CVEs classified under CWE-83, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2023-32070 — CVSS 9.0 (critical): XWiki Platform is a generic wiki platform. Prior to version 14.6-rc-1, HTML rendering didn't check for dangerous attributes/attribute…
CVE-2024-26283 — CVSS 7.8 (high): An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom…
CVE-2025-4615 — CVSS 7.2 (high): An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables an…
CVE-2025-0125: An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables a…
CVE-2026-53841 — CVSS 6.1 (medium): OpenClaw before 2026.5.12 contains a cross-site scripting vulnerability in exported session HTML that preserves unsafe javascript: and…
CVE-2024-9103 — CVSS 6.1 (medium): Improper Neutralization of Script in Attributes in a Web Page vulnerability in Forcepoint Email Security (Blocked Messages module) allows…
CVE-2026-45669 — CVSS 5.4 (medium): Nuxt is an open-source web development framework for Vue.js. From versions 3.4.3 to before 3.21.6 and 4.0.0-alpha.1 to before 4.4.6…
CVE-2026-8245 — CVSS 5.4 (medium): Concrete CMS 9.5.0 and below is vulnerable to Reflected XSS in Legacy Pagination via HTML attribute injection. Concrete\Core\Legacy\Paginati…
CVE-2026-48591: Improper Neutralization of Script in Attributes in a Web Page vulnerability in pragdave earmark allows stored cross-site scripting via…
CVE-2025-0137: An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables a…
CVE-2020-14525 — CVSS 3.5 (low): Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, does not neutralize or incorrectly neutralizes user-controllable input…