Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-79
Total 38270 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-0331 2 Stefan Tannhaeuser, Typo3 2 Tv21 Talkshow, Typo3 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the TV21 Talkshow (tv21_talkshow) extension 1.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-4844 1 Ibm 1 Lotus Domino 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the web server in IBM Lotus Domino 8.5.x through 8.5.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-3843 1 E107 1 E107 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the registration page in e107, probably 1.0.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-6229 1 Atmail 1 Atmail 2025-04-11 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Atmail Webmail Server 7.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) filter parameter to index.php/mail/mail/listfoldermessages/searching/true/selectFolder/INBOX/resultContext/searchResultsTab5 or (2) mailId[] parameter to index.php/mail/mail/movetofolder/fromFolder/INBOX/toFolder/INBOX.Trash. NOTE: the view attachment message process vector is already covered by CVE-2013-2585.
CVE-2013-2309 1 Tejimaya 1 Openpne 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the management screen in OpenPNE 3.4.x before 3.4.21.1, 3.6.x before 3.6.9.1, and 3.8.x before 3.8.5.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving the "mobile version color scheme."
CVE-2011-0604 3 Adobe, Apple, Microsoft 4 Acrobat, Acrobat Reader, Mac Os X and 1 more 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-0587.
CVE-2013-0672 1 Siemens 1 Wincc Tia Portal 2025-04-11 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to inject arbitrary web script or HTML via unspecified data.
CVE-2010-5027 1 Sfiab 1 Science Fair In A Box 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in winners.php in Science Fair In A Box (SFIAB) 2.0.6 and 2.2.0 allows remote attackers to inject arbitrary web script or HTML via the type parameter. NOTE: some of these details are obtained from third party information.
CVE-2011-2650 2 Marcus Schafer, Novell 2 Kiwi, Suse Studio Onsite 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via a crafted pattern name that is included in an RPM info display.
CVE-2010-2144 1 Zeeways 1 Ebay Clone Auction Script 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in signinform.php in Zeeways eBay Clone Auction Script allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: some of these details are obtained from third party information.
CVE-2011-0909 1 Vanillaforums 1 Vanilla 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Vanilla Forums before 2.0.17.6 allows remote attackers to inject arbitrary web script or HTML via the p parameter to an unspecified component, a different vulnerability than CVE-2011-0526.
CVE-2012-4939 1 Solarwinds 2 Ip Address Manager Web Interface, Orion Network Performance Monitor 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in IPAMSummaryView.aspx in the IPAM web interface before 3.0-HotFix1 in SolarWinds Orion Network Performance Monitor might allow remote attackers to inject arbitrary web script or HTML via the "Search for an IP address" field.
CVE-2010-0700 1 Wampserver 1 Wampserver 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in WampServer 2.0i allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
CVE-2010-2001 2 Drupal, Ninjitsuweb 2 Drupal, Civiregister 2025-04-11 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in the CiviRegister module before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the URI.
CVE-2013-0244 1 Drupal 1 Drupal 2025-04-11 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in Drupal 6.x before 6.28 and 7.x before 7.19, when running with older versions of jQuery that are vulnerable to CVE-2011-4969, allows remote attackers to inject arbitrary web script or HTML via vectors involving unspecified Javascript functions that are used to select DOM elements.
CVE-2013-4713 1 Iodata 2 Rockdisk, Rockdisk Firmware 2025-04-11 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk with firmware before 1.05e1-2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-1105 1 Mutare 1 Evm 2025-04-11 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Mutare EVM allow remote attackers to inject arbitrary web script or HTML via (1) a delivery address and possibly (2) a PIN.
CVE-2010-1382 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-11 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote authenticated users to inject arbitrary web script or HTML via crafted Wiki content, related to lack of a charset field.
CVE-2011-4155 1 Hp 1 Network Node Manager I 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 9.0x and 9.1x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4156.
CVE-2012-5666 1 Owncloud 1 Owncloud Server 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in bookmarks/js/bookmarks.js in ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to apps/bookmark/index.php.