Filtered by CWE-79
Total 45505 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2011-1357 1 Ibm 1 Websphere Service Registry And Repository 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in agentDetect.jsp in the web UI in IBM WebSphere Service Registry and Repository (WSRR) 6.3 before 6.3.0.5, 7.0 before 7.0.0.5, and 7.5 before 7.5.0.1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header.
CVE-2012-4928 1 Oxwall 1 Oxwall 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in ow_updates/index.php in Oxwall 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the plugin parameter.
CVE-2012-6369 1 1password 1 1password 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Troubleshooting Reporting System feature in AgileBits 1Password 3.9.9 might allow remote attackers to inject arbitrary web script or HTML via a crafted User-Agent HTTP header that is not properly handled in a View Troubleshooting Report action.
CVE-2012-5219 1 Hp 1 Managed Printing Administration 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in HP Managed Printing Administration (MPA) before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-5296 1 Mavili Guestbook Project 1 Mavili Guestbook 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Mavili Guestbook, as released in November 2007, allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) approve.asp, (2) delete.asp, (3) edit.asp, or (4) edit2.asp.
CVE-2010-4973 1 Sourcefabric 1 Campsite 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the search feature in Campsite 3.4.0 allows remote attackers to inject arbitrary web script or HTML via the f_search_keywords parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2010-5002 1 Exponentcms 1 Exponent Cms 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in modules/slideshowmodule/slideshow.js.php in Exponent CMS 0.97.0 allows remote attackers to inject arbitrary web script or HTML via the u parameter.
CVE-2010-1080 1 Pulsecms 1 Pulse Cms 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in view.php in Pulse CMS 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter.
CVE-2012-5705 2 Drupal, Justin Dodge 2 Drupal, Hotblocks 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the settings page (admin/settings/hotblocks) in the Hotblocks module 6.x-1.x before 6.x-1.8 for Drupal allows remote authenticated users with the "administer hotblocks" permission to inject arbitrary web script or HTML via the "block names."
CVE-2012-5761 1 Ibm 1 Netezza 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4868 1 Hitronsoft 1 Answer Me 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Hitron Soft Answer Me 1.0 allows remote attackers to inject arbitrary web script or HTML via the q_id parameter to the answers script (aka answers.php). NOTE: some of these details are obtained from third party information.
CVE-2012-5591 2 Catalin Florian Radut, Drupal 2 Zeropoint, Drupal 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Zero Point module 6.x-1.x before 6.x-1.18 and 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via the path aliases.
CVE-2011-1696 1 Novell 2 Identity Manager Roles Based Provisioning Module, Identity Manager User Application 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Novell Identity Manager (aka IDM) User Application 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, and 4.0.0, and Identity Manager Roles Based Provisioning Module 3.6.0, 3.6.1, 3.7.0, and 4.0.0, allows remote attackers to inject arbitrary web script or HTML via the apwaDetail (aka apwaDetailId) parameter, aka Bug 692972.
CVE-2011-4064 1 Phpmyadmin 1 Phpmyadmin 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the setup interface in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to inject arbitrary web script or HTML via a crafted value.
CVE-2012-5316 1 Barracudanetworks 2 Spam \& Virus Firewall 600, Spam \& Virus Firewall 600 Firmware 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Barracuda Spam & Virus Firewall 600 Firmware 4.0.1.009 and earlier allow remote authenticated users to inject arbitrary web script or HTML via (1) Troubleshooting in the Trace route Device module or (2) LDAP Username in the LDAP Configuration module.
CVE-2011-5023 1 Pligg 1 Pligg Cms 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Pligg CMS 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the search program, a different vulnerability than CVE-2011-3986.
CVE-2013-1972 2 Alexey Sukhotin, Drupal 2 Elfinder, Drupal 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in the elFinder file manager module 6.x-0.x before 6.x-0.8 and 7.x-0.x before 7.x-0.8 for Drupal allows remote attackers to hijack the authentication of unspecified victims to create, modify, or delete files via unknown vectors.
CVE-2011-1330 1 Kbs 1 Weblygo 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in WeblyGo 5.0 Pro/LE, 5.02 Pro/LE, 5.03 Pro/LE, 5.04 Pro/LE, and 5.10 Pro/LE allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-0449 1 Hp 1 Soa Registry Foundation 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in HP SOA Registry Foundation 6.63 and 6.64 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2009-4744 1 Oicgroup 1 Exponent Cms 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Contact module in Exponent CMS 0.97-GA20090213 allows remote attackers to inject arbitrary web script or HTML via the email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.