Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-79
Total 28620 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-5587 1 Bestpractical 1 Rt 2024-02-04 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.13, when MakeClicky is configured, allows remote attackers to inject arbitrary web script or HTML via a URL in a ticket. NOTE: this issue has been SPLIT from CVE-2013-3371 due to different affected versions.
CVE-2012-2331 1 S9y 1 Serendipity 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in serendipity/serendipity_admin_image_selector.php in Serendipity before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the serendipity[textarea] parameter. NOTE: this issue might be resultant from cross-site request forgery (CSRF).
CVE-2013-7250 1 Projectforge 1 Projectforge 2024-02-04 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in the JsonBuilder implementation in ProjectForge before 5.3 allows remote authenticated users to inject arbitrary web script or HTML via an autocompletion string, related to web/core/JsonBuilder.java and web/wicket/autocompletion/PFAutoCompleteBehavior.java.
CVE-2012-4745 1 The Collective 1 Acuity Cms 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in admin/login.asp in Acuity CMS 2.6.2 allows remote attackers to inject arbitrary web script or HTML via the UserName parameter.
CVE-2011-4956 1 Wordpress 1 Wordpress 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in WordPress before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-3870 1 Openconstructor Project 1 Openconstructor 2024-02-04 3.5 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in objects/createobject.php in Open Constructor 3.12.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) name or (2) description parameter.
CVE-2013-4117 2 Anshul Sharma, Wordpress 2 Category-grid-view-gallery, Wordpress 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in includes/CatGridPost.php in the Category Grid View Gallery plugin 2.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ID parameter.
CVE-2010-5097 1 Typo3 1 Typo3 2024-02-04 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in the click enlarge functionality in TYPO3 4.3.x before 4.3.9 and 4.4.x before 4.4.5 when the caching framework is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-2960 1 Hp 4 Arcsight Connector Appliance, Arcsight Connector Appliance Firmware, Arcsight Logger Appliance and 1 more 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the import functionality in HP ArcSight Connector appliance 6.2.0.6244.0 and ArcSight Logger appliance 5.2.0.6288.0 allows remote attackers to inject arbitrary web script or HTML via a crafted file.
CVE-2012-5295 2 Fusetalk, Fusetalk. 2 Fusetalk, Fusetalk 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in login.cfm in FuseTalk Forums 3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the windowed parameter.
CVE-2012-2298 2 Drupal, Nancy Wichmann 3 Drupal, Realname, Realname 2024-02-04 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the RealName module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) "user names in page titles" and (2) "autocomplete callbacks."
CVE-2012-2582 1 Otrs 2 Otrs, Otrs Itsm 2024-02-04 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.13, 3.0.x before 3.0.15, and 3.1.x before 3.1.9, and OTRS ITSM 2.1.x before 2.1.5, 3.0.x before 3.0.6, and 3.1.x before 3.1.6, allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element or (2) UTF-7 text in an HTTP-EQUIV="CONTENT-TYPE" META element.
CVE-2012-5229 1 Wordpress 2 Slideshow Gallery2, Wordpress 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in css/gallery-css.php in the Slideshow Gallery2 plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the border parameter.
CVE-2013-4749 2 Typo3, Usertask Center Messaging Project 2 Typo3, Usertask Center Messaging 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the UserTask Center, Messaging (sys_messages) extension 1.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-7076 1 Typo3 1 Typo3 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Extension Manager in TYPO3 4.5.x before 4.5.32 and 4.7.x before 4.7.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-0709 1 Bayashi 1 Dopvstar\* 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in dopvSTAR* 0091 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly handled during display of the access log.
CVE-2012-3840 1 Myclientbase 1 Myclientbase 2024-02-04 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php/users/form/user_id in MyClientBase 0.12 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name or (2) last_name parameters.
CVE-2012-1982 1 Socialcms 1 Socialcms 2024-02-04 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in my_admin/admin1_list_pages.php in SocialCMS 1.0.2 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the TR_title parameter in an edit action.
CVE-2012-4819 1 Ibm 2 Infosphere Business Glossary, Infosphere Information Server 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in InfoSphere Business Glossary 8.1.1 and 8.1.2, InfoSphere DataStage Operation Console, InfoSphere Administration, and Reporting and Repository Management Web Console in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-6808 1 Zend 1 Zendto 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in lib/NSSDropoff.php in ZendTo before 4.11-13 allows remote attackers to inject arbitrary web script or HTML via a modified emailAddr field to pickup.php.