CWE-80 · Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

553 CVEs classified under CWE-80 (Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)). Browse by severity and year.

Top CVEs for CWE-80
CVESeverityScorePublishedSummary
CVE-2025-66481Critical9.62025-12-09DeepChat is an open-source AI chat platform that supports cloud models and LLMs. Versions 0.5.1 and below are vulnerable to XSS attacks through improperly sani…
CVE-2024-39363Critical9.62025-01-14A cross-site scripting (xss) vulnerability exists in the login.cgi set_lang_CountryCode() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially craft…
CVE-2024-34070Critical9.62024-05-14Froxlor is open source server administration software. Prior to 2.1.9, a Stored Blind Cross-Site Scripting (XSS) vulnerability was identified in the Failed Log…
CVE-2023-39216Critical9.62023-08-08Improper input validation in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network a…
CVE-2022-29168Critical9.62022-06-25Wire is a secure messaging application. Wire is vulnerable to arbitrary HTML and Javascript execution via insufficient escaping when rendering `@mentions` in t…
CVE-2019-13923Critical9.62019-09-13A vulnerability has been identified in IE/WSN-PA Link WirelessHART Gateway (All versions). The integrated configuration web server of the affected device could…
CVE-2023-44393Critical9.32023-10-09Piwigo is an open source photo gallery application. Prior to version 14.0.0beta4, a reflected cross-site scripting (XSS) vulnerability is in the` /admin.php?pa…
CVE-2026-32891Critical9.02026-03-20Anchorr is a Discord bot for requesting movies and TV shows and receiving notifications when items are added to a media server. Versions 1.4.1 and below contai…
CVE-2025-54117Critical9.02025-08-18NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Cross-site scripting (XSS) vulnerability in NamelessMC before 2.2.3 allows…
CVE-2025-53835Critical9.02025-07-14XWiki Rendering is a generic rendering system that converts textual input in a given syntax (wiki syntax, HTML, etc) into another syntax (XHTML, etc). Starting…
CVE-2024-52300Critical9.02024-11-13macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The width parameter of the PDF viewer macro isn't properly escaped, allowing XSS for any…
CVE-2024-41947Critical9.02024-07-31XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. By creating a conflict when another user with more rig…
CVE-2023-35153Critical9.02023-06-23XWiki Platform is a generic wiki platform. Starting in version 5.4.4 and prior to versions 14.4.8, 14.10.4, and 15.0, a stored cross-site scripting vulnerabili…
CVE-2020-2503Critical9.02020-12-24If exploited, this stored cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QNAP has already fixed thes…
CVE-2024-37166High8.92024-06-10ghtml is software that uses tagged templates for template engine functionality. It is possible to introduce user-controlled JavaScript code and trigger a Cross…
CVE-2023-29508High8.92023-04-16XWiki Commons are technical libraries common to several other top level XWiki projects. A user without script rights can introduce a stored XSS by using the Li…
CVE-2022-36097High8.92022-09-08XWiki Platform Attachment UI provides a macro to easily upload and select attachments for XWiki Platform, a generic wiki platform. Starting with version 14.0-r…
CVE-2022-36096High8.92022-09-08The XWiki Platform Index UI is an Index of all pages, attachments, orphans and deleted pages and attachments for XWiki Platform, a generic wiki platform. Prior…
CVE-2022-36094High8.92022-09-08XWiki Platform Web Parent POM contains Web resources for the XWiki platform, a generic wiki platform. Starting with version 1.0 and prior to versions 13.10.6 a…
CVE-2026-6002High8.82026-05-07Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Cross…