Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-79
Total 28752 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-0675 1 Bgsvetionik 1 Bgs Cms 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in BGSvetionik BGS CMS 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the search parameter in a search action. NOTE: some of these details are obtained from third party information.
CVE-2010-0349 1 C-3.co.jp 1 Webcalenderc3 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in C3 Corp. WebCalenderC3 0.32 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors. NOTE: this issue could not be reproduced by the vendor, but a patch was provided anyway. The original researcher is reliable.
CVE-2010-3077 1 Horde 1 Horde Application Framework 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in util/icon_browser.php in the Horde Application Framework before 3.3.9 allows remote attackers to inject arbitrary web script or HTML via the subdir parameter.
CVE-2011-1537 1 Hp 1 Proliant Support Pack 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in HP Proliant Support Pack (PSP) before 8.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-2292 1 D-link 1 Di-604 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Ping tools web interface in Dlink Di-604 router allows remote attackers to inject arbitrary web script or HTML via the IP field.
CVE-2011-3983 1 Kent-web 1 Web Forum 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in KENT-WEB WEB FORUM 5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to cookies.
CVE-2011-3243 1 Apple 2 Iphone Os, Safari 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5 and Safari before 5.1.1, allows remote attackers to inject arbitrary web script or HTML via vectors involving inactive DOM windows.
CVE-2011-3390 1 Ibm 2 Informix, Openadmin Tool 2024-02-04 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php in IBM OpenAdmin Tool (OAT) before 2.72 for Informix allow remote attackers to inject arbitrary web script or HTML via the (1) informixserver, (2) host, or (3) port parameter in a login action.
CVE-2009-4706 2 Sebastian Winterhalder, Typo3 2 Mailform, Typo3 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Mailform (mailform) extension before 0.9.24 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-2969 1 Moinmo 1 Moinmoin 2024-02-04 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, and 1.9.x before 1.9.3, allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/LikePages.py, (2) action/chart.py, and (3) action/userprofile.py, a similar issue to CVE-2010-2487.
CVE-2010-2150 1 Fujitsu 1 E-pares 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability Fujitsu e-Pares V01 L01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4699 1 Skadate 1 Skadate Online Dating Software 2024-02-04 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in SkaDate Dating allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin/auth.php and (2) file_uploader.php.
CVE-2011-0740 2 Pleer, Wordpress 2 Rss Feed Reader, Wordpress 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in magpie/scripts/magpie_slashbox.php in RSS Feed Reader 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the rss_url parameter.
CVE-2010-2509 1 2daybiz 1 Web Template Software 2024-02-04 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in 2daybiz Web Template Software allow remote attackers to inject arbitrary web script or HTML via the (1) keyword parameter to category.php and the (2) password parameter to memberlogin.php.
CVE-2012-0586 1 Apple 1 Iphone Os 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0587, CVE-2012-0588, and CVE-2012-0589.
CVE-2009-4568 1 Webmin 2 Usermin, Webmin 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Webmin before 1.500 and Usermin before 1.430 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4685 1 Phpscriptsnow 1 Astrology 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in celebrities.php in PHP Scripts Now Astrology allows remote attackers to inject arbitrary web script or HTML via the day parameter.
CVE-2010-1395 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving DOM constructor objects, related to a "scope management issue."
CVE-2010-4071 1 Otrs 1 Otrs 2024-02-04 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in AgentTicketZoom in OTRS 2.4.x before 2.4.9, when RichText is enabled, allows remote attackers to inject arbitrary web script or HTML via JavaScript in an HTML e-mail.
CVE-2010-4748 1 Pmwiki 1 Pmwiki 2024-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in pmwiki.php in PmWiki 2.2.20 allows remote attackers to inject arbitrary web script or HTML via the from parameter to Main/WikiSandbox. NOTE: some of these details are obtained from third party information.