Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-79
Total 28962 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-4959 1 Ibm 1 Tivoli Federated Identity Manager 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before FP16 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVE-2015-1919 1 Ibm 1 Security Qradar Incident Forensics 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in IBM Security QRadar Incident Forensics before 7.2.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVE-2016-2081 1 Vmware 1 Vrealize Log Insight 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-3056 1 Ibm 1 Business Process Manager 2024-02-04 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in Business Space in IBM Business Process Manager 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, and 8.5 before 8.5.7.0 CF2016.09 allows remote authenticated users to inject arbitrary web script or HTML via crafted content.
CVE-2016-6365 1 Cisco 1 Firepower Management Center 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.0.2, 5.3.1, and 5.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCur25508 and CSCur25518.
CVE-2015-6751 1 Time Tracker Project 1 Time Tracker 2024-02-04 3.5 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Time Tracker module 7.x-1.x before 7.x-1.4 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via a (1) note added to a time entry or an (2) activity used to categorize time tracker entries.
CVE-2016-1300 1 Cisco 1 Unity Connection 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in Cisco Unity Connection (UC) 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux82582.
CVE-2015-7232 1 Structured Dynamics 1 Open Semantic Framework 2024-02-04 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in unspecified administration pages in the OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Ontology module is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-5002 1 Ibm 1 Host On-demand 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in IBM Host On-Demand 11.0 through 11.0.14 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVE-2015-7728 1 Sap 1 Hana 2024-02-04 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in user creation in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to inject arbitrary web script or HTML via the username, aka SAP Security Note 2153898.
CVE-2015-6672 1 Citrix 2 Netscaler Application Delivery Controller Firmware, Netscaler Gateway Firmware 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 132.8, 10.5 before Build 57.7, and 10.5e before Build 56.1505.e allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-3781 1 Apple 1 Mac Os X 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Quick Look in Apple OS X before 10.10.5 allows remote attackers to inject arbitrary web script or HTML via a previously visited web site that is rendered during a Quick Look search.
CVE-2015-1917 1 Ibm 1 Websphere Portal 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Active Content Filtering component in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVE-2015-6508 1 Netgate 1 Pfsense 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in pfSense before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the descr parameter in a "new" action to system_authservers.php.
CVE-2016-1310 1 Cisco 1 Unity Connection 2024-02-04 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 11.5(0.199) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy09033.
CVE-2015-5500 1 Navigate Project 1 Navigate 2024-02-04 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in the Navigate module for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-4294 1 Cisco 1 Unified Communications Manager Im And Presence Service 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Cisco IM and Presence Service before 10.5 MR1 allows remote attackers to inject arbitrary web script or HTML by constructing a crafted URL that leverages incomplete filtering of HTML elements, aka Bug ID CSCut41766.
CVE-2015-6372 1 Cisco 1 Firepower Extensible Operating System 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCux10614.
CVE-2015-5733 1 Wordpress 1 Wordpress 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the refreshAdvancedAccessibilityOfItem function in wp-admin/js/nav-menu.js in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via an accessibility-helper title.
CVE-2015-8603 1 S9y 1 Serendipity 2024-02-04 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in Serendipity before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the serendipity[entry_id] parameter in an "edit" admin action to serendipity_admin.php.