Filtered by CWE-79
Total 45425 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2013-1880 2 Apache, Redhat 2 Activemq, Fuse Mq Enterprise 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet in the demo web application in Apache ActiveMQ before 5.9.0 allows remote attackers to inject arbitrary web script or HTML via the refresh parameter to demo/portfolioPublish, a different vulnerability than CVE-2012-6092.
CVE-2012-5882 1 Yahoo 1 Yui 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208.
CVE-2013-6780 1 Yahoo 1 Yui 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via the allowedDomain parameter.
CVE-2011-3979 1 Zikula 1 Zikula Application Framework 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in ztemp/view_compiled/Theme/theme_admin_setasdefault.php in the theme module in Zikula Application Framework 1.3.0 build 3168, 1.2.7, and probably other versions allows remote attackers to inject arbitrary web script or HTML via the themename parameter in the setasdefault action to index.php.
CVE-2013-5573 2 Jenkins, Redhat 2 Jenkins, Openshift 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the default markup formatter in Jenkins 1.523 allows remote attackers to inject arbitrary web script or HTML via the Description field in the user configuration.
CVE-2012-4739 1 Barracudanetworks 1 Barracuda Ssl Vpn 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Barracuda SSL VPN before 2.2.2.203 (2012-07-05) allow remote attackers to inject arbitrary web script or HTML via the (1) policyLaunching, (2) resourcePrefix, or (3) actionPath parameter in showUserResourceCategories.do; (4) list or (5) path parameter to fileSystem.do; or (6) return-To parameter to launchAgent.do.
CVE-2012-0132 2 Hp, Microsoft 2 Business Availability Center, Windows 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 9.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-4871 1 Litespeedtech 1 Litespeed Web Server 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in service/graph_html.php in the administrator panel in LiteSpeed Web Server 4.1.11 allows remote attackers to inject arbitrary web script or HTML via the gtitle parameter.
CVE-2013-7231 1 Esri 1 Arcgis Server 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Mobile Content Server in ESRI ArcGIS for Server 10.1 and 10.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-5222.
CVE-2010-4947 1 Allpcscript 1 Allpc 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in advanced_search_result.php in ALLPC 2.5 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter.
CVE-2011-1696 1 Novell 2 Identity Manager Roles Based Provisioning Module, Identity Manager User Application 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Novell Identity Manager (aka IDM) User Application 3.5.0, 3.5.1, 3.6.0, 3.6.1, 3.7.0, and 4.0.0, and Identity Manager Roles Based Provisioning Module 3.6.0, 3.6.1, 3.7.0, and 4.0.0, allows remote attackers to inject arbitrary web script or HTML via the apwaDetail (aka apwaDetailId) parameter, aka Bug 692972.
CVE-2012-1214 1 Yoono 1 Yoono Desktop 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Add friends module in Yoono Desktop Application before 1.8.21 allows remote attackers to inject arbitrary web script or HTML via the create field in a "Create a group" action.
CVE-2010-0949 1 Natychmiast-cms 1 Natychmiast-cms 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Natychmiast CMS allow remote attackers to inject arbitrary web script or HTML via the id_str parameter to (1) index.php and (2) a_index.php.
CVE-2010-0947 1 Bbsmax 1 Bbsmax 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in post.aspx in Max Network Technology BBSMAX 3.0, 4.1, and 4.2 allows remote attackers to inject arbitrary web script or HTML via the action parameter.
CVE-2010-0716 1 Microsoft 1 Sharepoint Server 2025-04-11 N/A
_layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading TXT files, a related issue to CVE-2008-5026. NOTE: the vendor disputes the significance of this issue, because cross-domain isolation can be implemented when needed.
CVE-2010-0697 2 Drupal, Ilya Ivanchenko 2 Drupal, Itweak Upload 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the iTweak Upload module 6.x-1.x before 6.x-1.2 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users, with create content and upload file permissions, to inject arbitrary web script or HTML via the file name of an uploaded file.
CVE-2010-1113 1 Comscripts 1 Web Server Creator Web Portal 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the forum page in Web Server Creator - Web Portal 0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to index.php.
CVE-2010-1108 2 Drupal, Hashmarkconsulting 2 Drupal, Controlpanel 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Control Panel module 5.x through 5.x-1.5 and 6.x through 6.x-1.2 for Drupal allows remote authenticated users, with "administer blocks" privileges, to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-1105 1 Advertisementmanager 1 Advertisementmanager 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in cgi/index.php in AdvertisementManager 3.1.0 and 3.6 allows remote attackers to inject arbitrary web script or HTML via the usr parameter.
CVE-2010-1091 1 Phpmysite 1 Phpmysite 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in contact.php in phpMySite allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) city, (3) email, (4) state, and (5) message parameters.