Filtered by CWE-79
Total 45374 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2010-2010 1 Chaos Tool Suite Project 1 Ctools 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote attackers to inject arbitrary web script or HTML via a node title.
CVE-2010-2013 1 Createch-group 1 Lisk Cms 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in cp/edit_email.php in LiSK CMS 4.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-2013-5966 1 Zkoss 1 Zk Framework 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in ZK Framework before 5.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-1564 1 Yuriy V Semenikhin 1 Yvs Image Gallery 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in administration/create_album.php in YVS Image Gallery allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-6962 1 Cisco 1 Webex Meeting Center 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the mobile-browser subsystem in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36228.
CVE-2011-4910 1 Joomla 1 Joomla\! 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Joomla! before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVE-2012-5225 1 Eliteweaver 1 Xclick Cart 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in webscr.php in xClick Cart 1.0.1 and 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the shopping_url parameter.
CVE-2012-1634 2 Drupal, Hans Nilsson 2 Drupal, Video Filter 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in video_filter.codecs.inc in the Video Filter module 6.x-2.x and 7.x-2.x for Drupal allows remote attackers to inject arbitrary web script or HTML via the EMBEDLOOKUP parameter for Blip.tv links.
CVE-2010-5035 1 Iscripts 1 Eswap 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in search.php in iScripts eSwap 2.0 allows remote attackers to inject arbitrary web script or HTML via the txtHomeSearch parameter (aka the search field). NOTE: some of these details are obtained from third party information.
CVE-2011-5125 1 Bluecoat 1 Director 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Blue Coat Director before 5.5.2.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving the HTTP TRACE method.
CVE-2011-5206 1 Rapidleech 1 Rapidleech 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in notes.php in Rapidleech before 2.3 rev42 SVN r399 allows remote attackers to inject arbitrary web script or HTML via the notes parameter.
CVE-2013-5519 1 Cisco 1 Wireless Lan Controller 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the management interface on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuf77810.
CVE-2011-2999 2 Mozilla, Redhat 4 Firefox, Seamonkey, Thunderbird and 1 more 2025-04-11 N/A
Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before 6.0, and SeaMonkey before 2.3 do not properly handle "location" as the name of a frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, a different vulnerability than CVE-2010-0170.
CVE-2010-1541 1 Dragonfrugal 1 Dfd Cart 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in DFD Cart 1.198, 1.197, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) category and (2) list_quantity parameters to index.php, and the (3) category parameter to your.order.php.
CVE-2012-1787 1 Webglimpse 1 Webglimpse 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in wgarcmin.cgi in Webglimpse 2.20.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) URL, (2) FILE, or (3) DOMAIN parameters.
CVE-2013-5013 1 Symantec 1 Web Gateway 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.2 allow remote attackers to inject arbitrary web script or HTML via (1) vectors involving PHP scripts and (2) unspecified other vectors.
CVE-2013-4884 1 Mcafee 1 Superscan 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in McAfee SuperScan 4.0 allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded sequences in a server response, which is not properly handled in the SuperScan HTML report.
CVE-2013-4815 1 Microfocus 1 Arcsight Enterprise Security Manager 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the web interface in HP ArcSight Enterprise Security Manager (ESM) before 5.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-1448 1 Malcom Box 1 Lxr Cross Referencer 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in lib/LXR/Common.pm in LXR Cross Referencer before 0.9.8 allows remote attackers to inject arbitrary web script or HTML via vectors related to a string in the search page's TITLE element, a different vulnerability than CVE-2009-4497 and CVE-2010-1625.
CVE-2013-4716 1 Tattyan 1 Tattyan Hptown 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Tattyan HP TOWN 5_9_3 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string.