Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-79
Total 38275 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-0740 2 Pleer, Wordpress 2 Rss Feed Reader, Wordpress 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in magpie/scripts/magpie_slashbox.php in RSS Feed Reader 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the rss_url parameter.
CVE-2010-4841 1 Manageengine 1 Eventlog Analyzer 2025-04-11 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine EventLog Analyzer 6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) HOST_ID, (2) OS, (3) GROUP, (4) exportFile, (5) load, (6) type, or (7) tab parameter to INDEX.do, the (8) reported parameter to INDEX2.do, the (9) gId parameter to hostlist.do, the (10) newWindow parameter to globalSettings.do, or the (11) STATUS parameter to enableHost.do. Fixed in Build 9000.
CVE-2011-2710 1 Joomla 1 Joomla\! 2025-04-11 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URI to includes/application.php, reachable through index.php; and, when Internet Explorer or Konqueror is used, (2) allow remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search action to index.php in the com_search component. NOTE: vector 2 exists because of an incomplete fix for CVE-2011-2509.5.
CVE-2012-4938 1 Patterninsight 1 Pattern Insight 2025-04-11 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in the web interface in Pattern Insight 2.3 allows remote authenticated administrators to inject arbitrary web script or HTML via the banner message.
CVE-2011-1395 1 Ibm 2 Maximo Asset Management, Maximo Asset Management Essentials 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in imicon.jsp in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote attackers to inject arbitrary web script or HTML via the controlid parameter.
CVE-2013-4888 1 Springsignage 1 Xibo 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in Digital Signage Xibo 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the layout parameter in the layout page.
CVE-2009-4853 2 Foswiki, Jumpbox 2 Foswiki, Jumpbox 2025-04-11 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in JumpBox before 1.1.2 for Foswiki Wiki System allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4975 1 Nokia 1 Qtdemobrowser 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in webview.cpp in QtDemoBrowser allows remote attackers to inject arbitrary web script or HTML via a URL associated with a nonexistent domain name, related to a "universal XSS" issue, a similar vulnerability to CVE-2010-2536.
CVE-2011-4910 1 Joomla 1 Joomla\! 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Joomla! before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVE-2012-1293 1 Ulli Horlacher 1 Fex 2025-04-11 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in fup in Frams' Fast File EXchange (F*EX, aka fex) before 20111129-2 allow remote attackers to inject arbitrary web script or HTML via the (1) to or (2) from parameters.
CVE-2013-1955 1 Nashtech 1 Easy Php Calendar 2025-04-11 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php and (2) datePicker.php in Easy PHP Calendar 6.x and 7.x before 7.0.13 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-1414 1 Tibco 2 Tibbr, Tibbr Service 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the tibbr web server, as used in TIBCO tibbr 1.0.0 through 1.5.0 and tibbr Service 1.0.0 through 1.5.0, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-0702 1 Cybozu 1 Garoon 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Cybozu Garoon 2.0.0 through 3.5.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-0590 1 Apple 1 Iphone Os 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a drag-and-drop operation.
CVE-2013-2372 1 Tibco 1 Spotfire Web Player 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Engine in TIBCO Spotfire Web Player 3.3.x before 3.3.3, 4.0.x before 4.0.3, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-3841 1 Wpsymposiumpro 1 Wp Symposium 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in uploadify/get_profile_avatar.php in the WP Symposium plugin before 11.12.08 for WordPress allows remote attackers to inject arbitrary web script or HTML via the uid parameter.
CVE-2013-0538 1 Ibm 1 Lotus Notes 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element in an HTML e-mail message, aka SPRs JMOY95BLM6 and JMOY95BN49.
CVE-2012-3393 1 Moodle 1 Moodle 2025-04-11 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in repository/lib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 allows remote authenticated administrators to inject arbitrary web script or HTML by renaming a repository.
CVE-2012-1046 1 Ibm 1 Cognos Tm1 2025-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in TM1 Web in IBM Cognos TM1 9.5.2 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0696.
CVE-2011-5150 1 Spamtitan 1 Spamtitan 2025-04-11 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5.07 and possibly earlier allow remote attackers or authenticated users to inject arbitrary web script or HTML via the (1) ipaddress or (2) domain parameter to setup-network.php, different vectors than CVE-2011-5149. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.