"The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as <, >, and & that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages." - Entry from the Common Weakness Enumeration
For more info visit <a href="https://cwe.mitre.org/data/definitions/80.html" target="_blank" rel="noopener noreferrer">CWE-80</a>
The Vulnerability History Project