Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-79
Total 28758 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-2947 1 Bizagi 1 Business Process Management Suite 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Login.aspx in Bizagi BPM Suite before 10.3 allows remote attackers to inject arbitrary web script or HTML via the txtUsername parameter.
CVE-2015-2195 1 Wp Media Cleaner Project 1 Wp Media Cleaner 2024-02-04 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the WP Media Cleaner plugin 2.2.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) view, (2) paged, or (3) s parameter in the wp-media-cleaner page to wp-admin/upload.php.
CVE-2015-1444 1 Fli4l 1 Fli4l 2024-02-04 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the web administration frontend in the httpd package in fli4l before 3.10.1 and 4.0 before 2015-01-30 allow remote attackers to inject arbitrary web script or HTML via the (1) conntrack.cgi, (2) index.cgi, (3) log_syslog.cgi, (4) problems.cgi, (5) status.cgi, (6) status_network.cgi, or (7) status_system.cgi script in admin/.
CVE-2014-2336 1 Fortinet 2 Fortianalyzer Firmware, Fortimanager 2024-02-04 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface in Fortinet FortiManager before 5.0.7 and FortiAnalyzer before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-2334 and CVE-2014-2335.
CVE-2014-2260 1 Ajenti 1 Ajenti 2024-02-04 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in plugins/main/content/js/ajenti.coffee in Eugene Pankov Ajenti 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via the command field in the Cron functionality.
CVE-2012-5504 1 Plone 1 Plone 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in widget_traversal.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-1630 1 Microsoft 1 Exchange Server 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Audit Report Cross Site Scripting Vulnerability."
CVE-2014-3846 1 Flyingcart 1 Flying Cart 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Flying Cart allows remote attackers to inject arbitrary web script or HTML via the p parameter to index.php.
CVE-2014-3786 1 Lucidcrew 1 Pixie 2024-02-04 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the contact module (admin/modules/contact.php) in Pixie CMS 1.04 allow remote attackers to inject arbitrary web script or HTML via the (1) uemail or (2) subject parameter in the Contact form to contact/.
CVE-2014-8247 1 Broadcom 1 Release Automation 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-0910 1 Dounokouno 1 Transmitmail 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in TAGAWA Takao TransmitMail 1.0.11 through 1.5.8 allows remote attackers to inject arbitrary web script or HTML via a crafted filename.
CVE-2014-4735 1 Mywebsql 1 Mywebsql 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in MyWebSQL 3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the table parameter to index.php.
CVE-2014-1914 1 Doug Poulin 1 Command School Student Management System 2024-02-04 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to inject arbitrary web script or HTML via the (1) topic parameter to sw/add_topic.php or (2) nick parameter to sw/chat/message.php.
CVE-2015-0703 1 Cisco 1 Unified Meetingplace 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the administrative web interface in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCus95857.
CVE-2014-0814 1 Phpmyfaq 1 Phpmyfaq 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-5417 1 Meinberg 8 Lantime M100, Lantime M200, Lantime M300 and 5 more 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Meinberg NTP Server firmware on LANTIME M-Series devices 6.15.019 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-0901 1 Flashy Project 1 Flashy 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the duwasai flashy theme 1.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-6131 1 Roundup-tracker 1 Roundup 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the @action parameter to support/issue1.
CVE-2015-1653 1 Microsoft 2 Sharepoint Foundation, Sharepoint Server 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 SP1 and SharePoint Server 2013 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "Microsoft SharePoint XSS Vulnerability."
CVE-2015-2241 1 Djangoproject 1 Django 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the contents function in admin/helpers.py in Django before 1.7.6 and 1.8 before 1.8b2 allows remote attackers to inject arbitrary web script or HTML via a model attribute in ModelAdmin.readonly_fields, as demonstrated by a @property.