Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-79
Total 38229 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-2287 1 Xzeres 2 442sr, 442sr Os 2025-04-12 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in XZERES 442SR OS on 442SR wind turbines allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-3548 1 Moodle 1 Moodle 2025-04-12 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via vectors that trigger an AJAX exception dialog.
CVE-2014-5108 2 Concrete5, Concretecms 2 Concrete5, Concrete Cms 2025-04-12 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in single_pages\download_file.php in concrete5 before 5.6.3 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to index.php/download_file.
CVE-2015-4174 1 Siemens 1 Climatix Bacnet\/ip 2025-04-12 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the integrated web server on the Siemens Climatix BACnet/IP communication module with firmware before 10.34 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVE-2014-2571 1 Moodle 1 Moodle 2025-04-12 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in the quiz_question_tostring function in mod/quiz/editlib.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote authenticated users to inject arbitrary web script or HTML via a quiz question.
CVE-2013-6301 1 Ibm 1 Algo One 2025-04-12 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-6299, CVE-2013-6300, CVE-2013-6320, and CVE-2013-6333.
CVE-2015-0072 1 Microsoft 1 Internet Explorer 2025-04-12 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy and inject arbitrary web script or HTML via vectors involving an IFRAME element that triggers a redirect, a second IFRAME element that does not trigger a redirect, and an eval of a WindowProxy object, aka "Universal XSS (UXSS)."
CVE-2015-6353 1 Cisco 1 Firesight System Software 2025-04-12 3.5 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSight Management Center (MC) 5.3.1.5 and 5.4.x through 5.4.1.3 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuu28922.
CVE-2016-0925 1 Emc 1 Rsa Adaptive Authentication On-premise 2025-04-12 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in the Case Management application in EMC RSA Adaptive Authentication (On-Premise) before 6.0.2.1.SP3.P4 HF210, 7.0.x and 7.1.x before 7.1.0.0.SP0.P6 HF50, and 7.2.x before 7.2.0.0.SP0.P0 HF20 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-2011 1 Hp 1 Network Node Manager I 2025-04-12 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2010.
CVE-2016-2081 1 Vmware 1 Vrealize Log Insight 2025-04-12 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-1197 1 Cybozu 1 Garoon 2025-04-12 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.x before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7775.
CVE-2014-4166 1 Shoutcast 1 Dnas 2025-04-12 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the song history in SHOUTcast DNAS 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the mp3 title field.
CVE-2016-7282 1 Microsoft 2 Edge, Internet Explorer 2025-04-12 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Browser Information Disclosure Vulnerability."
CVE-2014-0571 1 Adobe 1 Coldfusion 2025-04-12 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7, 10 before Update 14, and 11 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-3438 1 Symantec 1 Endpoint Protection Manager 2025-04-12 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in console interface scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-5235 1 Open-xchange 1 Open-xchange Appsuite 2025-04-12 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite before 7.4.2-rev33 and 7.6.x before 7.6.0-rev16 allows remote attackers to inject arbitrary web script or HTML via vectors related to unspecified fields in RSS feeds.
CVE-2016-0892 1 Emc 1 Rsa Data Loss Prevention 2025-04-12 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-1988 1 Ibm 2 Tivoli Storage Flashcopy Manager, Tivoli Storage Manager For Virtual Environments 2025-04-12 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in IBM Tivoli Storage Manger for Virtual Environments: Data Protection for VMware 6.3 before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.3 and Tivoli Storage FlashCopy Manager for VMware 3.1 before 3.1.1.3, 3.2 before 3.2.0.6, and 4.1 before 4.1.3.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
CVE-2015-2332 1 Mybb 1 Mybb 2025-04-12 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in member.php in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.