Falhas do tipo CWE-80
551 resultadosCVE-2025-8029HIGHjavascript: URLs executed on object and embed tagsEPSS 0.3%CVE-2019-18944MEDIUMMicro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to reflected XSS.EPSS 0.3%CVE-2026-25578MEDIUMNavidrome is vulnerable to XSS via comment from song metadataEPSS 0.3%CVE-2026-33080HIGHFilament: Unvalidated Range and Values summarizer values can be used for XSSEPSS 0.3%CVE-2024-13497HIGHWordPress form builder plugin for contact forms, surveys and quizzes – Tripetto <= 8.0.9 - Unauthenticated Stored Cross-Site ScriptingEPSS 0.3%CVE-2025-57928MEDIUMWordPress AWP Classifieds plugin <= 4.4.3 - Content Injection vulnerabilityEPSS 0.3%CVE-2024-35112MEDIUMIBM Control Center cross-site scriptingEPSS 0.3%CVE-2024-37156MEDIUMTokenController formName not sanitized in hidden inputEPSS 0.3%CVE-2026-22469MEDIUMWordPress DeepDigital theme <= 1.0.2 - Arbitrary Shortcode Execution vulnerabilityEPSS 0.3%CVE-2023-47869MEDIUMWordPress wpForo plugin <= 2.2.5 - Broken Access Control + CSRF vulnerabilityEPSS 0.3%CVE-2023-45053MEDIUMWordPress WP Content Pilot plugin <= 1.3.3 - HTML Injection vulnerabilityEPSS 0.3%CVE-2025-39524MEDIUMWordPress Html5 Audio Player plugin <= 2.2.28 - Cross Site Scripting (XSS) VulnerabilityEPSS 0.3%CVE-2023-46310MEDIUMWordPress wpDiscuz plugin <= 7.6.10 - Content Injection vulnerabilityEPSS 0.3%CVE-2024-5741MEDIUMXSS in inventory viewEPSS 0.3%CVE-2023-23735MEDIUMWordPress Spectra – WordPress Gutenberg Blocks plugin <= 2.3.0 - Unauthenticated Email HTML Injection VulnerabilityEPSS 0.3%CVE-2026-43938HIGHYAF.NET: Unauthenticated Stored Second-Order XSS in Admin Event Log via Reflected `User-Agent` HeaderEPSS 0.3%CVE-2024-42195LOWHCL DevOps Deploy / HCL Launch is vulnerable to HTML injectionEPSS 0.3%CVE-2026-40872CRITICALmailcow: dockerized vulnerable to stored XSS in autodiscover logs email address fieldEPSS 0.3%CVE-2025-23392MEDIUMReflected XSS in SystemsController.java in spacewalk-javaEPSS 0.3%CVE-2025-0276MEDIUMHCL BigFix Modern Client Management (MCM) is affected by an insecure Content Security Policy (CSP)EPSS 0.3%