CWE-84 is a common weakness enumeration in software security. This database tracks 14 CVE vulnerabilities classified under this weakness type.

How many CVEs are classified as CWE-84?

There are 14 CVE vulnerabilities classified as CWE-84 with an average CVSS score of 5.6071428571429.

What is the severity distribution for CWE-84?

CWE-84 contains 0 critical, 1 high, 12 medium, and 1 low severity vulnerabilities.

CWE-84

Total CVEs

Vulnerabilities

Avg CVSS v3

5.6

Medium

Avg CVSS v2

4.3

Medium

Latest CVE

2025

Most Recent

Severity Distribution

Critical 0

High 1

7.1%

Medium 12

85.7%

Low 1

7.1%

External References

MITRE CWE

Official CWE definition

NIST NVD

Search CVEs by CWE

All CVEs (14)

Page 1 of 1

CVE-2022-40181

HIGH

CVSS:8.3(High)

A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo PXM30.E (All versions < V02.20.126.11-41), Desigo PXM40-1 (All versions < V02.20.126.11-41), Desigo PXM4...

CWE-842022

CVE-2024-45045

MEDIUM

CVSS:6.1(Medium)

Collabora Online is a collaborative online office suite based on LibreOffice technology. In the mobile (Android/iOS) device variants of Collabora Online it was possible to inject JavaScript via url en...

CWE-842024

CVE-2021-3824

MEDIUM

CVSS:6.1(Medium)

OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to inject arbitrary web script or HTML via the web login page URL.

CWE-842021

CVE-2020-7011

MEDIUM

CVSS:6.1(Medium)

Elastic App Search versions before 7.7.0 contain a cross site scripting (XSS) flaw when displaying document URLs in the Reference UI. If the Reference UI injects a URL into a result, that URL will be ...

CWE-842020

CVE-2025-25334

MEDIUM

CVSS:5.5(Medium)

An issue in Suning Commerce Group Suning EMall iOS 9.5.198 allows attackers to access sensitive user information via supplying a crafted link.

CWE-842025

CVE-2025-25331

MEDIUM

CVSS:5.5(Medium)

An issue in Beitatong Technology LianJia iOS 9.83.50 allows attackers to access sensitive user information via supplying a crafted link.

CWE-842025

CVE-2025-25330

MEDIUM

CVSS:5.5(Medium)

An issue in Boohee Technology Boohee Health iOS 13.0.13 allows attackers to access sensitive user information via supplying a crafted link.

CWE-842025

CVE-2025-25329

MEDIUM

CVSS:5.5(Medium)

An issue in Tencent Technology (Beijing) Company Limited Tencent MicroVision iOS 8.137.0 allows attackers to access sensitive user information via supplying a crafted link.

CWE-842025

CVE-2025-25326

MEDIUM

CVSS:5.5(Medium)

An issue in Merchants Union Consumer Finance Company Limited Merchants Union Finance iOS 6.19.0 allows attackers to access sensitive user information via supplying a crafted link.

CWE-842025

CVE-2025-25325

MEDIUM

CVSS:5.5(Medium)

An issue in Yibin Fengguan Network Technology Co., Ltd YuPao DirectHire iOS 8.8.0 allows attackers to access sensitive user information via supplying a crafted link.

CWE-842025

CVE-2025-25324

MEDIUM

CVSS:5.5(Medium)

An issue in Shandong Provincial Big Data Center AiShanDong iOS 5.0.0 allows attackers to access sensitive user information via supplying a crafted link.

CWE-842025

CVE-2025-25323

MEDIUM

CVSS:5.5(Medium)

An issue in Qianjin Network Information Technology (Shanghai) Co., Ltd 51Job iOS 14.22.0 allows attackers to access sensitive user information via supplying a crafted link.

CWE-842025

CVE-2023-30959

MEDIUM

CVSS:5.4(Medium)

In Apollo change requests, comments added by users could contain a javascript URI link that when rendered will result in an XSS that require user interaction.

CWE-842023

CVE-2024-42184

LOW

CVSS:2.5(Low)

BigFix Patch Download Plug-ins are affected by insecure support for file URI scheme. It could allow a malicious operator to attempt to download files using the file:// URI scheme.

CWE-842024