Filtered by CWE-79
Total 45430 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2014-0680 1 Cisco 1 Identity Services Engine 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the HTTP control interface in the NAC Web Agent component in Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCui15038.
CVE-2013-6388 1 Drupal 1 Drupal 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Color module in Drupal 7.x before 7.24 allows remote attackers to inject arbitrary web script or HTML via vectors related to CSS.
CVE-2013-5690 1 Open-xchange 1 Open-xchange Appsuite 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite before 7.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) content with the text/xml MIME type or (2) the Status comment field of an appointment.
CVE-2013-4460 1 Mantisbt 1 Mantisbt 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in account_sponsor_page.php in MantisBT 1.0.0 through 1.2.15 allows remote authenticated users to inject arbitrary web script or HTML via a project name.
CVE-2013-3962 1 Grandstream 11 Gxv3500, Gxv3501, Gxv3504 and 8 more 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models before firmware 1.0.4.44, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVE-2013-3414 1 Cisco 2 Adaptive Security Appliance, Adaptive Security Appliance Software 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the WebVPN portal login page on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCug83080.
CVE-2009-4716 1 Edgephp 1 Ezwebsearch 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in results.php in EDGEPHP EZWebSearch allows remote attackers to inject arbitrary web script or HTML via the language parameter.
CVE-2009-4706 2 Sebastian Winterhalder, Typo3 2 Mailform, Typo3 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Mailform (mailform) extension before 0.9.24 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-1815 1 Google 1 Chrome 2025-04-11 N/A
Google Chrome before 12.0.742.91 allows remote attackers to inject script into a tab page via vectors related to extensions.
CVE-2013-5323 2 Stanislas Rolland, Typo3 2 Static Info Tables, Typo3 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Static Info Tables (static_info_tables) extension before 2.3.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-6819 1 Sap 1 Netweaver 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Performance Provider in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-4836 1 Homeseer 1 Homeseer Hs2 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the web interface in HomeSeer HS2 2.5.0.20 allows remote attackers to inject arbitrary web script or HTML via a request for a crafted URI.
CVE-2013-3920 1 Jahia 1 Jahia Xcm 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Jahia xCM before 6.6.2 allows remote authenticated users to inject arbitrary web script or HTML via the "about me" field.
CVE-2012-5941 1 Ibm 1 Netezza 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza allows remote authenticated users to inject content, and conduct phishing attacks, via unspecified vectors.
CVE-2012-2068 2 Drupal, Tiger-fish 2 Drupal, Fancy Slide 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in fancy_slide.module in the Fancy Slide module before 6.x-2.7 for Drupal allow remote authenticated users with the administer fancy_slide permission to inject arbitrary web script or HTML via the (1) node_title or (2) nodequeue_title parameter.
CVE-2009-4681 1 Phpdirectorysource 1 Phpdirectorysource 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in search.php in phpDirectorySource 1.x allows remote attackers to inject arbitrary web script or HTML via the st parameter.
CVE-2009-4894 1 Punbb 1 Punbb 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in profile.php in PunBB before 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) password or (2) e-mail.
CVE-2009-4989 1 Ajsquare 1 Aj Auction Pro-oopd 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in index.php in AJ Auction Pro OOPD 3.0 allows remote attackers to inject arbitrary web script or HTML via the txtkeyword parameter in a search action.
CVE-2010-0449 1 Hp 1 Soa Registry Foundation 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in HP SOA Registry Foundation 6.63 and 6.64 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2010-0699 1 Videosearchscript 1 Videosearchscript Pro 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in index.php in VideoSearchScript Pro 3.5 allows remote attackers to inject arbitrary web script or HTML via the q parameter.