By weakness (CWE)
CWE-80: related vulnerabilities
CVEs classified under CWE-80. Understanding the weakness class helps prioritize systemic fixes over one-off patches.
2 published vulnerabilities
- CVE-2026-34033MEDIUM 5.4
Apache Answer contains a cross-site scripting (XSS) vulnerability in its notification email system. When authenticated users include content in certain fields, that content reaches other users' inboxes without proper HTML escaping, potentially allowing injection of malicious scripts. An attacker with valid credentials could craft messages designed to execute code when recipients open their emails or click embedded links. This affects Apache Answer versions through 2.0.0.
- CVE-2026-11511LOW 3.5
Bolt CMS versions up to 3.7.5 contain a vulnerability in how it handles HTML attributes within text fields. An authenticated attacker can manipulate the 'style' argument to inject arbitrary HTML code, potentially affecting the visual presentation or behavior of a web page. The vulnerability requires user interaction (a user must view the injected content) and authentication, limiting its immediate risk. However, because Bolt CMS is no longer actively maintained, affected organizations should plan transitions away from this platform.