CWE-80
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Description
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-18 · CAPEC-193 · CAPEC-32 · CAPEC-86
CVEs mapped to this weakness (275)
page 5 of 14| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-55291 | Hig | 0.39 | 7.1 | 0.00 | Aug 18, 2025 | Shaarli is a minimalist bookmark manager and link sharing service. Prior to 0.15.0, the input string in the cloud tag page is not properly sanitized. This allows the tag to be prematurely closed, leading to a reflected Cross-Site Scripting (XSS) vulnerability. This… | ||
| CVE-2024-8981 | Hig | 0.39 | 7.1 | 0.00 | Oct 1, 2024 | The Broken Link Checker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg in /app/admin-notices/features/class-view.php without appropriate escaping on the URL in all versions up to, and including, 2.4.0. This makes it possible… | ||
| CVE-2026-55692 | hig | 0.38 | — | — | Jun 19, 2026 | ### Summary With $wgEmbedVideoRequireConsent enabled (the default), the urls for videos are stored in a json-ified data attribute`data-mw-iframeconfig`. When given a malformed url or id, the data-mw-iframeconfig attribute can be escaped via single quotes, allowing for… | ||
| CVE-2026-55691 | hig | 0.38 | — | — | Jun 19, 2026 | ### Summary The user supplied class value is fed directly into the sprintf call that creates HTML. You can add a quote to escape the class and then inject arbitrary html/javascript to the final output. ### Details The template [here](https://github.com/StarCitizenWiki/mediawiki-… | ||
| CVE-2026-55690 | hig | 0.38 | — | — | Jun 19, 2026 | ### Summary When passing an unknown service name to embedvideo, an error message is rendered containing the invalid service name. The service name is not sanitized and can contain HTML. ### Details There is a hardcoded list of allowed services in a switch statement inside… | ||
| CVE-2025-31575 | Med | 0.38 | 5.9 | 0.00 | Mar 31, 2025 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Vasilis Triantafyllou Flag Icons language-icons-flags-switcher allows Stored XSS.This issue affects Flag Icons: from n/a through <= 2.2. | ||
| CVE-2021-47948 | Med | 0.35 | 5.4 | 0.00 | May 10, 2026 | WordPress GetPaid Plugin 2.4.6 contains an HTML injection vulnerability that allows authenticated attackers to inject arbitrary HTML code by exploiting the Help Text field in payment forms. Attackers can inject malicious HTML including image tags and scripts into the Help Text… | ||
| CVE-2026-39837 | Med | 0.35 | 5.4 | 0.00 | Apr 7, 2026 | Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in WikiWorks Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7. | ||
| CVE-2026-1834 | Med | 0.35 | 6.4 | 0.00 | Mar 31, 2026 | The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ive' shortcode in all versions up to, and including, 1.2.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This… | ||
| CVE-2025-45160 | Med | 0.35 | 5.4 | 0.00 | Jan 29, 2026 | A HTML injection vulnerability exists in the file upload functionality of Cacti <= 1.2.29. When a file with an invalid format is uploaded, the application reflects the submitted filename back into an error popup without proper sanitization. As a result, attackers can inject… | ||
| CVE-2025-69169 | Med | 0.35 | 5.4 | 0.00 | Jan 8, 2026 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Noor Alam Easy Media Download easy-media-download allows Reflection Injection.This issue affects Easy Media Download: from n/a through <= 1.1.11. | ||
| CVE-2025-11874 | Med | 0.35 | 5.4 | 0.00 | Nov 11, 2025 | The Slippy Slider – Responsive Touch Navigation Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'slippy-slider' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user… | ||
| CVE-2025-11987 | Med | 0.35 | 6.4 | 0.00 | Nov 5, 2025 | The Visual Link Preview plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's visual-link-preview shortcode in versions up to, and including, 2.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it… | ||
| CVE-2025-20342 | Med | 0.35 | 5.4 | 0.00 | Aug 27, 2025 | A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connection handling of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with low privileges to conduct a stored cross-site scripting (XSS) attack against a user of the… | ||
| CVE-2025-54698 | Med | 0.35 | 5.4 | 0.00 | Aug 14, 2025 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in RadiusTheme Classified Listing classified-listing allows Code Injection.This issue affects Classified Listing: from n/a through <= 5.0.0. | ||
| CVE-2025-20331 | Med | 0.35 | 5.4 | 0.00 | Aug 6, 2025 | A vulnerability in the web-based management interface of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to conduct a stored XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by… | ||
| CVE-2025-23919 | Med | 0.35 | 5.4 | 0.01 | Jan 16, 2025 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Ella Van Durpe Slides & Presentations slide allows Code Injection.This issue affects Slides & Presentations: from n/a through <= 0.0.39. | ||
| CVE-2024-27716 | Med | 0.35 | 5.4 | 0.00 | Jul 5, 2024 | Cross Site Scripting vulnerability in Eskooly Web Product v.3.0 and before allows a remote attacker to execute arbitrary code via the message sending and user input fields. | ||
| CVE-2023-47513 | Med | 0.35 | 5.4 | 0.00 | Jun 4, 2024 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in ARI Soft ARI Stream Quiz allows Code Injection.This issue affects ARI Stream Quiz: from n/a through 1.3.2. | ||
| CVE-2023-45635 | Med | 0.35 | 5.4 | 0.00 | Jun 4, 2024 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in WP Darko Responsive Tabs allows Code Injection.This issue affects Responsive Tabs: from n/a before 4.0.6. |
- risk 0.39cvss 7.1epss 0.00
Shaarli is a minimalist bookmark manager and link sharing service. Prior to 0.15.0, the input string in the cloud tag page is not properly sanitized. This allows the tag to be prematurely closed, leading to a reflected Cross-Site Scripting (XSS) vulnerability. This…
- risk 0.39cvss 7.1epss 0.00
The Broken Link Checker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg in /app/admin-notices/features/class-view.php without appropriate escaping on the URL in all versions up to, and including, 2.4.0. This makes it possible…
- risk 0.38cvss —epss —
### Summary With $wgEmbedVideoRequireConsent enabled (the default), the urls for videos are stored in a json-ified data attribute`data-mw-iframeconfig`. When given a malformed url or id, the data-mw-iframeconfig attribute can be escaped via single quotes, allowing for…
- risk 0.38cvss —epss —
### Summary The user supplied class value is fed directly into the sprintf call that creates HTML. You can add a quote to escape the class and then inject arbitrary html/javascript to the final output. ### Details The template [here](https://github.com/StarCitizenWiki/mediawiki-…
- risk 0.38cvss —epss —
### Summary When passing an unknown service name to embedvideo, an error message is rendered containing the invalid service name. The service name is not sanitized and can contain HTML. ### Details There is a hardcoded list of allowed services in a switch statement inside…
- risk 0.38cvss 5.9epss 0.00
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Vasilis Triantafyllou Flag Icons language-icons-flags-switcher allows Stored XSS.This issue affects Flag Icons: from n/a through <= 2.2.
- risk 0.35cvss 5.4epss 0.00
WordPress GetPaid Plugin 2.4.6 contains an HTML injection vulnerability that allows authenticated attackers to inject arbitrary HTML code by exploiting the Help Text field in payment forms. Attackers can inject malicious HTML including image tags and scripts into the Help Text…
- risk 0.35cvss 5.4epss 0.00
Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in WikiWorks Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7.
- risk 0.35cvss 6.4epss 0.00
The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ive' shortcode in all versions up to, and including, 1.2.5.7 due to insufficient input sanitization and output escaping on user supplied attributes. This…
- risk 0.35cvss 5.4epss 0.00
A HTML injection vulnerability exists in the file upload functionality of Cacti <= 1.2.29. When a file with an invalid format is uploaded, the application reflects the submitted filename back into an error popup without proper sanitization. As a result, attackers can inject…
- risk 0.35cvss 5.4epss 0.00
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Noor Alam Easy Media Download easy-media-download allows Reflection Injection.This issue affects Easy Media Download: from n/a through <= 1.1.11.
- risk 0.35cvss 5.4epss 0.00
The Slippy Slider – Responsive Touch Navigation Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'slippy-slider' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user…
- risk 0.35cvss 6.4epss 0.00
The Visual Link Preview plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's visual-link-preview shortcode in versions up to, and including, 2.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it…
- risk 0.35cvss 5.4epss 0.00
A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connection handling of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with low privileges to conduct a stored cross-site scripting (XSS) attack against a user of the…
- risk 0.35cvss 5.4epss 0.00
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in RadiusTheme Classified Listing classified-listing allows Code Injection.This issue affects Classified Listing: from n/a through <= 5.0.0.
- risk 0.35cvss 5.4epss 0.00
A vulnerability in the web-based management interface of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to conduct a stored XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by…
- risk 0.35cvss 5.4epss 0.01
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Ella Van Durpe Slides & Presentations slide allows Code Injection.This issue affects Slides & Presentations: from n/a through <= 0.0.39.
- risk 0.35cvss 5.4epss 0.00
Cross Site Scripting vulnerability in Eskooly Web Product v.3.0 and before allows a remote attacker to execute arbitrary code via the message sending and user input fields.
- risk 0.35cvss 5.4epss 0.00
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in ARI Soft ARI Stream Quiz allows Code Injection.This issue affects ARI Stream Quiz: from n/a through 1.3.2.
- risk 0.35cvss 5.4epss 0.00
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in WP Darko Responsive Tabs allows Code Injection.This issue affects Responsive Tabs: from n/a before 4.0.6.