CWE-CWE-79 CVE - OpenCVE

Filtered by CWE-79

Total 26831 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2013-6882	1 Cru-inc	2 Ditto Forensic Fieldstation, Ditto Forensic Fieldstation Firmware	2023-12-10	4.3 MEDIUM	N/A
Multiple cross-site scripting (XSS) vulnerabilities in CRU Ditto Forensic FieldStation with firmware 2013Oct15a and earlier allow (1) remote attackers to inject arbitrary web script or HTML via the username parameter in a login or (2) remote authenticated users to inject arbitrary web script or HTML via unspecified form fields.
CVE-2013-4626	2 Marketpress, Wordpress	2 Backwpup Plugin, Wordpress	2023-12-10	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in the BackWPup plugin before 3.0.13 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tab parameter to wp-admin/admin.php.
CVE-2012-2768	1 Best Practical Solutions	1 Request Tracker	2023-12-10	4.3 MEDIUM	N/A
Multiple cross-site scripting (XSS) vulnerabilities in the topic administration page in the RTFM extension 2.0.4 through 2.4.3 for Best Practical Solutions RT allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-1808	1 Zeroclipboard Project	1 Zeroclipboard	2023-12-10	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and ZeroClipboard10.swf in ZeroClipboard before 1.0.8, as used in em-shorty, RepRapCalculator, Fulcrum, Django, aCMS, and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this is might be the same vulnerability as CVE-2013-1463. If so, it is likely that CVE-2013-1463 will be REJECTed.
CVE-2012-6521	1 Elefantcms	1 Elefantcms	2023-12-10	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in apps/admin/handlers/versions.php in Elefant CMS 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter to admin/versions.
CVE-2013-6289	2 Ingo Renner, Typo3	2 Apache Solr, Typo3	2023-12-10	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in the Apache Solr for TYPO3 (solr) extension before 2.8.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-2308	2 Drupal, Tahiticlic	2 Drupal, Taxonomy Grid Catalog	2023-12-10	3.5 LOW	N/A
Cross-site scripting (XSS) vulnerability in the Taxonomy Grid : Catalog module for Drupal 6.x-1.6 and earlier allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-5920	1 Google	1 Web Toolkit	2023-12-10	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in Google Web Toolkit (GWT) 2.4 through 2.5 Final, as used in JBoss Operations Network (ON) 3.1.1 and possibly other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue exists because of an incomplete fix for CVE-2012-4563.
CVE-2012-4262	1 Hccgmbh	1 Mycare2x	2023-12-10	4.3 MEDIUM	N/A
Multiple cross-site scripting (XSS) vulnerabilities in myCare2x allow remote attackers to inject arbitrary web script or HTML via the (1) name_last, (2) name_first, (3) name_middle, or (4) name_maiden parameter to modules/patient/mycare_pid.php; (5) favorites or (6) lang parameter to modules/nursing/mycare_ward_print.php; (7) aktion or (8) callurl parameter to modules/patient/mycare2x_pat_info.php; or (9) ln parameter to modules/drg/mycare2x_proc_search.php.
CVE-2013-3742	1 Phpmyadmin	1 Phpmyadmin	2023-12-10	3.5 LOW	N/A
Cross-site scripting (XSS) vulnerability in view_create.php (aka the Create View page) in phpMyAdmin 4.x before 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via an invalid SQL CREATE VIEW statement with a crafted name that triggers an error message.
CVE-2012-5322	1 Xavi	1 X7968	2023-12-10	4.3 MEDIUM	N/A
Multiple cross-site scripting (XSS) vulnerabilities in Xavi X7968 allow remote attackers to inject arbitrary web script or HTML via the (1) pvcName parameter to webconfig/wan/confirm.html/confirm or (2) host_name_txtbox parameter to webconfig/lan/lan_config.html/local_lan_config.
CVE-2013-6909	1 Cybozu	1 Garoon	2023-12-10	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in a report component in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-4474	2 Colorbox Node, Drupal	2 Dennis Blake, Drupal	2023-12-10	4.3 MEDIUM	N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Colorbox Node module 7.x-2.x before 7.x-2.2 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.
CVE-2011-5221	1 Websvn	1 Websvn	2023-12-10	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in the getLog function in svnlook.php in WebSVN before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the path parameter to (1) comp.php, (2) diff.php, or (3) revision.php.
CVE-2013-2504	1 Matrix42	1 Service Store	2023-12-10	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in SPS/Portal/default.aspx in Service Desk in Matrix42 Service Store 5.3 SP3 (aka 5.33.946.0) allows remote attackers to inject arbitrary web script or HTML via the query string.
CVE-2013-0129	1 Pd-admin	1 Pd-admin	2023-12-10	3.5 LOW	N/A
Multiple cross-site scripting (XSS) vulnerabilities in pd-admin before 4.17 allow remote authenticated users to inject arbitrary web script or HTML via (1) the WebFTP Overview "Create new directory" field or (2) the body of an e-mail autoresponder message.
CVE-2013-5376	1 Ibm	2 Storwize V7000 Unified, Storwize V7000 Unified Software	2023-12-10	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.2.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, related to a "cross frame scripting" attack against an administrative user.
CVE-2013-5305	2 Joachim Ruhs, Typo3	2 Locator, Typo3	2023-12-10	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-2205	1 Wordpress	1 Wordpress	2023-12-10	4.3 MEDIUM	N/A
The default configuration of SWFUpload in WordPress before 3.5.2 has an unrestrictive security.allowDomain setting, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted web site.
CVE-2012-4531	1 Joomla	1 Joomla\!	2023-12-10	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vulnerabilities (CVE)