CWE-87— Improper Neutralization of Alternate XSS Syntax
The product does not neutralize or incorrectly neutralizes user-controlled input for alternate script syntax.— MITRE CWE catalog
52 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-87page 2 of 2
- CVE-2026-55237HIGHCVSS 8.8EG 8.82026-06-18
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions prior to 0.6.62 have a DOM-based Cross-Site Scripting (XSS) vulnerability in AutoGPT's signup page. The app…
- CVE-2026-55661MEDIUMCVSS 4.8EG 4.82026-06-18
Tina is a headless content management system. In versions prior to @tinacms/mdx 2.1.7 and tinacms 3.9.3, rich-text parsing and the default link/image renderers did not sanitize the url field on Slate link/image nodes. Content containing …
Map vulnerabilities like CWE-87 to your infrastructure
EchelonGraph correlates every CVE — across CWE-87 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →