Vulnerabilities (CVE)

Filtered by CWE-79
Total 26839 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-0478 1 Apple 3 Mac Os X, Safari, Webcore 2023-12-10 4.3 MEDIUM N/A
WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags within an HTML comment.
CVE-2008-0899 1 Bea 1 Weblogic Server 2023-12-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Administration Console in BEA WebLogic Server and Express 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via URLs that are not properly handled by the Unexpected Exception Page.
CVE-2007-6160 1 Tilde 1 Tilde Cms 2023-12-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in Tilde CMS 4.x and earlier allows remote attackers to inject arbitrary web script or HTML via the aarstal parameter in a yeardetail action.
CVE-2008-1209 1 Xitex 1 Xitex Webcontent M1 2023-12-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in redirect.do in Xitex WebContent M1 allows remote attackers to inject arbitrary web script or HTML via the sid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-0186 1 Phprisk 1 Netrisk 2023-12-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in NetRisk 1.9.7 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter, possibly related to CVE-2008-0144.
CVE-2007-3033 1 Microsoft 1 Windows Vista 2023-12-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Windows Vista Feed Headlines Gadget (aka Sidebar RSS Feeds Gadget) in Windows Vista allows user-assisted remote attackers to execute arbitrary code via an RSS feed with crafted HTML attributes, which are not properly removed and are rendered in the local zone.
CVE-2007-4348 1 Ibm 1 Tivoli Storage Manager Client 2023-12-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the CAD service in IBM Tivoli Storage Manager (TSM) Client 5.3.5.3 and 5.4.1.2 for Windows allows remote attackers to inject arbitrary web script or HTML via HTTP requests to port 1581, which generate log entries in a dsmerror.log file that is accessible through a certain web interface.
CVE-2007-6541 1 Neuron News 1 Neuron News 2023-12-10 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in neuron news 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the topic parameter in a viewtopic action, or the (2) newsyear or (3) newsmonth parameter in a newsarchive action to the default URI in patch/.
CVE-2008-0868 2 Bea Systems, Oracle 2 Weblogic Portal, Weblogic Portal 2023-12-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Groupspace in BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 1 allows remote authenticated users to inject arbitrary web script or HTML via unknown vectors.
CVE-2007-4828 1 Mediawiki 1 Mediawiki 2023-12-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the API pretty-printing mode in MediaWiki 1.8.0 through 1.8.4, 1.9.0 through 1.9.3, 1.10.0 through 1.10.1, and the 1.11 development versions before 1.11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-0541 1 Gerd Tentler 1 Simple Forum 2023-12-10 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in forum.php in Gerd Tentler Simple Forum 3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) open and (2) date_show parameters.
CVE-2007-6297 1 Php Heaven 1 Phpmychat 2023-12-10 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in PHPMyChat 0.14.5 allow remote attackers to inject arbitrary web script or HTML via the (1) LIMIT parameter to chat/deluser.php3, the (2) Link parameter to chat/edituser.php3, or the (3) LastCheck or (4) B parameter to chat/users_popupL.php3. NOTE: the FontName vectors for start_page.css.php3 and style.css.php3 are already covered by CVE-2005-1619. The medium vectors for start_page.css.php3 (start_page.css.php) and style.css.php3 (style.css.php), and the From vector for users_popupL.php3 (users_popupL.php), are already covered by CVE-2005-3991.
CVE-2007-6700 1 Openbsd 1 Openbsd 2023-12-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in cgi-bin/bgplg in the web interface for the BGPD daemon in OpenBSD 4.1 allows remote attackers to inject arbitrary web script or HTML via the cmd parameter.
CVE-2007-5588 1 Mnogosearch 1 Mnogosearch 2023-12-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in mnoGoSearch before 3.2.43 allows remote attackers to inject arbitrary web script or HTML via the t parameter in search.cgi, as reachable from search.htm-dist.
CVE-2008-0751 2 Microsoft, S9y 2 Internet Explorer, Serendipity Event Freetag 2023-12-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Freetag before 2.96 plugin for S9Y Serendipity, when using Internet Explorer 6 or 7, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to plugin/tag/.
CVE-2006-7196 1 Apache 1 Tomcat 2023-12-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly unspecified other vectors. NOTE: this may be related to CVE-2006-0254.1.
CVE-2008-0522 1 Hal Networks 3 Perl Cgi Cart, Php Cart, Shop Hal V1 2023-12-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in multiple Hal Networks shopping-cart products allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-1050 1 Abledesign 1 Mycalendar 2023-12-10 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php in AbleDesign MyCalendar allow remote attackers to inject arbitrary web script or HTML via (1) the go parameter, (2) the keyword parameter in the search menu (go=search), or (3) the username or (4) the password in a go=Login action.
CVE-2006-6162 1 Tiki 1 Tikiwiki Cms\/groupware 2023-12-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in tiki-edit_structures.php in TikiWiki 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the pageAlias parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-1174 1 Flicks Software 1 Authentix 2023-12-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in editUser.asp in AuthentiX 6.3b1 Trial allows remote attackers to inject arbitrary web script or HTML via the username parameter.