Vulnerabilities (CVE)

Filtered by CWE-79
Total 37098 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-9229 1 Imagely 1 Nextgen Gallery 2025-04-20 3.5 LOW 4.8 MEDIUM
In the nggallery-manage-gallery page in the Photocrati NextGEN Gallery plugin 2.1.15 for WordPress, XSS is possible for remote authenticated administrators via the images[1][alttext] parameter.
CVE-2016-1217 1 Cybozu 1 Garoon 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the "Check available times" function in Cybozu Garoon before 4.2.2.
CVE-2017-7723 1 Wp-ecommerce 1 Easy Wp Smtp 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
XSS exists in Easy WP SMTP (before 1.2.5), a WordPress Plugin, via the e-mail subject or body.
CVE-2017-9623 1 Epesi 1 Epesi 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted country data.
CVE-2017-5833 1 Revive-adserver 1 Revive Adserver 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the invocation code generation for interstitial zones in Revive Adserver before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
CVE-2017-5003 2 Emc, Rsa 3 Rsa Identity Governance And Lifecycle, Rsa Identity Management And Governance, Rsa Via Lifecycle And Governance 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7.0 (all patch levels); and RSA Identity Management and Governance (IMG) version 6.9.1 (all patch levels) have Reflected Cross Site Scripting vulnerabilities that could potentially be exploited by malicious users to compromise an affected system.
CVE-2016-4880 1 Basercms 1 Basercms 2025-04-20 3.5 LOW 5.4 MEDIUM
Cross-site scripting vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2017-2284 1 Code-atlantic 1 Popup Maker 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability in Popup Maker prior to version 1.6.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2017-11296 1 Adobe 1 Experience Manager 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. A cross-site scripting vulnerability in Apache Sling Servlets Post 2.3.20 has been resolved in Adobe Experience Manager.
CVE-2017-9419 1 Webhammer 1 Wp Custom Fields Search 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the Webhammer WP Custom Fields Search plugin 0.3.28 for WordPress allows remote attackers to inject arbitrary JavaScript via the cs-all-0 parameter.
CVE-2017-5876 1 Dotcms 1 Dotcms 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack against the /news-events/events date parameter.
CVE-2017-11744 1 Modx 1 Modx Revolution 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
In MODX Revolution 2.5.7, the "key" and "name" parameters in the System Settings module are vulnerable to XSS. A malicious payload sent to connectors/index.php will be triggered by every user, when they visit this module.
CVE-2017-2194 1 Ipa 1 Icodechecker 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability in Source code security studying tool iCodeChecker allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-9371 1 Moxa 51 Nport 5100 Series Firmware, Nport 5100a Series Firmware, Nport 5110 and 48 more 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPort 5600 Series versions prior to 3.7, NPort 5100A Series & NPort P5150A versions prior to 1.3, NPort 5200A Series versions prior to 1.3, NPort 5150AI-M12 Series versions prior to 1.2, NPort 5250AI-M12 Series versions prior to 1.2, NPort 5450AI-M12 Series versions prior to 1.2, NPort 5600-8-DT Series versions prior to 2.4, NPort 5600-8-DTL Series versions prior to 2.4, NPort 6x50 Series versions prior to 1.13.11, NPort IA5450A versions prior to v1.4. User-controlled input is not neutralized before being output to web page (CROSS-SITE SCRIPTING).
CVE-2017-1098 1 Ibm 1 Emptoris Supplier Lifecycle Management 2025-04-20 3.5 LOW 5.4 MEDIUM
IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120658.
CVE-2017-2164 1 N-i-agroinformatics 1 Soy Cms 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability in SOY CMS with installer 1.8.12 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-7562 1 Teampass 1 Teampass 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) label value of an item or (2) name of a role.
CVE-2015-4721 1 Concretecms 1 Concrete Cms 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in Concrete5 5.7.3.1.
CVE-2017-5584 1 Paloaltonetworks 1 Pan-os 2025-04-20 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in the Management Web Interface in Palo Alto Networks PAN-OS 5.1, 6.x before 6.1.16, 7.0.x before 7.0.13, and 7.1.x before 7.1.8 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-8232 1 Ibm 3 Advanced Management Module, Advanced Management Module Firmware, Bladecenter 2025-04-20 4.3 MEDIUM 6.1 MEDIUM
Document Object Model-(DOM) based cross-site scripting vulnerability in the Advanced Management Module (AMM) versions earlier than 66Z of Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 allows an unauthenticated attacker with access to the AMM's IP address to send a crafted URL that could inject a malicious script to access a user's AMM data such as cookies or other session information.