CWE-83 · Improper Neutralization of Script in Attributes in a Web Page
16 CVEs classified under CWE-83 (Improper Neutralization of Script in Attributes in a Web Page). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-58746 | Critical | 9.1 | 2025-09-08 | The Volkov Labs Business Links panel for Grafana provides an interface to navigate using external links, internal dashboards, time pickers, and dropdown menus… |
CVE-2023-37908 | Critical | 9.1 | 2023-10-25 | XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. The cleaning of attributes during XHTML render… |
CVE-2023-32070 | Critical | 9.1 | 2023-05-10 | XWiki Platform is a generic wiki platform. Prior to version 14.6-rc-1, HTML rendering didn't check for dangerous attributes/attribute values. This allowed cros… |
CVE-2024-52595 | High | 7.7 | 2024-11-19 | lxml_html_clean is a project for HTML cleaning functionalities copied from `lxml.html.clean`. Prior to version 0.4.0, the HTML Parser in lxml does not properly… |
CVE-2024-9103 | Medium | 6.1 | 2025-03-24 | Improper Neutralization of Script in Attributes in a Web Page vulnerability in Forcepoint Email Security (Blocked Messages module) allows Stored XSS. This issu… |
CVE-2026-8245 | Medium | 5.4 | 2026-05-21 | Concrete CMS 9.5.0 and below is vulnerable to Reflected XSS in Legacy Pagination via HTML attribute injection. Concrete\Core\Legacy\Pagination builds paginatio… |
CVE-2022-39262 | Medium | 5.2 | 2022-11-03 | GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package, GLPI administrator can define rich-text conte… |
CVE-2023-30958 | Medium | 4.7 | 2023-08-03 | A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry's CSP were to be bypassed. This defe… |
CVE-2025-27145 | Low | 3.6 | 2025-02-25 | copyparty, a portable file server, has a DOM-based cross-site scripting vulnerability in versions prior to 1.16.15. The vulnerability is considered low-risk. B… |
CVE-2020-14525 | Low | 3.5 | 2020-09-18 | Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, does not neutralize or incorrectly neutralizes user-controllable input before it is placed… |
CVE-2026-23516 | | 2026-01-21 | CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.2.0 through 2.54.0, an attacker is able to execute arbitr… | |
CVE-2026-22849 | | 2026-01-21 | Saleor is an e-commerce platform. Starting in version 3.0.0 and prior to versions 3.20.108, 3.21.43, and 3.22.27, Saleor was allowing users to modify rich text… | |
CVE-2025-11682 | | 2025-10-27 | Stored cross-site scripting (XSS) vulnerability in the LMT Dashboard of the Perx Customer Engagement & Loyalty Platform allows an authenticated attacker to exe… | |
CVE-2025-4615 | | 2025-10-09 | An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables an authenticated administrato… | |
CVE-2025-0137 | | 2025-05-14 | An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables a malicious authenticated rea… | |
CVE-2025-0125 | | 2025-04-11 | An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables a malicious authenticated rea… |