Filtered by CWE-79
Total 45560 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2012-2569 1 Synametrics 1 Xeams 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Synametrics Technologies Xeams 4.4 Build 5720 allows remote attackers to inject arbitrary web script or HTML via the body of an email.
CVE-2014-3830 1 Tomatocart 1 Tomatocart 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in info.php in TomatoCart 1.1.8.6.1 allows remote attackers to inject arbitrary web script or HTML via the faqs_id parameter.
CVE-2012-2413 1 Joomla 1 Joomla\! 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the ja_purity template for Joomla! 1.5.26 and earlier allows remote attackers to inject arbitrary web script or HTML via the Mod* cookie parameter to html/modules.php.
CVE-2014-3876 1 Ulli Horlacher 1 Fex 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Frams' Fast File EXchange (F*EX, aka fex) before fex-20140530 allow remote attackers to inject arbitrary web script or HTML via the (1) akey parameter to rup or (2) disclaimer or (3) gm parameter to fuc.
CVE-2014-3897 1 Homepage Decorator Perlmailer Project 1 Homepage Decorator Perlmailer 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Homepage Decorator PerlMailer 3.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-3900 1 Piwigo 1 Piwigo 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in admin/picture_modify.php in the photo-edit subsystem in Piwigo 2.6.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the associate[] field, a different vulnerability than CVE-2014-4649.
CVE-2014-3923 1 Digitalzoomstudio 1 Video Gallery 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the logoLink parameter to (1) preview.swf, (2) preview_skin_rouge.swf, (3) preview_allchars.swf, or (4) preview_skin_overlay.swf in deploy/.
CVE-2014-3922 1 Trendmicro 1 Interscan Messaging Security Virtual Appliance 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Trend Micro InterScan Messaging Security Virtual Appliance 8.5.1.1516 allows remote authenticated users to inject arbitrary web script or HTML via the addWhiteListDomainStr parameter to addWhiteListDomain.imss.
CVE-2014-3924 1 Webmin 2 Userwin, Webmin 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Webmin before 1.690 and Usermin before 1.600 allow remote attackers to inject arbitrary web script or HTML via vectors related to popup windows.
CVE-2014-3949 2 Jo Hasenau, Typo3 2 Gridelements, Typo3 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the layout wizard in the Grid Elements (gridelements) extension before 1.5.1 and 2.0.x before 2.0.3 for TYPO3 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-3974 1 Auracms 1 Auracms 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in filemanager.php in AuraCMS 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the viewdir parameter.
CVE-2016-0244 1 Ibm 1 Websphere Portal 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0243.
CVE-2014-3988 1 Sunhater 1 Kcfinder 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in index.php in SunHater KCFinder 3.11 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) file or (2) directory (folder) name of an uploaded file.
CVE-2014-4017 1 Conversionninja 1 Conversion Ninja 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Conversion Ninja plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter to lp/index.php.
CVE-2014-4036 1 Impresscms 1 Impresscms 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in modules/system/admin.php in ImpressCMS 1.3.6.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a listimg action.
CVE-2014-4075 1 Microsoft 1 Asp.net Model View Controller 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in System.Web.Mvc.dll in Microsoft ASP.NET Model View Controller (MVC) 2.0 through 5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted web page, aka "MVC XSS Vulnerability."
CVE-2014-4187 1 Clip-bucket 1 Clipbucket 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in signup.php in ClipBucket allows remote attackers to inject arbitrary web script or HTML via the Username field.
CVE-2014-4189 1 Hitachi 2 Jp1\/performance Management-manager Web Option, Tuning Manager 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance Management - Manager Web Option 07-00 through 07-54 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-3014 1 Ibm 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Quality Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Team Concert 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational DOORS Next Generation 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-4301 1 Ajenti 1 Ajenti 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the respond_error function in routing.py in Eugene Pankov Ajenti before 1.2.21.7 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) resources.js or (2) resources.css in ajenti:static/, related to the traceback page.