Filtered by CWE-79
Total 45481 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2011-5026 1 Winn 1 Winn Guestbook 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the addPost function in data/functions.php in Winn GuestBook before 2.4.8d allows remote attackers to inject arbitrary web script or HTML via the name parameter to index.php. NOTE: some of these details are obtained from third party information.
CVE-2012-5856 2 Uk-cookie Project, Wordpress 2 Uk-cookie, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Uk Cookie (aka uk-cookie) plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-2381 1 Apache 1 Roller 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
CVE-2012-2205 1 Ibm 1 Rational Clearquest 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a workspace query.
CVE-2013-4019 1 Ibm 1 Maximo Asset Management 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8 and 7.1 before 7.1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-2651 1 Boltwire 1 Boltwire 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in BoltWire 3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) "p" or (2) content parameter to index.php.
CVE-2013-3616 1 Knowledgeview 1 Knowledgeview Editorial And Management Application 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the KnowledgeView Editorial and Management application allows remote attackers to inject arbitrary web script or HTML via the username parameter.
CVE-2009-4990 2 Drupal, Jrbcs 2 Drupal, Webform Report 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Webform report module 5.x and 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via a submission.
CVE-2012-5105 1 Sqlitemanager 1 Sqlitemanager 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in SQLiteManager 1.2.4 allow remote attackers to inject arbitrary web script or HTML via the dbsel parameter to (1) main.php or (2) index.php; or (3) nsextt parameter to index.php.
CVE-2013-4045 1 Ibm 1 Spss Collaboration And Deployment Services 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Portal application in IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-6997 1 Open-xchange 1 Open-xchange Appsuite 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange (OX) AppSuite 7.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an HTML email with crafted CSS code containing wildcards or (2) office documents containing "crafted hyperlinks with script URL handlers."
CVE-2013-5099 1 Anchor 1 Anchor Cms 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in article.php in Anchor CMS 0.9.1, when comments are enabled, allows remote attackers to inject arbitrary web script or HTML via the Name field. NOTE: some sources have reported that comments.php is vulnerable, but certain functions from comments.php are used by article.php.
CVE-2013-4167 1 Cmsmadesimple 1 Cms Made Simple 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) before 1.11.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-3308 1 Ibm 1 Sametime 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in IBM Sametime 8.0.2 through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via an IM chat.
CVE-2013-5098 2 Mikejolley, Wordpress 2 Download Monitor, Wordpress 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in admin/admin.php in the Download Monitor plugin before 3.3.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the sort parameter, a different vulnerability than CVE-2013-3262.
CVE-2012-2072 2 Drupal, Patrick Przybilla 2 Drupal, Addtoany 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Share Buttons (AddToAny) module 6.x-3.x before 6.x-3.4 for Drupal allows remote authenticated users with the administer addtoany permission to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-5092 1 Algosec 1 Firewall Analyzer 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in afa/php/Login.php in AlgoSec Firewall Analyzer 6.1-b86 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVE-2013-4946 1 Bmc 1 Service Desk Express 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in BMC Service Desk Express (SDE) 10.2.1.95 allow remote attackers to inject arbitrary web script or HTML via the (1) SelTab parameter to QV_admin.aspx, the (2) CallBack parameter to QV_grid.aspx, or the (3) HelpPage parameter to commonhelp.aspx.
CVE-2013-4716 1 Tattyan 1 Tattyan Hptown 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Tattyan HP TOWN 5_9_3 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string.
CVE-2013-4714 1 Tiki 1 Tikiwiki Cms\/groupware 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Tiki Wiki CMS Groupware 6 LTS before 6.13LTS, 9 LTS before 9.7LTS, 10.x before 10.4, and 11.x before 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.