Weaknesses of type CWE-80
543 resultsCVE-2020-13562CRITICALA cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbEPSS 77.7%CVE-2022-21145CRITICALA stored cross-site scripting vulnerability exists in the WebUserActions.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-cEPSS 77.2%CVE-2020-13965MEDIUMAn issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. There is XSS via a malicious XML attachment because text/EPSS 76.6%KEVCVE-2020-13564CRITICALA cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbEPSS 75.9%CVE-2020-13563CRITICALA cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbEPSS 75.9%CVE-2024-4439HIGHWordPress Core is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar block in various versions up to 6.5.2 due tEPSS 70.8%CVE-2022-36094HIGHXWiki Platform Web Parent POM vulnerable to XSS in the attachment historyEPSS 64.1%CVE-2025-30676MEDIUMApache OFBiz: Stored XSS VulnerabilityEPSS 59.5%CVE-2022-36096HIGHXWiki Platform vulnerable to Cross-site Scripting in the deleted attachments listEPSS 59.5%CVE-2022-36097HIGHXWiki Platform Attachment UI vulnerable to cross-site scripting in the move attachment formEPSS 57.4%CVE-2024-39363CRITICALA cross-site scripting (xss) vulnerability exists in the login.cgi set_lang_CountryCode() functionality of Wavlink AC3000 M33A8.V5030.210505EPSS 48.1%CVE-2024-57004MEDIUMCross-Site Scripting (XSS) vulnerability in Roundcube Webmail 1.6.9 allows remote authenticated users to upload a malicious file as an emailEPSS 27.8%CVE-2024-32484HIGHAn reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04. A specially crafted flasEPSS 24.4%CVE-2018-19953MEDIUMIf exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed the issuEPSS 23.9%KEVCVE-2018-19943HIGHIf exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed these isEPSS 17.7%KEVCVE-2024-37732HIGHCross Site Scripting vulnerability in Anchor CMS v.0.12.7 allows a remote attacker to execute arbitrary code via a crafted .pdf file.EPSS 16.0%CVE-2025-30161HIGHOpenEMR Stored XSS in OpenEMR Bronchitis FormEPSS 6.3%CVE-2025-4278HIGHImproper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in GitLabEPSS 6.1%CVE-2016-9500—The Accellion FTP server prior to version FTA_9_12_220 is vulnerable to informaiton exposureEPSS 5.4%CVE-2021-39348MEDIUMLearnPress – WordPress LMS Plugin <= 4.1.3.1 Authenticated Stored Cross-Site ScriptingEPSS 5.0%