Vulnerabilities (CVE)

Filtered by CWE-79
Total 28595 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-4608 1 Canon-its 1 Accessguardian 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Canon IT Solutions Inc. ACCESSGUARDIAN 3.0.14 and earlier, and 3.5.6 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to authentication.
CVE-2009-4681 1 Phpdirectorysource 1 Phpdirectorysource 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in search.php in phpDirectorySource 1.x allows remote attackers to inject arbitrary web script or HTML via the st parameter.
CVE-2011-4680 1 Vtiger 1 Vtiger Crm 2024-02-04 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the customer portal in vtiger CRM before 5.2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-1330 1 Kbs 1 Weblygo 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in WeblyGo 5.0 Pro/LE, 5.02 Pro/LE, 5.03 Pro/LE, 5.04 Pro/LE, and 5.10 Pro/LE allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-4170 1 Gnome 1 Empathy 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the theme_adium_append_message function in empathy-theme-adium.c in the Adium theme in libempathy-gtk in Empathy 3.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted alias (aka nickname) in a /me event, a different vulnerability than CVE-2011-3635.
CVE-2010-4828 1 Solarwinds 1 Orion Network Performance Monitor 2024-02-04 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds Orion Network Performance Monitor (NPM) 10.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Title parameter to MapView.aspx; NetObject parameter to (2) NodeDetails.aspx and (3) InterfaceDetails.aspx; and the (4) ChartName parameter to CustomChart.aspx.
CVE-2009-4859 1 Onlinetechtools.com 1 Owos Lite 2024-02-04 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Online Work Order Suite (OWOS) Lite Edition 3.10 allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) default.asp and (2) report.asp, and the (3) go parameter to login.asp.
CVE-2010-5027 1 Sfiab 1 Science Fair In A Box 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in winners.php in Science Fair In A Box (SFIAB) 2.0.6 and 2.2.0 allows remote attackers to inject arbitrary web script or HTML via the type parameter. NOTE: some of these details are obtained from third party information.
CVE-2011-0048 1 Mozilla 1 Bugzilla 2024-02-04 4.3 MEDIUM N/A
Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 creates a clickable link for a (1) javascript: or (2) data: URI in the URL (aka bug_file_loc) field, which allows remote attackers to conduct cross-site scripting (XSS) attacks against logged-out users via a crafted URI.
CVE-2011-2931 1 Rubyonrails 2 Rails, Ruby On Rails 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the strip_tags helper in actionpack/lib/action_controller/vendor/html-scanner/html/node.rb in Ruby on Rails before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a tag with an invalid name.
CVE-2011-1395 1 Ibm 2 Maximo Asset Management, Maximo Asset Management Essentials 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in imicon.jsp in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote attackers to inject arbitrary web script or HTML via the controlid parameter.
CVE-2011-2609 1 Opera 1 Opera Browser 2024-02-04 4.3 MEDIUM N/A
Opera before 11.50 does not properly restrict data: URIs, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site.
CVE-2009-3742 1 Liferay 1 Liferay Portal 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Liferay Portal before 5.3.0 allows remote attackers to inject arbitrary web script or HTML via the p_p_id parameter.
CVE-2010-4985 1 Mykazaam 1 Notes Management System 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in notes.php in My Kazaam Notes Management System allows remote attackers to inject arbitrary web script or HTML via vectors involving the "Enter Reference Number Below" text box.
CVE-2011-4764 1 Parallels 1 Parallels Plesk Small Business Panel 2024-02-04 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by Wizard/Edit/Modules/Image and certain other files.
CVE-2010-4949 2 Evnix, Joomla 3 Freichat, Freichatpure, Joomla\! 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the (1) FreiChat component before 2.1.2 for Joomla! and the (2) FreiChatPure component before 1.2.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML by entering it in an unspecified window.
CVE-2009-4347 1 Liran Tal 1 Daloradius 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in daloradius-users/login.php in daloRADIUS 0.9-8 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter.
CVE-2010-2001 2 Drupal, Ninjitsuweb 2 Drupal, Civiregister 2024-02-04 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in the CiviRegister module before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the URI.
CVE-2011-1105 1 Mutare 1 Evm 2024-02-04 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Mutare EVM allow remote attackers to inject arbitrary web script or HTML via (1) a delivery address and possibly (2) a PIN.
CVE-2010-2778 1 Novell 1 Groupwise 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise 7.x before 7.0 post-SP4 FTF and 8.x before 8.0 SP2 allows remote attackers to inject arbitrary web script or HTML via a crafted message, related to a "Javascript XSS exploit."