Vulnerabilities (CVE)

Filtered by CWE-79
Total 29038 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-3421 1 Eshop Project 1 Eshop 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
The eshop_checkout function in checkout.php in the Wordpress Eshop plugin 6.3.11 and earlier does not validate variables in the "eshopcart" HTTP cookie, which allows remote attackers to perform cross-site scripting (XSS) attacks, or a path disclosure attack via crafted variables named after target PHP variables.
CVE-2017-1503 1 Ibm 1 Websphere Application Server 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attacker to perform further attacks, such as Web cache poisoning, cross-site scripting, and possibly obtain sensitive information. IBM X-Force ID: 129578.
CVE-2016-6019 1 Ibm 1 Emptoris Strategic Supply Management 2024-02-04 3.5 LOW 5.4 MEDIUM
IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 116739.
CVE-2014-7240 1 Formget 1 Easy Contact Form Solution 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the Easy Contact Form Solution plugin before 1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the value parameter in a master_response action to wp-admin/admin-ajax.php.
CVE-2017-9507 1 Atlassian 2 Crucible, Fisheye 2024-02-04 3.5 LOW 5.4 MEDIUM
The review dashboard resource in Atlassian Crucible from version 4.1.0 before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the review filter title parameter.
CVE-2016-6810 1 Apache 1 Activemq 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scripting vulnerability was identified to be present in the web based administration console. The root cause of this issue is improper user data output validation.
CVE-2017-17893 1 Readymade Video Sharing Script Project 1 Readymade Video Sharing Script 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
Readymade Video Sharing Script has XSS via the search_video.php search parameter, the viewsubs.php chnlid parameter, or the user-profile-edit.php fname parameter.
CVE-2015-3162 1 Beaker-project 1 Beaker 2024-02-04 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in the edit comment dialog in bkr/server/widgets.py in Beaker 20.1 allows remote authenticated users to inject arbitrary web script or HTML via writing a crafted comment on an acked or nacked canceled job.
CVE-2017-11198 1 Finecms Project 1 Finecms 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in /application/lib/ajax/get_image.php in FineCMS through 2017-07-12 allows remote attackers to inject arbitrary web script or HTML via the folder, id, or name parameter.
CVE-2017-1000492 1 Leanote 1 Desktop 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
Leanote-desktop version v2.5 is vulnerable to a XSS which leads to code execution due to enabled node integration
CVE-2017-7666 1 Apache 1 Openmeetings 2024-02-04 6.8 MEDIUM 8.8 HIGH
Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks.
CVE-2016-10508 1 Phpthumb Project 1 Phpthumb 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in phpThumb() before 1.7.14 allow remote attackers to inject arbitrary web script or HTML via parameters in demo/phpThumb.demo.showpic.php.
CVE-2017-5085 2 Apple, Google 2 Iphone Os, Chrome 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
Inappropriate implementation in Bookmarks in Google Chrome prior to 59 for iOS allowed a remote attacker who convinced the user to perform certain operations to run JavaScript on chrome:// pages via a crafted bookmark.
CVE-2017-9306 1 Syspass 1 Syspass 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
inc/SP/Html/Html.class.php in sysPass 2.1.9 allows remote attackers to bypass the XSS filter, as demonstrated by use of an "<svg/onload=" substring instead of an "<svg onload=" substring.
CVE-2017-7339 1 Fortinet 1 Fortiportal 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the 'Name' and 'Description' inputs in the 'Add Revision Backup' functionality.
CVE-2016-10699 1 Dlink 2 Dsl-2740e, Dsl-2740e Firmware 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
D-Link DSL-2740E 1.00_BG_20150720 devices are prone to persistent XSS attacks in the username and password fields: a remote unauthenticated user may craft logins and passwords with script tags in them. Because there is no sanitization in the input fields, an unaware logged-in administrator may be a victim when checking the router logs.
CVE-2017-12630 1 Apache 1 Drill 2024-02-04 3.5 LOW 5.4 MEDIUM
In Apache Drill 1.11.0 and earlier when submitting form from Query page users are able to pass arbitrary script or HTML which will take effect on Profile page afterwards. Example: after submitting special script that returns cookie information from Query page, malicious user may obtain this information from Profile page afterwards.
CVE-2017-17093 2 Debian, Wordpress 2 Debian Linux, Wordpress 2024-02-04 3.5 LOW 5.4 MEDIUM
wp-includes/general-template.php in WordPress before 4.9.1 does not properly restrict the lang attribute of an HTML element, which might allow attackers to conduct XSS attacks via the language setting of a site.
CVE-2017-14716 1 Telaxius 1 Epesi 2024-02-04 3.5 LOW 5.4 MEDIUM
In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Title parameter.
CVE-2017-15278 1 Teampass 1 Teampass 2024-02-04 3.5 LOW 5.4 MEDIUM
Cross-Site Scripting (XSS) was discovered in TeamPass before 2.1.27.9. The vulnerability exists due to insufficient filtration of data (in /sources/folders.queries.php). An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.