CWE-81— Improper Neutralization of Script in an Error Message Web Page
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters that could be interpreted as web-scripting elements when they are sent to an error page.— MITRE CWE catalog
9 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-81page 1 of 1
- CVE-2019-25027MEDIUMCVSS 6.1EG 6.12021-04-23
Missing output sanitization in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.10 (Vaadin 10.0.0 through 10.0.13), and 1.1.0 through 1.4.2 (Vaadin 11.0.0 through 13.0.5) allows attacker to execute malic…
- CVE-2022-4137HIGHCVSS 8.1EG 8.12023-09-25
A reflected cross-site scripting (XSS) vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a …
- CVE-2022-4361CRITICALCVSS 10.0EG 10.02023-07-07
Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionCo…
- CVE-2024-47064MEDIUMCVSS 6.1EG 6.12024-09-30
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. If an attacker can trick a logged-in CVAT user into visiting a maliciously-constructed URL, they can initiate any API calls on th…
- CVE-2024-47882MEDIUMCVSS 5.9EG 5.92024-10-24
OpenRefine is a free, open source tool for working with messy data. Prior to version 3.8.3, the built-in "Something went wrong!" error page includes the exception message and exception traceback without escaping HTML tags, enabling injecti…
- CVE-2024-6892MEDIUMCVSS 6.1EG 6.12024-08-08
Attackers can craft a malicious link that once clicked will execute arbitrary JavaScript in the context of the Journyx web application.
- CVE-2025-0883LOWCVSS 2.1EG 2.12025-03-12
Improper Neutralization of Script in an Error Message Web Page vulnerability in OpenText™ Service Manager. The vulnerability could reveal sensitive information retained by the browser. This issue affects Service Manager: 9.70, 9.71, …
- CVE-2025-24344MEDIUMCVSS 6.3EG 6.32025-04-30
A vulnerability in the error notification messages of the web application of ctrlX OS allows a remote unauthenticated attacker to inject arbitrary HTML tags and, possibly, execute arbitrary client-side code in the context of another user's…
- CVE-2026-41568MEDIUMCVSS 6.1EG 6.12026-05-18
Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious…
Map vulnerabilities like CWE-81 to your infrastructure
EchelonGraph correlates every CVE — across CWE-81 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →