Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-79

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 6403 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-0274 1 Drupal 1 Drupal 2017-08-08 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in Drupal 4.7.x and 5.x, when certain .htaccess protections are disabled, allows remote attackers to inject arbitrary web script or HTML via crafted links involving theme .tpl.php files.
CVE-2008-0273 1 Drupal 1 Drupal 2017-08-08 4.3 MEDIUM N/A
Interpretation conflict in Drupal 4.7.x before 4.7.11 and 5.x before 5.6, when Internet Explorer 6 is used, allows remote attackers to conduct cross-site scripting (XSS) attacks via invalid UTF-8 byte sequences, which are not processed as UTF-8 by Drupal's HTML filtering, but are processed as UTF-8 by Internet Explorer, effectively removing characters from the document and defeating the HTML protection mechanism.
CVE-2008-0258 1 Php Running Management 1 Phprunman 2017-08-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in PHP Running Management (phpRunMan) before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the message parameter.
CVE-2008-0257 1 Dansie 1 Search Engine 2017-08-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in search.pl in Dansie Search Engine 2.7 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-0218 1 Merak 1 Icewarp Mail Server 2017-08-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in admin/index.html in Merak IceWarp Mail Server allows remote attackers to inject arbitrary web script or HTML via the message parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-0124 1 S9y 1 Serendipity 2017-08-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before 1.3-beta1 allows remote authenticated users to inject arbitrary web script or HTML via (1) the "Real name" field in Personal Settings, which is presented to readers of articles; or (2) a file upload, as demonstrated by a .htm, .html, or .js file.
CVE-2008-0093 1 Eticket 1 Eticket 2017-08-08 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in newticket.php in eTicket 1.5.5.2, and 1.5.6 RC2 and RC3, allow remote attackers to inject arbitrary web script or HTML via the (1) Name and (2) Subject parameters.
CVE-2007-6695 1 Drake Team 1 Drake Cms 2017-08-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in Drake CMS 0.4.9 allows remote attackers to inject arbitrary web script or HTML via the option parameter.
CVE-2007-6674 1 Rapidshare 1 Database 2017-08-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Default.asp in RapidShare Database allows remote attackers to inject arbitrary web script or HTML via the Arayalim parameter.
CVE-2007-6669 1 Phpcredo 1 Phcdownload 2017-08-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in search.php in PHCDownload 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the string parameter.
CVE-2007-6673 1 Makale Scripti 1 Makale Scripti 2017-08-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Makale Scripti allows remote attackers to inject arbitrary web script or HTML via the ara parameter to the default URI under Ara/ in a search action.
CVE-2007-6588 1 Phpcredo 1 Phcdownload 2017-08-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in PHCDownload 1.10 allows remote attackers to inject arbitrary web script or HTML via the username field in an unspecified component. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-6572 1 Sun 2 Java System Web Proxy Server, Java System Web Server 2017-08-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Sun Java System Web Server 6.1 before SP8 and 7.0 before Update 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566204.
CVE-2007-6571 1 Sun 2 Java System Web Proxy Server, Java System Web Server 2017-08-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Sun Java System Web Proxy Server 3.6 before SP11 on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6611356.
CVE-2007-6570 1 Sun 2 Java System Web Proxy Server, Java System Web Server 2017-08-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the View URL Database functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 and 3.x before 3.6 SP11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566309.
CVE-2007-6564 1 Limbo Cms 1 Limbo Cms 2017-08-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in admin.php in Limbo CMS 1.0.4.2 allows remote attackers to inject arbitrary web script or HTML via the com_option parameter.
CVE-2007-6522 1 Opera 1 Opera Browser 2017-08-08 4.3 MEDIUM N/A
The rich text editing functionality in Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks by using designMode to modify contents of pages in other domains.
CVE-2007-6520 1 Opera 1 Opera Browser 2017-08-08 4.3 MEDIUM N/A
Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks via unknown vectors related to plug-ins.
CVE-2007-6486 1 Geek-palace.com 1 Lineshout 2017-08-08 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in shout.php (aka the shoutbox) in LineShout 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) username (nickname) or (2) message parameter. NOTE: some of these details are obtained from third party information.
CVE-2007-6477 1 Citrix 1 Web Interface 2017-08-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the on-line help feature in Citrix Web Interface 2.0 and earlier, and NFuse, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-6452 1 Google 1 Web Toolkit 2017-08-08 4.3 MEDIUM N/A
Unspecified vulnerability in the benchmark reporting system in Google Web Toolkit (GWT) before 1.4.61 has unknown impact and attack vectors, possibly related to cross-site scripting (XSS).
CVE-2007-6346 1 Rainboard 1 Rainboard 2017-08-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Rainboard before 2.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-6298 1 Drupal 1 Shoutbox 2017-08-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Shoutbox module for Drupal 5.x before Shoutbox 5.x-1.1 allows remote authenticated users to inject arbitrary web script or HTML via Shoutbox block messages.
CVE-2007-6295 1 Ibm 1 Lotus Sametime 2017-08-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the WebRunMenuFrame page in the online meeting center template in IBM Lotus Sametime before 8.0 allows remote attackers to inject arbitrary web script or HTML via the URI.
CVE-2007-6287 1 Lxlabs 1 Hypervm 2017-08-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the login page in Lxlabs HyperVM 2.0 allows remote attackers to inject arbitrary web script or HTML via the frm_emessage parameter, a different vector than CVE-2006-6649. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-6274 1 Bcoos 1 Bcoos 2017-08-08 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in modules/ecal/display.php in the Event Calendar in bcoos 1.0.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) day or (2) year parameter.
CVE-2007-6270 1 Xigla 1 Absolute News Manager.net 2017-08-08 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Absolute News Manager.NET 5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) rmore parameter to xlaabsolutenm.aspx and the (2) template parameter to pages/default.aspx.
CVE-2007-6100 1 Phpmyadmin 1 Phpmyadmin 2017-07-29 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in libraries/auth/cookie.auth.lib.php in phpMyAdmin before 2.11.2.2, when logins are authenticated with the cookie auth_type, allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter to index.php, a different vulnerability than CVE-2005-0992.
CVE-2007-6104 1 Filemaker 2 Filemaker, Filemaker Server 2017-07-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Instant Web Publishing feature in FileMaker Pro 7 and 8, Server 7 and 8, and Developer 7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-6142 1 Salims Softhouse 1 Jaf Cms 2017-07-29 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just another flat file (JAF) CMS 4.0 RC2 allow remote attackers to inject arbitrary web script or HTML via the (1) show parameter to index.php and the (2) print parameter to print.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-6196 1 Calacode 1 Atmail Webmail System 2017-07-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in util.php in Calacode @Mail before 5.2 allows remote attackers to inject arbitrary web script or HTML via the func parameter.
CVE-2007-4945 1 Jasmine Technologies 1 Lettergrade 2017-07-29 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in LetterGrade allow remote attackers to inject arbitrary web script or HTML via (1) a student's email address, (2) the year parameter to genbrws/Student/cal_month.php3, and other unspecified vectors related to the calendar. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-4912 1 Invision Power Services 1 Invision Power Board 2017-07-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in ips_kernel/class_ajax.php in Invision Power Board (IPB or IP.Board) 2.3.1 up to 20070912 allows remote attackers to inject arbitrary web script or HTML into user profile fields via unspecified vectors related to character sets other than iso-8859-1 or utf-8.
CVE-2007-5854 1 Apple 1 Mac Os X 2017-07-29 4.3 MEDIUM N/A
Launch Services in Apple Mac OS X 10.4.11 and 10.5.1 does not treat HTML files as unsafe content, which allows attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via a crafted HTML file.
CVE-2007-5858 1 Apple 4 Iphone, Ipod Touch, Mac Os X and 1 more 2017-07-29 4.3 MEDIUM N/A
WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1, iPhone 1.0 through 1.1.2, and iPod touch 1.1 through 1.1.2 allows remote attackers to "navigate the subframes of any other page," which can be leveraged to conduct cross-site scripting (XSS) attacks and obtain sensitive information.
CVE-2007-5888 1 Coppermine 1 Coppermine Photo Gallery 2017-07-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in displayecard.php in Coppermine Photo Gallery (CPG) before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the data parameter.
CVE-2007-5891 1 Manageengine 2 Opmanager, Opmanager Msp 2017-07-29 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in jsp/Login.do in ManageEngine OpManager MSP Edition and OpManager 7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) requestid, (2) fileid, (3) woMode, and (2) woID parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-5930 1 Cerberus 1 Ftp Server 2017-07-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the web interface in Cerberus FTP Server before 2.46 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-5798 1 Ibm 1 Websphere Application Server 2017-07-29 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in uddigui/navigateTree.do in the UDDI user console in IBM WebSphere Application Server (WAS) before 6.1.0 Fix Pack 13 (6.1.0.13) allow remote attackers to inject arbitrary web script or HTML via the (1) keyField, (2) nameField, (3) valueField, and (4) frameReturn parameters.
CVE-2007-5932 1 Fatwire 1 Fatwire Content Server 2017-07-29 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Fatwire Content Server (CS) CMS 6.3.0 allow remote attackers to inject arbitrary web script or HTML via unspecified form fields related to the (1) search function, (2) advanced search function, and possibly other components.
CVE-2007-5949 1 Ibm 1 Tivoli Service Desk 2017-07-29 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in IBM Tivoli Service Desk 6.2 allows remote authenticated users to inject arbitrary web script or HTML via the Description parameter in a Maximo change action.
CVE-2007-5950 1 Netcommons 1 Netcommons 2017-07-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in NetCommons before 1.0.11, and 1.1.x before 1.1.2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2006-4165.
CVE-2007-5955 1 Updir 1 Updir.net 2017-07-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in updir.php in UPDIR.NET before 2.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-5985 1 Bti-tracker 1 Bti-tracker 2017-07-29 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in BtiTracker before 1.4.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) account.php, (2) moresmiles.php, or (3) recover.php; or (4) the "to" parameter to usercp.php.
CVE-2007-6001 1 Bandersnatch 1 Bandersnatch 2017-07-29 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Bandersnatch 0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) func or (2) date parameter, or the jid parameter in a (3) log or (4) user action, a different vulnerability than CVE-2007-3910.
CVE-2007-6002 1 Fenrir 2 Grani, Sleipnir 2017-07-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Fenriru (1) Sleipnir 2.5.17 R2 and earlier and (2) Grani 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the Search field in a search for additions to the Favorites section.
CVE-2007-6003 1 Thomson 1 Speedtouch 2017-07-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in cgi/b/ic/connect in the Thomson SpeedTouch 716 with firmware 5.4.0.14 allows remote attackers to inject arbitrary web script or HTML via the url parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-5673 1 Ifnet 1 Webif 2017-07-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in cgi-bin/webif.exe in ifnet WebIf allows remote attackers to inject arbitrary web script or HTML via the cmd parameter.
CVE-2007-5728 1 Phppgadmin 1 Phppgadmin 2017-07-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, and possibly 4.1.2, allows remote attackers to inject arbitrary web script or HTML via certain input available in PHP_SELF in (1) redirect.php, possibly related to (2) login.php, different vectors than CVE-2007-2865.
CVE-2007-5977 1 Phpmyadmin 1 Phpmyadmin 2017-07-29 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in db_create.php in phpMyAdmin before 2.11.2.1 allows remote authenticated users with CREATE DATABASE privileges to inject arbitrary web script or HTML via a hex-encoded IMG element in the db parameter in a POST request, a different vulnerability than CVE-2006-6942.