Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-79
Total 37843 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-6726 1 Ibm 1 Tririga Application Platform 2025-04-12 3.5 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in WebProcess.srv in IBM TRIRIGA Application Platform 3.2.x and 3.3.x before 3.3.1.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-2888 1 Ibm 1 Jazz Reporting Service 2025-04-12 4.3 MEDIUM 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0313 and CVE-2016-0350.
CVE-2016-6641 1 Emc 1 Vipr Srm 2025-04-12 3.5 LOW 7.6 HIGH
Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-5276 1 Pro Chat Rooms 1 Text Chat Rooms 2025-04-12 3.5 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in Pro Chat Rooms Text Chat Rooms 8.2.0 allow remote authenticated users to inject arbitrary web script or HTML via (1) an uploaded profile picture or (2) the edit parameter to profiles/index.php.
CVE-2014-3764 1 Paloaltonetworks 1 Pan-os 2025-04-12 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the web-based device management interface in Palo Alto Networks PAN-OS before 5.0.15, 5.1.x before 5.1.10, and 6.0.x before 6.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Ref ID 64563.
CVE-2015-2931 1 Mediawiki 1 Mediawiki 2025-04-12 4.3 MEDIUM N/A
Incomplete blacklist vulnerability in includes/upload/UploadBase.php in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an application/xml MIME type for a nested SVG with a data: URI.
CVE-2016-0712 1 Apache 1 Jetspeed 2025-04-12 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in Apache Jetspeed before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to portal.
CVE-2014-5417 1 Meinberg 8 Lantime M100, Lantime M200, Lantime M300 and 5 more 2025-04-12 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Meinberg NTP Server firmware on LANTIME M-Series devices 6.15.019 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-4538 1 Malware Finder Plugin Project 1 Malware Finder 2025-04-12 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in process.php in the Malware Finder plugin 1.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the query parameter.
CVE-2015-2932 1 Mediawiki 1 Mediawiki 2025-04-12 4.3 MEDIUM N/A
Incomplete blacklist vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an animated href XLink element.
CVE-2016-1000133 1 Designsandcode 1 Forget About Shortcode Buttons 2025-04-12 4.3 MEDIUM 6.1 MEDIUM
Reflected XSS in wordpress plugin forget-about-shortcode-buttons v1.1.1
CVE-2015-0896 1 Extplorer 1 Extplorer 2025-04-12 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in eXtplorer before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-5008 1 Ibm 1 Websphere Commerce 2025-04-12 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through FP11, 6.0 Feature Pack 4, 7.0 through FP9, 7.0 Feature Pack 5 through 8, and 8.0 before 8.0.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVE-2014-8379 1 Marketo Ma Project 1 Marketo Ma 2025-04-12 3.5 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Marketo MA module before 7.x-1.5 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to field titles to the (1) Webform or (2) User sub-modules.
CVE-2015-0105 1 Ibm 1 Business Process Manager 2025-04-12 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVE-2014-2125 1 Cisco 1 Unity Connection 2025-04-12 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Web Inbox in Cisco Unity Connection 8.6(2a)SU3 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui33028.
CVE-2016-4552 1 Roundcube 1 Webmail 2025-04-12 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the href attribute in an area tag in an e-mail message.
CVE-2016-2228 3 Debian, Fedoraproject, Horde 4 Debian Linux, Fedora, Groupware and 1 more 2025-04-12 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in horde/templates/topbar/_menubar.html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via the searchfield parameter, as demonstrated by a request to xplorer/gollem/manager.php.
CVE-2015-6529 1 Phpipam 1 Phpipam 2025-04-12 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpipam 1.1.010 allow remote attackers to inject arbitrary web script or HTML via the (1) section parameter to site/error.php or (2) ip parameter to site/tools/searchResults.php.
CVE-2014-2057 1 Owncloud 2 Owncloud, Owncloud Server 2025-04-12 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 6.0.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.