CWE-87: Improper Neutralization of Alternate XSS Syntax
low-riskThe product does not neutralize or incorrectly neutralizes user-controlled input for alternate script syntax.
Abstraction: Variant
Common Consequences
Confidentiality
→
Read Application Data
Real-World Examples (10)
| CVE | CVSS | EPSS | KEV |
|---|---|---|---|
| CVE-2023-35161 | 9.6 | 15.6% | — |
| CVE-2023-35156 | 9.6 | 12.1% | — |
| CVE-2023-35160 | 9.6 | 12.1% | — |
| CVE-2023-35158 | 9.6 | 11.2% | — |
| CVE-2023-35159 | 9.6 | 5.1% | — |
| CVE-2024-3519 | 6.1 | 2.0% | — |
| CVE-2022-36033 | 6.1 | 1.6% | — |
| CVE-2020-5298 | 4.0 | 0.8% | — |
| CVE-2024-43381 | 5.0 | 0.7% | — |
| CVE-2024-25640 | 4.6 | 0.5% | — |
7
/ 100
low-risk
Active Threat
7/50 · Minimal
Exploit Availability
0/50 · Minimal