Description
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters that could be interpreted as web-scripting elements when they are sent to an error page.
CVE vulnerabilities with CWE-81 (9)
10.0
CVSS
CRITICAL
CVE-2022-4361
pub. 2023-07-07
8.1
CVSS
HIGH
CVE-2022-4137
pub. 2023-09-25
6.3
CVSS
MEDIUM
CVE-2025-24344
pub. 2025-04-30
6.3
CVSS
MEDIUM
CVE-2024-47064
pub. 2024-09-30
6.1
CVSS
MEDIUM
CVE-2026-41568
pub. 2026-06-12
6.1
CVSS
MEDIUM
CVE-2024-6892
pub. 2024-08-08
6.1
CVSS
MEDIUM
CVE-2019-25027
pub. 2021-04-23
5.9
CVSS
MEDIUM
CVE-2024-47882
pub. 2024-10-24
2.1
CVSS
LOW
CVE-2025-0883
pub. 2025-03-12