Filtered by CWE-79
Total 45554 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2016-2833 3 Canonical, Mozilla, Opensuse 4 Ubuntu Linux, Firefox, Leap and 1 more 2025-04-12 N/A
Mozilla Firefox before 47.0 ignores Content Security Policy (CSP) directives for cross-domain Java applets, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted applet.
CVE-2016-2078 2 Microsoft, Vmware 2 Windows, Vcenter Server 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Web Client in VMware vCenter Server 5.1 before update 3d, 5.5 before update 3d, and 6.0 before update 2 on Windows allows remote attackers to inject arbitrary web script or HTML via the flashvars parameter.
CVE-2016-4851 1 Let\'s Php\! 1 Simple Chat 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in Let's PHP! simple chat before 2016-08-15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-4789 2 Ivanti, Pulsesecure 2 Connect Secure, Pulse Connect Secure 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the system configuration section in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-5301 1 Kubelabs 1 Phpdug 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in PHPDug 2.0.0 allow remote attackers to inject arbitrary web script or HTML via (1) the story_url parameter to add_story.php, (2) the email parameter to editprofile.php, (3) the title parameter to adm/content_add.php, or (4) the username parameter to adm/admin_edit.php.
CVE-2016-4848 1 Clip-bucket 1 Clipbucket 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in ClipBucket before 2.8.1 RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-4790 2 Ivanti, Pulsesecure 2 Connect Secure, Pulse Connect Secure 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-5305 1 Zaunz Gmbh 1 Cosmoshop 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in CosmoShop ePRO 10.05.00 allow remote attackers to inject arbitrary web script or HTML via (1) the rcopy parameter to cgi-bin/admin/rubrikadmin.cgi, (2) the typ parameter to cgi-bin/admin/artikeladmin.cgi, or (3) the suchbegriff parameter to cgi-bin/admin/shophilfe_suche.cgi.
CVE-2011-5287 1 Hesk 1 Hesk 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in HESK before 2.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) hesk_settings[tmp_title] or (2) hesklang[ENCODING] parameter to inc/header.inc.php; the hesklang[attempt] parameter to (3) inc/assignment_search.inc.php, (4) inc/attachments.inc.php, (5) inc/common.inc.php, (6) inc/database.inc.php, (7) inc/prepare_ticket_search.inc.php, (8) inc/print_tickets.inc.php, (9) inc/show_admin_nav.inc.php, (10) inc/show_search_form.inc.php, or (11) inc/ticket_list.inc.php; or (12) the PATH_INFO to language/en/text.php.
CVE-2016-4567 2 Mediaelementjs, Wordpress 2 Mediaelement.js, Wordpress 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in flash/FlashMediaElement.as in MediaElement.js before 2.21.0, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via an obfuscated form of the jsinitfunction parameter, as demonstrated by "jsinitfunctio%gn."
CVE-2016-10083 1 Piwigo 1 Piwigo 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in admin/plugin.php in Piwigo through 2.8.3 allows remote attackers to inject arbitrary web script or HTML via a crafted filename that is mishandled in a certain error case.
CVE-2016-0227 1 Ibm 1 Business Process Manager 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the document-list control implementation in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, and 8.5.5 and 8.5.6 through 8.5.6.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
CVE-2014-1456 1 Openwebanalytics 1 Open Web Analytics 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the login page in Open Web Analytics (OWA) before 1.5.6 allows remote attackers to inject arbitrary web script or HTML via the owa_user_id parameter to index.php.
CVE-2014-9507 1 Mediawiki 1 Mediawiki 2025-04-12 N/A
MediaWiki 1.21.x, 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgContentHandlerUseDB is enabled, allows remote attackers to conduct cross-site scripting (XSS) attacks by setting the content model for a revision to JS.
CVE-2014-8110 1 Apache 1 Activemq 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the web based administration console in Apache ActiveMQ 5.x before 5.10.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-6920 1 Sourceafrica Project 1 Sourceafrica 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in js/window.php in the sourceAFRICA plugin 0.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter.
CVE-2015-4135 1 Phpwind 1 Phpwind 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in goto.php in phpwind 8.7 allows remote attackers to inject arbitrary web script or HTML via the url parameter.
CVE-2015-4065 1 Landing Pages Project 1 Landing Pages 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in shared/shortcodes/inbound-shortcodes.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the post parameter to wp-admin/post-new.php.
CVE-2014-3551 1 Moodle 1 Moodle 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the advanced-grading implementation in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) qualification or (2) rating field in a rubric.
CVE-2015-5732 1 Wordpress 1 Wordpress 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the form function in the WP_Nav_Menu_Widget class in wp-includes/default-widgets.php in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via a widget title.