Vulnerabilities (CVE)

Filtered by CWE-79
Total 29021 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-0962 1 Apple 1 Iphone Os 2024-02-04 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 6.1 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted content that is not properly handled during a copy-and-paste operation.
CVE-2012-6360 1 Ibm 1 Intelligent Operations Center 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in IBM Intelligent Operations Center 1.5.0 allows remote attackers to inject arbitrary web script or HTML via event data fields.
CVE-2012-2706 2 Drupal, Peter Pokrivcak 2 Drupal, Post Affiliate Pro 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Post Affiliate Pro (PAP) module for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to user registration.
CVE-2012-4268 2 Ait-pro, Wordpress 2 Bulletproof-security, Wordpress 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in bulletproof-security/admin/options.php in the BulletProof Security plugin before .47.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTP_ACCEPT_ENCODING header.
CVE-2012-4052 1 Jease 1 Jease 2024-02-04 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Jease before 2.9, when creating a comment, allow remote attackers to inject arbitrary web script or HTML via the (1) author, (2) subject, or (3) comment parameter.
CVE-2013-6191 1 Hp 1 Operations Orchestration 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in HP Operations Orchestration before 9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-5442 1 Ibm 2 Security Network Protection Firmware, Security Network Protection Xgs 5100 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Local Management Interface (LMI) in IBM Security Network Protection on XGS 5100 devices with firmware 5.1 before 5.1.0.6 and 5.1.1 before 5.1.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-5585 2 Drupal, Mixpanel Project 2 Drupal, Mixpanel 2024-02-04 2.1 LOW N/A
Cross-site scripting (XSS) vulnerability in the Mixpanel module 6.x-1.x before 6.x-1.1 in Drupal allows remote authenticated users with the "access administration pages" permission to inject arbitrary web script or HTML via the Maxpanel token.
CVE-2013-4711 1 Accelatech 1 Bizsearch 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Accela BizSearch 3.2 on Linux and Solaris allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-5882 1 Yahoo 1 Yui 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.
CVE-2013-4674 1 Symantec 2 Encryption Management Server, Pgp Universal Server 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Web Email Protection component in Symantec Encryption Management Server (formerly Symantec PGP Universal Server) before 3.3.0 MP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted encrypted e-mail attachment.
CVE-2012-4612 1 Emc 2 Rsa Data Protection Manager Appliance, Rsa Data Protection Manager Software Server 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in EMC RSA Data Protection Manager Appliance and Software Server 2.7.x and 3.x before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-6395 1 Ganglia 1 Ganglia-web 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in header.php in Ganglia Web 3.5.8 and 3.5.10 allows remote attackers to inject arbitrary web script or HTML via the host_regex parameter to the default URI, which is processed by get_context.php.
CVE-2014-1232 2 Foliovision, Wordpress 2 Foliopress Wysiwyg, Wordpress 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Foliopress WYSIWYG plugin before 2.6.8.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-4231 1 Jcore 1 Jcore 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in admin/index.php in jCore before 1.0pre2 allows remote attackers to inject arbitrary web script or HTML via the path parameter.
CVE-2012-2914 1 Unijimpe 1 Captcha 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in captchademo.php in Unijimpe Captcha allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVE-2013-5943 1 Graphite Project 1 Graphite 2024-02-04 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Graphite before 0.9.11 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-3279 1 Hp 1 Network Node Manager I 2024-02-04 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node Manager i (NNMi) 8.x, 9.0x, 9.1x, and 9.20 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-4842 1 Hp 2 Integrated Lights-out, Integrated Lights-out Firmware 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-2573 1 Tdah 1 T-day Webmail 2024-02-04 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in T-dah WebMail 3.2.0-2.3 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a SCRIPT element, (2) a crafted Cascading Style Sheets (CSS) expression property, (3) a CSS expression property in the STYLE attribute of an arbitrary element, (4) an ONLOAD attribute of a BODY element, (5) a crafted SRC attribute of an IFRAME element, (6) a crafted CONTENT attribute of an HTTP-EQUIV="refresh" META element, or (7) a data: URL in the CONTENT attribute of an HTTP-EQUIV="refresh" META element.