CWE · MITRE source
CWE-83Improper Neutralization of Script in Attributes in a Web Page
The product does not neutralize or incorrectly neutralizes "javascript:" or other URIs from dangerous attributes within tags, such as onmouseover, onload, onerror, or style.
Last updated: 09 May 2026 03:25 UTC
NIST 800-53 r5 controls that address this weakness (0)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
| No NIST controls proposed yet. | |||
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2023-32070 | 2.1 | 9.0 | 0.0466 | 2023-05-10 |
CVE-2023-37908 | 1.9 | 9.0 | 0.0146 | 2023-10-25 |
CVE-2025-58746 | 1.8 | 9.0 | 0.0004 | 2025-09-08 |
CVE-2024-26283 | 1.6 | 7.8 | 0.0013 | 2024-02-22 |
CVE-2024-52595 | 1.6 | 7.7 | 0.0050 | 2024-11-19 |
CVE-2025-4615 | 1.4 | 7.2 | 0.0006 | 2025-10-09 |
CVE-2024-9103 | 1.2 | 6.1 | 0.0016 | 2025-03-24 |
CVE-2025-67163 | 1.2 | 6.1 | 0.0012 | 2025-12-18 |
CVE-2022-39262 | 1.1 | 5.2 | 0.0033 | 2022-11-03 |
CVE-2026-23516 | 1.1 | 5.4 | 0.0004 | 2026-01-21 |
CVE-2023-30958 | 1.0 | 4.7 | 0.0020 | 2023-08-03 |
CVE-2026-22849 | 1.0 | 4.8 | 0.0005 | 2026-01-21 |
CVE-2020-14525 | 0.7 | 3.5 | 0.0008 | 2020-09-18 |
CVE-2025-27145 | 0.7 | 3.6 | 0.0030 | 2025-02-25 |
CVE-2025-0125 | 0.0 | 0.0 | 0.0054 | 2025-04-11 |
CVE-2025-0137 | 0.0 | 0.0 | 0.0037 | 2025-05-14 |
CVE-2025-11682 | 0.0 | 0.0 | 0.0001 | 2025-10-27 |