CWE-85— Doubled Character XSS Manipulations
The web application does not filter user-controlled input for executable script disguised using doubling of the involved characters.— MITRE CWE catalog
2 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-85page 1 of 1
- CVE-2022-41676MEDIUMCVSS 5.4EG 5.42022-11-29
Raiden MAILD Mail Server website mail field has insufficient filtering for user input. A remote attacker with general user privilege can send email using the website with malicious JavaScript in the input field, which triggers XSS (Reflect…
- CVE-2024-13721MEDIUMCVSS 6.4EG 6.42025-01-25
The Plethora Plugins Tabs + Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the anchor parameter in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This …
Map vulnerabilities like CWE-85 to your infrastructure
EchelonGraph correlates every CVE — across CWE-85 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →