CWE-80 · Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
553 CVEs classified under CWE-80 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-66481 | Critical | 9.6 | 2025-12-09 | DeepChat is an open-source AI chat platform that supports cloud models and LLMs. Versions 0.5.1 and below are vulnerable to XSS attacks through improperly sani… |
CVE-2024-39363 | Critical | 9.6 | 2025-01-14 | A cross-site scripting (xss) vulnerability exists in the login.cgi set_lang_CountryCode() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially craft… |
CVE-2024-34070 | Critical | 9.6 | 2024-05-14 | Froxlor is open source server administration software. Prior to 2.1.9, a Stored Blind Cross-Site Scripting (XSS) vulnerability was identified in the Failed Log… |
CVE-2023-39216 | Critical | 9.6 | 2023-08-08 | Improper input validation in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network a… |
CVE-2022-29168 | Critical | 9.6 | 2022-06-25 | Wire is a secure messaging application. Wire is vulnerable to arbitrary HTML and Javascript execution via insufficient escaping when rendering `@mentions` in t… |
CVE-2019-13923 | Critical | 9.6 | 2019-09-13 | A vulnerability has been identified in IE/WSN-PA Link WirelessHART Gateway (All versions). The integrated configuration web server of the affected device could… |
CVE-2023-44393 | Critical | 9.3 | 2023-10-09 | Piwigo is an open source photo gallery application. Prior to version 14.0.0beta4, a reflected cross-site scripting (XSS) vulnerability is in the` /admin.php?pa… |
CVE-2026-32891 | Critical | 9.0 | 2026-03-20 | Anchorr is a Discord bot for requesting movies and TV shows and receiving notifications when items are added to a media server. Versions 1.4.1 and below contai… |
CVE-2025-54117 | Critical | 9.0 | 2025-08-18 | NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Cross-site scripting (XSS) vulnerability in NamelessMC before 2.2.3 allows… |
CVE-2025-53835 | Critical | 9.0 | 2025-07-14 | XWiki Rendering is a generic rendering system that converts textual input in a given syntax (wiki syntax, HTML, etc) into another syntax (XHTML, etc). Starting… |
CVE-2024-52300 | Critical | 9.0 | 2024-11-13 | macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The width parameter of the PDF viewer macro isn't properly escaped, allowing XSS for any… |
CVE-2024-41947 | Critical | 9.0 | 2024-07-31 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. By creating a conflict when another user with more rig… |
CVE-2023-35153 | Critical | 9.0 | 2023-06-23 | XWiki Platform is a generic wiki platform. Starting in version 5.4.4 and prior to versions 14.4.8, 14.10.4, and 15.0, a stored cross-site scripting vulnerabili… |
CVE-2020-2503 | Critical | 9.0 | 2020-12-24 | If exploited, this stored cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QNAP has already fixed thes… |
CVE-2024-37166 | High | 8.9 | 2024-06-10 | ghtml is software that uses tagged templates for template engine functionality. It is possible to introduce user-controlled JavaScript code and trigger a Cross… |
CVE-2023-29508 | High | 8.9 | 2023-04-16 | XWiki Commons are technical libraries common to several other top level XWiki projects. A user without script rights can introduce a stored XSS by using the Li… |
CVE-2022-36097 | High | 8.9 | 2022-09-08 | XWiki Platform Attachment UI provides a macro to easily upload and select attachments for XWiki Platform, a generic wiki platform. Starting with version 14.0-r… |
CVE-2022-36096 | High | 8.9 | 2022-09-08 | The XWiki Platform Index UI is an Index of all pages, attachments, orphans and deleted pages and attachments for XWiki Platform, a generic wiki platform. Prior… |
CVE-2022-36094 | High | 8.9 | 2022-09-08 | XWiki Platform Web Parent POM contains Web resources for the XWiki platform, a generic wiki platform. Starting with version 1.0 and prior to versions 13.10.6 a… |
CVE-2026-6002 | High | 8.8 | 2026-05-07 | Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Cross… |