Filtered by CWE-79
Total 45407 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2010-1762 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML in a TEXTAREA element.
CVE-2011-4814 1 Dolibarr 1 Dolibarr Erp\/crm 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) admin/boxes.php, (3) comm/clients.php, (4) commande/index.php; and the optioncss parameter to (5) admin/ihm.php and (6) user/home.php.
CVE-2010-0541 2 Apple, Redhat 3 Mac Os X, Mac Os X Server, Enterprise Linux 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the WEBrick HTTP server in Ruby in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote attackers to inject arbitrary web script or HTML via a crafted URI that triggers a UTF-7 error page.
CVE-2011-4812 1 Bst 1 Bestshoppro 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in nowosci.php in BestShopPro allows remote attackers to inject arbitrary web script or HTML via the str parameter.
CVE-2011-4809 2 Joomla, Joomlaextensions 2 Joomla\!, Com Hmcommunity 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) language[], (2) university[], (3) persent[], (4) company_name[], (5) designation[], (6) music[], (7) books[], (8) movies[], (9) games[], (10) syp[], (11) ft[], and (12) fa[] parameters in a save task for a profile to index.php. NOTE: some of these details are obtained from third party information.
CVE-2011-4544 1 Prestashop 1 Prestashop 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Prestashop before 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) address or (2) relativ_base_dir parameter to modules/mondialrelay/googlemap.php; the (3) relativ_base_dir, (4) Pays, (5) Ville, (6) CP, (7) Poids, (8) Action, or (9) num parameter to prestashop/modules/mondialrelay/googlemap.php; (10) the num_mode parameter to modules/mondialrelay/kit_mondialrelay/RechercheDetailPointRelais_ajax.php; (11) the Expedition parameter to modules/mondialrelay/kit_mondialrelay/SuiviExpedition_ajax.php; or the (12) folder or (13) name parameter to admin/ajaxfilemanager/ajax_save_text.php.
CVE-2011-4035 1 Schneider-electric 3 Citecthistorian, Citectscada Reports, Vijeo Historian 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-2298 2 Drupal, Nancy Wichmann 3 Drupal, Realname, Realname 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the RealName module 6.x-1.x before 6.x-1.5 for Drupal allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) "user names in page titles" and (2) "autocomplete callbacks."
CVE-2011-4547 1 Zen-cart 1 Zen Cart 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in includes/templates/template_default/common/tpl_header_test_info.php in Zen Cart 1.3.9h, when debugging is enabled, might allow remote attackers to inject arbitrary web script or HTML via the (1) main_page parameter or (2) PATH_INFO, a different vulnerability than CVE-2011-4567.
CVE-2012-2300 2 Drupal, Ubercart 2 Drupal, Ubercart 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 for Drupal allow remote authenticated users with the administer product classes permission to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-2193 1 Ibm 1 Cognos Business Intelligence 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Query Studio in IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 allows user-assisted remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-4278 1 Moodle 1 Moodle 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the tag autocomplete functionality in Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-0594 1 Cisco 1 Router And Security Device Manager 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Cisco Router and Security Device Manager (SDM) allows remote attackers to inject arbitrary web script or HTML via unknown vectors, aka Bug ID CSCtb38467.
CVE-2011-4551 1 Tiki 1 Tikiwiki Cms\/groupware 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in tiki-cookie-jar.php in TikiWiki CMS/Groupware before 8.2 and LTS before 6.5 allows remote attackers to inject arbitrary web script or HTML via arbitrary parameters.
CVE-2011-2379 3 Apple, Microsoft, Mozilla 3 Safari, Internet Explorer, Bugzilla 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Bugzilla 2.4 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before 3.4.12, 3.5.x, 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3, when Internet Explorer before 9 or Safari before 5.0.6 is used for Raw Unified mode, allows remote attackers to inject arbitrary web script or HTML via a crafted patch, related to content sniffing.
CVE-2011-2400 1 Hp 1 Sitescope 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in HP SiteScope 9.x, 10.x, and 11.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-5294 1 Wordpress 1 Wordpress 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the request_filesystem_credentials function in wp-admin/includes/file.php in WordPress before 3.0.2 allow remote servers to inject arbitrary web script or HTML by providing a crafted error message for a (1) FTP or (2) SSH connection attempt.
CVE-2011-4552 1 Oneclickorgs 1 One Click Orgs 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in One Click Orgs before 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the description field of (1) a new vote or (2) the eject member proposal feature.
CVE-2010-2885 1 Adobe 2 Robohelp, Robohelp Server 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 7 and 8, and RoboHelp Server 7 and 8, allows remote attackers to inject arbitrary web script or HTML via vectors related to WebHelp generation with RoboHelp for Word.
CVE-2011-4038 2 Dreamreport, Invensys 2 Dream Report, Wonderware Hmi Reports 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.