Vulnerabilities (CVE)

Filtered by CWE-79
Total 19399 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-5000 1 Ibm 1 Filenet P8 Application Engine 2010-09-21 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 4.0.2.x before 4.0.2.3-P8AE-FP003 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to .jsp pages.
CVE-2010-3472 1 Ibm 1 Filenet P8 Application Engine 2010-09-21 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-021 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-3462 1 Mollify 1 Mollify 2010-09-20 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in backend/plugin/Registration/index.php in Mollify 1.6, 1.6.5.5, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the confirm parameter. NOTE: some of these details are obtained from third party information.
CVE-2010-3427 1 Open-classifieds 1 Open Classifieds 2010-09-17 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Open Classifieds 1.7.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) desc, (2) price, (3) title, and (4) place parameters to index.php and the (5) subject parameter to contact.htm, related to content/contact.php.
CVE-2010-2958 1 Phpmyadmin 1 Phpmyadmin 2010-09-14 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in libraries/Error.class.php in phpMyAdmin 3.x before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to a PHP backtrace and error messages (aka debugging messages), a different vulnerability than CVE-2010-3056.
CVE-2010-2366 1 Futomi 1 Access Analyzer Cgi 2010-09-14 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in futomi CGI Cafe Access Analyzer CGI Professional, and Standard 4.0.2 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-3317 1 Ibm 1 Filenet Content Manager 2010-09-14 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-2957 1 S9y 1 Serendipity 2010-09-10 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in Serendipity before 1.5.4, when "Remember me" logins are enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-2480 1 Makotemplates 1 Mako 2010-09-09 4.3 MEDIUM N/A
Mako before 0.3.4 relies on the cgi.escape function in the Python standard library for cross-site scripting (XSS) protection, which makes it easier for remote attackers to conduct XSS attacks via vectors involving single-quote characters and a JavaScript onLoad event handler for a BODY element.
CVE-2010-1459 1 Mono 1 Mono 2010-09-09 4.3 MEDIUM N/A
The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by the __VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project.
CVE-2010-2364 1 Common1 1 Moobbs 2010-08-31 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Free CGI Moo moobbs before 1.03 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-2365 1 Common1 1 Moobbs2 2010-08-31 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Free CGI Moo moobbs2 before 1.03 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2002-2330 1 Uninet 1 Statsplus 2010-08-30 5.0 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in stat.pl in StatsPlus 1.25 allows remote attackers to inject arbitrary web script or HTML via (1) HTTP_USER_AGENT or (2) HTTP_REFERER, which is written to stats.html and executed in client browsers.
CVE-2007-5227 1 Blackboard 1 Blackboard Learning And Community Post Systems 2010-08-30 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in messaging/course/composeMessage.jsp in BlackBoard Learning System 6.3.1.593 and earlier in BlackBoard Academic Suite allow remote attackers to inject arbitrary web script or HTML via the (1) subject_t and (2) body_text parameters. NOTE: vector 2 requires bypassing a client-side security mechanism that attempts to block XSS sequences.
CVE-2009-4995 1 Smartertools 1 Smartertrack 2010-08-26 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in frmTickets.aspx in SmarterTools SmarterTrack before 4.0.3504 allows remote attackers to inject arbitrary web script or HTML via the email address field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-4994 1 Smartertools 1 Smartertrack 2010-08-26 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in frmKBSearch.aspx in SmarterTools SmarterTrack before 4.0.3504 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
CVE-2009-4989 1 Ajsquare 1 Aj Auction Pro-oopd 2010-08-25 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in AJ Auction Pro OOPD 3.0 allows remote attackers to inject arbitrary web script or HTML via the txtkeyword parameter in a search action.
CVE-2009-4980 1 Keil-software 1 Photokorn Gallery 2010-08-25 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Photokorn Gallery 1.81 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) where[] parameter to search.php and (2) qc parameter to admin.php.
CVE-2009-4990 2 Drupal, Jrbcs 2 Drupal, Webform Report 2010-08-25 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Webform report module 5.x and 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via a submission.
CVE-2009-4983 1 Snowhall 1 Silurus System 2010-08-25 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Silurus Classifieds 1.0 allow remote attackers to inject arbitrary web script or HTML via the ID parameter to (1) category.php and (2) wcategory.php, and the (3) keywords parameter to search.php.