CWE-80: CWE-80
Yearly Trend
Top Affected Vendors
All CWE-80 CVEs (132)
An improper input validation vulnerability in Zoom Desktop Client for Windows allows unauthenticated attackers to escalate privileges via network acce...
Aug 8, 2023CVE-2024-52300 is a cross-site scripting (XSS) vulnerability in the macro-pdfviewer component for XWiki that allows attackers to inject malicious scri...
Nov 13, 2024This XWiki vulnerability allows attackers to inject and execute JavaScript code in the context of higher-privileged users by creating edit conflicts. ...
Jul 31, 2024A Cross-Site Scripting (XSS) vulnerability in Checkmk's distributed monitoring allows a compromised remote monitoring site to inject malicious HTML/Ja...
Oct 30, 2025An unauthenticated cross-site scripting (XSS) vulnerability exists in Norman's public API endpoint, allowing attackers to inject and execute malicious...
Oct 16, 2024CVE-2024-23841 is a cross-site scripting vulnerability in the @apollo/experimental-apollo-client-nextjs NPM package that allows attackers to execute a...
Jan 30, 2024This CVE describes a stored cross-site scripting (XSS) vulnerability in HedgeDoc's YAML metadata processing. Attackers with write access to notes can ...
May 19, 2021A reflected cross-site scripting (XSS) vulnerability in Desktop Alert PingAlert versions 6.1.0.11 through 6.1.1.2 allows attackers to inject malicious...
Nov 14, 2025CVE-2021-27915 is a cross-site scripting (XSS) vulnerability in Mautic's description fields that allows authenticated users with appropriate permissio...
Sep 17, 2024This vulnerability allows stored cross-site scripting (XSS) in OpenProject's Cost Report feature via misconfigured tablesorter dependency. Attackers w...
May 23, 2024The NS WooCommerce Watermark WordPress plugin through version 2.11.3 contains a vulnerability that allows unprivileged users to load images from malic...
Apr 11, 2022A reflected cross-site scripting (XSS) vulnerability in Anki's Flask server allows attackers to execute arbitrary JavaScript by tricking users into op...
Jul 22, 2024This vulnerability allows cross-site scripting (XSS) attacks in MediaWiki due to improper handling of the escape character (0x1b) in comment parsing. ...
May 5, 2024This Cross-Site Scripting (XSS) vulnerability in CMSimple v5.15 allows attackers to inject malicious scripts into the Settings menu's Logout parameter...
May 1, 2024This stored XSS vulnerability in YAPI's Advanced Expectation-Response module allows attackers to inject malicious scripts that execute when users view...
Apr 30, 2024This CVE describes a cross-site scripting (XSS) vulnerability in XWiki Platform Filter UI that allows attackers to inject malicious scripts into form ...
May 31, 2022This CVE describes a cross-site scripting (XSS) vulnerability in XWiki Platform's Flamingo Theme UI. Attackers can inject malicious scripts via the 'n...
May 25, 2022This CVE describes an HTML injection vulnerability in a Controller's user interface settings. Attackers can inject malicious HTML to create fake login...
Oct 4, 2023The Cookie Notice & Consent WordPress plugin up to version 1.6.5 has a stored XSS vulnerability in the uuid parameter. Unauthenticated attackers can i...
Oct 9, 2025The Tripetto WordPress plugin (versions up to 8.0.9) has a stored XSS vulnerability in attachment uploads due to insufficient input sanitization. Unau...
Mar 15, 2025The Super Testimonials WordPress plugin has a stored XSS vulnerability in the 'st_user_title' parameter that allows unauthenticated attackers to injec...
Feb 18, 2025WordPress Core has a stored XSS vulnerability in the Avatar block that allows attackers to inject malicious scripts via user display names. Authentica...
May 3, 2024The WP Photo Album Plus WordPress plugin contains a reflected cross-site scripting vulnerability in the 'shortcode' parameter that allows unauthentica...
Jan 7, 2026A reflected cross-site scripting (XSS) vulnerability exists in Astro web framework when using server islands feature. Attackers can inject malicious s...
Nov 19, 2025This Cross-Site Scripting (XSS) vulnerability in the WordPress TableOn plugin allows attackers to inject malicious scripts into web pages. It affects ...
Nov 6, 2025This vulnerability allows attackers to inject malicious scripts into web pages through the Aviplugins Videos WordPress plugin. When exploited, it enab...
Apr 4, 2025This is a reflected cross-site scripting (XSS) vulnerability in the Improve My City WordPress plugin that allows attackers to inject malicious scripts...
Mar 28, 2025An authenticated user in Apache Atlas can inject malicious scripts (XSS) that execute in other users' browsers, potentially allowing impersonation of ...
Feb 13, 2025This vulnerability allows attackers to inject malicious scripts into web pages served by the EU/UK VAT Manager for WooCommerce WordPress plugin. When ...
Oct 20, 2024This vulnerability in Firefox for iOS allows attackers to execute JavaScript on bookmarked AMP pages by manipulating canonical URLs. It affects Firefo...
Feb 22, 2024This vulnerability allows cross-site scripting (XSS) attacks in Kirby CMS Panel's ListItem component. Authenticated Panel users can escalate privilege...
Jul 2, 2021An HTML injection vulnerability in Evolution Consulting's HRmaster module v235 allows attackers to inject malicious HTML tags into the 'keresztnév' (...
Aug 21, 2025This vulnerability allows authenticated users with 'aaConfigTools' privileges to inject malicious scripts into App Objects' help files during configur...
Nov 15, 2025This vulnerability allows authenticated administrators in Bagisto v2.3.7 to upload malicious HTML files containing JavaScript through the TinyMCE imag...
Oct 16, 2025A stored cross-site scripting (XSS) vulnerability in the BIG-IQ Configuration utility allows authenticated administrators to inject malicious JavaScri...
Oct 16, 2024A stored cross-site scripting (XSS) vulnerability in Desktop Alert PingAlert Application Server versions 6.1.0.11 through 6.1.1.2 allows attackers to ...
Nov 14, 2025GLPI versions 9.1.0 through 10.0.18 contain a vulnerability in the planning feature that allows unauthenticated attackers to craft malicious links for...
Jul 30, 2025This vulnerability allows attackers to inject malicious scripts into Cal.com web pages, which execute when other users view those pages. It affects al...
Mar 31, 2025This stored cross-site scripting (XSS) vulnerability in the Better Section Navigation Widget WordPress plugin allows attackers to inject malicious scr...
Mar 28, 2025An authenticated stored cross-site scripting (XSS) vulnerability in The Plugin People Enterprise Mail Handler for Jira Data Center (JEMH) allows attac...
Mar 13, 2025This stored cross-site scripting (XSS) vulnerability in the Ketchup Shortcodes WordPress plugin allows attackers to inject malicious scripts that exec...
Jan 24, 2025This vulnerability allows attackers to inject malicious scripts into web pages using the Responsive Slick Slider WordPress plugin. When exploited, it ...
Jun 4, 2024The Bold Page Builder WordPress plugin has a stored XSS vulnerability in its 'bt_bb_tabs' shortcode. Authenticated attackers with contributor-level ac...
Feb 7, 2026This vulnerability allows authenticated WordPress users with Contributor-level access or higher to inject malicious scripts into pricing tables via th...
Jan 7, 2026This vulnerability allows authenticated WordPress users with Contributor-level access or higher to inject malicious scripts into web pages using the V...
Nov 18, 2025This vulnerability allows authenticated WordPress users with Contributor-level access or higher to inject malicious JavaScript into website pages via ...
Nov 18, 2025The Chart Expert WordPress plugin has a stored XSS vulnerability in the 'pmzez_chart' shortcode that allows authenticated attackers with contributor-l...
Nov 11, 2025This stored XSS vulnerability in the Ad Inserter WordPress plugin allows authenticated attackers with contributor-level access or higher to inject mal...
Nov 5, 2025The Visual Link Preview WordPress plugin up to version 2.2.7 has a stored XSS vulnerability in its shortcode functionality. Authenticated attackers wi...
Nov 5, 2025This stored XSS vulnerability in the ShopLentor WooCommerce Builder plugin allows authenticated attackers with Contributor access or higher to inject ...
Oct 25, 2025About CWE-80 (CWE-80)
Our database tracks 132 CVEs classified as CWE-80, with 3 rated critical and 29 rated high severity. The average CVSS score for CWE-80 vulnerabilities is 6.1.
External reference: View CWE-80 on MITRE CWE →
Monitor CWE-80 Vulnerabilities
Get alerted when new CWE-80 CVEs affect your infrastructure.
Start Monitoring Free