Vulnerabilities (CVE)

Filtered by CWE-79
Total 37573 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-4587 1 The Seasar Foundation 1 Escafeweb 2025-04-09 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Easy Software Cafeteria escafeWeb (aka Tuigwaa) 1.0 through 1.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the setting of option.nopage.create in tuigwaa.properties.
CVE-2007-6696 1 Webcalendar 1 Webcalendar 2025-04-09 2.1 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar 1.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) an event description, (2) the query string to pref.php, and (3) the adv parameter to search.php. NOTE: vector 1 requires user authentication.
CVE-2009-0532 1 Scripts-for-sites 1 Ez Baby 2025-04-09 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in password.php in Scripts For Sites (SFS) EZ Baby allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving the u2 parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-6570 1 Sun 2 Java System Web Proxy Server, Java System Web Server 2025-04-09 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the View URL Database functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 and 3.x before 3.6 SP11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566309.
CVE-2009-1310 1 Mozilla 1 Firefox 2025-04-09 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the MozSearch plugin implementation in Mozilla Firefox before 3.0.9 allows user-assisted remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SearchForm element.
CVE-2008-4802 1 Simple Php Scripts 1 Blog 2025-04-09 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in complete.php in Simple PHP Scripts blog 0.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-6162 1 Wsdeluxe 1 Fmdeluxe 2025-04-09 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in FMDeluxe 2.1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a category action.
CVE-2009-2221 1 Php.s3 1 Php-i-board 2025-04-09 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in PHP-I-BOARD 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-3105 1 Ibm 1 Domino Web Access 2025-04-09 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 211.241 for Domino 8.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR EZEL7UURYC.
CVE-2009-0354 1 Mozilla 1 Firefox 2025-04-09 2.6 LOW N/A
Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x before 3.0.6 allows remote attackers to bypass the Same Origin Policy, and access the properties of an arbitrary window and conduct cross-site scripting (XSS) attacks, via vectors involving a chrome XBL method and the window.eval function.
CVE-2009-2228 1 Kasseler-cms 1 Kasseler Cms 2025-04-09 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in engine.php in Kasseler CMS allows remote attackers to inject arbitrary web script or HTML via the url parameter in a redirect action.
CVE-2009-4388 2 Frank Krger, Typo3 2 Nl Listman, Typo3 2025-04-09 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the ListMan (nl_listman) extension 1.2.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-3789 1 Opendocman 1 Opendocman 2025-04-09 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in OpenDocMan 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the last_message parameter to (1) add.php, (2) toBePublished.php, (3) index.php, and (4) admin.php; the PATH_INFO to the default URI to (5) category.php, (6) department.php, (7) profile.php, (8) rejects.php, (9) search.php, (10) toBePublished.php, (11) user.php, and (12) view_file.php; and (13) the caller parameter in a Modify User action to user.php.
CVE-2009-3513 1 Pilotgroup 1 Pg Etraining 2025-04-09 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Pilot Group (PG) eTraining allow remote attackers to inject arbitrary web script or HTML via (1) the cat_id parameter to courses_login.php, the id parameter to (2) news_read.php or (3) lessons_login.php, or (4) the cur parameter in a start action to lessons_login.php.
CVE-2007-6307 1 Jfree 1 Jfreechart 2025-04-09 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in clickstats.php in wwwstats 3.21 allow remote attackers to inject arbitrary web script or HTML via (1) the link parameter or (2) the User-Agent HTTP header.
CVE-2008-1499 1 Cpanel 1 Cpanel 2025-04-09 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in frontend/x/manpage.html in cPanel 11.18.3 and 11.21.0-BETA allows remote attackers to inject arbitrary web script or HTML via the query string.
CVE-2008-5717 1 Hitachi 1 Jp1 Integrated Management Service Support 2025-04-09 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Hitachi JP1/Integrated Management - Service Support 08-10 through 08-10-05, 08-11 through 08-11-03, and 08-50 through 08-50-03 on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-5728 1 Phppgadmin 1 Phppgadmin 2025-04-09 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, allows remote attackers to inject arbitrary web script or HTML via certain input available in PHP_SELF in (1) redirect.php, possibly related to (2) login.php, different vectors than CVE-2007-2865.
CVE-2009-4052 1 Ibm 2 Rational Application Developer For Websphere, Rational Software Architect 2025-04-09 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the JSF Widget Library Runtime in IBM Rational Application Developer for WebSphere Software before 7.0.0.10 and Rational Software Architect before 7.0.0.10 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) the JSF Tree Control and (2) the JavaScript Resource Servlet.
CVE-2008-6700 1 Butterflymedia 1 Butterfly Organizer 2025-04-09 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Butterfly Organizer 2.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) mytable parameter to view.php, (2) mytable parameter to viewdb2.php, (3) tablehere parameter to category-rename.php, and (4) letter parameter to module-contacts.php.