CWE-80: CWE-80
Yearly Trend
Top Affected Vendors
All CWE-80 CVEs (132)
This Cross-Site Scripting (XSS) vulnerability in Everest Forms WordPress plugin allows attackers to inject malicious scripts into web pages. It affect...
Feb 19, 2026This Cross-Site Scripting (XSS) vulnerability in the DeepDigital WordPress theme allows attackers to inject malicious scripts into web pages. It affec...
Jan 22, 2026This is a cross-site scripting (XSS) vulnerability in the Norebro Extra WordPress plugin that allows attackers to inject malicious scripts into web pa...
Dec 16, 2025This vulnerability allows attackers to inject malicious scripts into web pages using the Contact Form 7 Dynamic Text Extension WordPress plugin. When ...
Dec 9, 2025This Cross-Site Scripting (XSS) vulnerability in the XStore WordPress theme allows attackers to inject malicious scripts into web pages. It affects al...
Sep 26, 2025This vulnerability allows attackers to inject malicious scripts into web pages using the Cozy Blocks WordPress plugin. It affects all WordPress sites ...
Sep 22, 2025This Cross-Site Scripting (XSS) vulnerability in the AWP Classifieds WordPress plugin allows attackers to inject malicious scripts into web pages. It ...
Sep 22, 2025A HTML injection vulnerability in PHPGurukul User Registration & Login and User Management System V3.3 allows remote attackers to inject arbitrary HTM...
Mar 13, 2025This vulnerability allows attackers to inject malicious scripts into web forms created with the ARForms Form Builder WordPress plugin. When exploited,...
Dec 9, 2024This vulnerability allows attackers to inject malicious HTML/JavaScript code into Spectra WordPress plugin pages through unauthenticated email input. ...
Jun 3, 2024This vulnerability allows attackers to inject malicious scripts into web pages using the CP Polls WordPress plugin. When exploited, it can lead to cro...
May 17, 2024This vulnerability allows HTML injection through JetBrains IntelliJ IDEA's Remote Development feature, enabling attackers to inject malicious HTML con...
Aug 20, 2025This Cross-Site Scripting (XSS) vulnerability in spacewalk-java allows attackers to inject malicious JavaScript into web pages. When exploited, it can...
May 27, 2025This CVE describes a basic cross-site scripting (XSS) vulnerability in spacewalk-java that allows attackers to inject and execute arbitrary JavaScript...
May 26, 2025An authenticated cross-site scripting (XSS) vulnerability in Cisco ISE and ISE-PIC web management interfaces allows attackers with administrative cred...
Jan 15, 2026IBM Aspera Shares versions 1.9.0 through 1.10.0 PL6 are vulnerable to HTML injection, allowing attackers to inject malicious HTML that executes in vic...
Feb 5, 2025This vulnerability allows authenticated users with Global Settings permissions to inject malicious HTML/JavaScript into the Crash Report URL field, cr...
Jun 25, 2024This vulnerability allows attackers to inject malicious scripts into WP Recipe Maker web pages through improper HTML tag neutralization. It affects Wo...
Oct 27, 2025This CSRF vulnerability in WordPress Automatic Plugin allows attackers to trick administrators into performing unauthorized actions, potentially injec...
Aug 26, 2025HCL Unica MaxAI Assistant has a HTML injection vulnerability where attackers can inject malicious HTML/JavaScript that executes in users' browsers. Th...
Oct 12, 2025HCL MyXalytics v6.6 has an HTML injection vulnerability where untrusted input isn't properly sanitized before being included in web output. This allow...
Oct 3, 2025The Key Figures WordPress plugin has a stored XSS vulnerability that allows administrators to inject malicious scripts into pages. When users visit co...
Jan 7, 2026The Amazon affiliate lite WordPress plugin has a stored XSS vulnerability in admin settings that allows authenticated administrators to inject malicio...
Dec 20, 2025OctoPrint versions 1.11.3 and below contain a cross-site scripting (XSS) vulnerability in Action Command notifications and prompts. An attacker can cr...
Nov 7, 2025This CVE describes a cross-site scripting (XSS) vulnerability in the Textmetrics WordPress plugin that allows attackers to inject malicious scripts in...
Jan 23, 2026This vulnerability allows attackers to inject malicious HTML/JavaScript into Tutor LMS web pages through improper input sanitization. It affects all W...
Apr 10, 2025This vulnerability allows attackers to inject malicious scripts into wpForo Forum WordPress plugin pages through improper HTML tag neutralization. It ...
Dec 9, 2024This vulnerability in EZ-Suite EZ-Partner 5 allows attackers to inject malicious scripts via the Forgot Password Handler component, leading to basic c...
Jun 20, 2024CVE-2024-34398 is a stored HTML injection vulnerability in BMC Remedy Mid Tier 7.6.04 that allows authenticated attackers to inject malicious HTML con...
Mar 12, 2025ERPNext versions through 15.88.1 fail to sanitize HTML <a> tags in plain text fields, allowing attackers to inject clickable links into generated PDF ...
Feb 3, 2026SAP BusinessObjects Business Intelligence Platform (Web Intelligence) has an HTML injection vulnerability that allows authenticated users to inject ma...
Jul 8, 2025OpenProject versions before 16.6.7 and 17.0.3 contain an HTML injection vulnerability in the time tracking function. An attacker with administrator pr...
Feb 6, 2026About CWE-80 (CWE-80)
Our database tracks 132 CVEs classified as CWE-80, with 3 rated critical and 29 rated high severity. The average CVSS score for CWE-80 vulnerabilities is 6.1.
External reference: View CWE-80 on MITRE CWE →
Monitor CWE-80 Vulnerabilities
Get alerted when new CWE-80 CVEs affect your infrastructure.
Start Monitoring Free