	Medium^AI	2026-01-21
CVE-2025-4615	PAN-OS: Improper Neutralization of Input in the Management Web Interface — Cloud NGFW	7.2^AI	High^AI	2025-10-09
CVE-2025-0137	PAN-OS: Improper Neutralization of Input in the Management Web Interface — Cloud NGFW	7.2^AI	High^AI	2025-05-14
CVE-2025-0125	PAN-OS: Improper Neutralization of Input in the Management Web Interface — Cloud NGFW	7.2^AI	High^AI	2025-04-11
CVE-2024-9103	Persistent XSS in blocked messages — Email Security	6.1	Medium	2025-03-24
CVE-2025-27145	copyparty renders unsanitized filenames as HTML when user uploads empty files — copyparty	3.6	Low	2025-02-25
CVE-2023-37908	org.xwiki.rendering:xwiki-rendering-xml Improper Neutralization of Invalid Characters in Identifiers in Web Pages vulnerability — xwiki-rendering	9.1	Critical	2023-10-25
CVE-2023-30958	DOM XSS in Developer mode dashboard via redirect GET parameter — com.palantir.foundry:foundry-frontend	4.7	Medium	2023-08-03
CVE-2023-32070	Improper Neutralization of Script in Attributes in XWiki (X)HTML renderers — xwiki-rendering	9.1	Critical	2023-05-10
CVE-2022-39262	Stored Cross-Site Scripting (XSS) on login page in GLPI — glpi	5.2	Medium	2022-11-03
CVE-2020-14525	Philips Clinical Collaboration Platform Improper Neutralization of Script in Attributes in a Web Page — Clinical Collaboration Platform	3.5	Low	2020-09-18

Vulnerabilities classified as CWE-83 (Web页面属性中脚本转义处理不恰当) represent 12 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-83 (Web页面属性中脚本转义处理不恰当) — Vulnerability Class 12