Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-79

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 6403 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-9311 1 Shareaholic 1 Shareaholic 2015-04-15 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in admin.php in the Shareaholic plugin before 7.6.1.0 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the location[id] parameter in a shareaholic_add_location action to wp-admin/admin-ajax.php.
CVE-2014-9146 1 Fiyo 1 Fiyo Cms 2015-04-15 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Fiyo CMS 2.0.1.8 allow remote attackers to inject arbitrary web script or HTML via the (1) view, (2) id, (3) page, or (4) app parameter to the default URI or the (5) act parameter to dapur/index.php.
CVE-2015-0876 1 Saurus 1 Saurus Cms 2015-04-07 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the print_language_selectbox function in classes/adminpage.inc.php in Saurus CMS Community Edition before 4.7 2015-02-04 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-0950 1 Qualiteam 1 X-cart 2015-04-06 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in admin.php in X-Cart 5.1.6 through 5.1.10 allows remote attackers to inject arbitrary web script or HTML via the substring parameter.
CVE-2015-0976 1 Inductiveautomation 1 Ignition 2015-04-03 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Inductive Automation Ignition 7.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-0900 1 Nishishi 1 Fumy Teachers Schedule Board 2015-03-31 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in schedule.cgi in Nishishi Factory Fumy Teacher's Schedule Board 1.10 through 2.21 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVE-2015-0105 1 Ibm 1 Business Process Manager 2015-03-24 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVE-2015-0106 1 Ibm 2 Business Process Manager, Websphere Application Server 2015-03-24 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVE-2015-0103 1 Ibm 1 Business Process Manager 2015-03-24 3.5 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Process Portal in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified data fields.
CVE-2015-0893 1 Maroyaka Relay Novel Project 1 Maroyaka Relay Novel 2015-03-23 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka Relay Novel allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-0891 1 Maroyaka Simple Board Project 1 Maroyaka Simple Board 2015-03-23 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka Simple Board allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-0892 1 Maroyaka Image Album Project 1 Maroyaka Image Album 2015-03-23 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka Image Album allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-0896 1 Extplorer 1 Extplorer 2015-03-19 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in eXtplorer before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-2406 1 Hp 1 Openview Performance Insight 2015-03-18 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in HP OpenView Performance Insight 5.3, 5.31, 5.4, 5.41, 5.41.001, and 5.41.002 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-7896 1 Hp 4 Xp7 Global Link Manager Software, Xp P9000 Device Manager, Xp P9000 Replication Manager and 1 more 2015-03-12 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in HP XP P9000 Command View Advanced Edition Software Online Help, as used in HP Device Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Tiered Storage Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Replication Manager 6.x and 7.x before 7.6.1-06, and HP XP7 Global Link Manager Software (aka HGLM) 6.x through 8.x before 8.1.2-00, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-2182 1 Ajsquare 1 Zeuscart 2015-03-11 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in ZeusCart 4 allow remote attackers to inject arbitrary web script or HTML via the (1) schltr parameter in a brands action or (2) brand parameter in a viewbrands action to index.php. NOTE: The search parameter vector is already covered by CVE-2010-5322.
CVE-2010-5322 1 Ajsquare 1 Zeuscart 2015-03-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in ZeusCart 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in a search action to index.php.
CVE-2015-2244 1 Webshophun 1 Webshop Hun 2015-03-10 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Webshop hun 1.062S allow remote attackers to inject arbitrary web script or HTML via the (1) param, (2) center, (3) lap, (4) termid, or (5) nyelv_id parameter to index.php.
CVE-2015-2198 1 Beehive Forum 1 Beehive Forum 2015-03-04 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in edit_prefs.php in Beehive Forum 1.4.4 allow remote attackers to inject arbitrary web script or HTML via the (1) homepage_url, (2) pic_url, or (3) avatar_url parameter, which are not properly handled in an error message.
CVE-2015-2197 1 Entity Api Project 1 Entity Api 2015-03-04 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in the Entity API module before 7.x-1.6 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a field label in the Token API.
CVE-2015-2088 1 Term Queue Project 1 Term Queue 2015-02-26 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in unspecified administration pages in the Term Queue module before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2015-2086 1 Panopoly Magic Project 1 Panopoly Magic 2015-02-26 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in the live preview in the Panopoly Magic module before 7.x-1.17 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a pane title.
CVE-2015-2043 1 Visualware 1 Myconnection Server 2015-02-26 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Visualware MyConnection Server 8.2b allow remote attackers to inject arbitrary web script or HTML via the (1) bt, (2) variable, or (3) et parameter to myspeed/db/historyitem.
CVE-2015-1603 1 Adminsystems Cms Project 1 Adminsystems Cms 2015-02-21 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Adminsystems CMS before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to index.php or (2) id parameter in a users_users action to asys/site/system.php.
CVE-2015-1879 1 Google Doc Embedder 1 Google Doc Embedder 2015-02-20 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Google Doc Embedder plugin before 2.5.19 for WordPress allows remote attackers to inject arbitrary web script or HTML via the profile parameter in an edit action in the gde-settings page to wp-admin/options-general.php.
CVE-2015-0623 1 Cisco 1 Web Security Appliance 2015-02-19 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Administrator report page on Cisco Web Security Appliance (WSA) devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCus40627.
CVE-2015-1451 1 Fortinet 1 Fortios 2015-02-19 3.5 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiOS 5.0 Patch 7 build 4457 allow remote authenticated users to inject arbitrary web script or HTML via the (1) WTP Name or (2) WTP Active Software Version field in a CAPWAP Join request.
CVE-2014-6301 1 Pnmsoft 1 Sequence Kinetics 2015-02-19 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the tables-management module in PNMsoft Sequence Kinetics before 7.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-1619 1 Mcafee 1 Email Gateway 2015-02-18 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in the Secure Web Mail Client user interface in McAfee Email Gateway (MEG) 7.6.x before 7.6.3.2, 7.5.x before 75.6, 7.0.x through 7.0.5, 5.6, and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified tokens in Digest messages.
CVE-2015-1617 1 Mcafee 1 Data Loss Prevention Endpoint 2015-02-18 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-1621 1 Webform Prepopulate Block Project 1 Webform Prepopulate Block 2015-02-18 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in the Webform prepopulate block module before 7.x-3.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-7850 1 Freeipa 1 Freeipa 2015-02-17 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Web UI in FreeIPA 4.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to breadcrumb navigation.
CVE-2015-0873 1 Homepage Decorator 1 Perltreebbs 2015-02-13 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Homepage Decorator PerlTreeBBS 2.30 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-1582 1 Web-dorado 1 Spider Facebook 2015-02-12 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Spider Facebook plugin before 1.0.11 for WordPress allow (1) remote attackers to inject arbitrary web script or HTML via the appid parameter in a registration task to the default URI or remote administrators to inject arbitrary web script or HTML via the (2) asc_or_desc, (3) order_by, (4) page_number, (5) serch_or_not, or (6) search_events_by_title parameter in (a) the Spider_Facebook_manage page to wp-admin/admin.php or a (b) selectpagesforfacebook or (c) selectpostsforfacebook action to wp-admin/admin-ajax.php.
CVE-2015-1575 1 Yuba 1 U5cms 2015-02-12 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in u5CMS before 3.9.4 allow remote attackers to inject arbitrary web script or HTML via the (1) c, (2) i, (3) l, or (4) p parameter to index.php; the (5) a or (6) b parameter to u5admin/cookie.php; the name parameter to (7) copy.php or (8) delete.php in u5admin/; the (9) f or (10) typ parameter to u5admin/deletefile.php; the (11) n parameter to u5admin/done.php; the (12) c parameter to u5admin/editor.php; the (13) uri parameter to u5admin/meta2.php; the (14) n parameter to u5admin/notdone.php; the (15) newname parameter to u5admin/rename2.php; the (16) l parameter to u5admin/sendfile.php; the (17) s parameter to u5admin/characters.php; the (18) page parameter to u5admin/savepage.php; or the (19) name parameter to u5admin/new2.php.
CVE-2015-1565 4 Hitachi, Microsoft, Novell and 1 more 8 Compute Systems Manager, Device Manager, Global Link Manager and 5 more 2015-02-09 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the online help in Hitachi Device Manager, Tiered Storage Manager, Replication Manager, and Global Link Manager before 8.1.2-00, and Compute Systems Manager before 7.6.1-08 and 8.x before 8.1.2-00, as used in Hitachi Command Suite, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-1566 1 Dotnetnuke 1 Dotnetnuke 2015-02-09 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 7.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-1564 1 Plainblack 1 Webgui 2015-02-09 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in style-underground/search in Plain Black WebGUI 7.10.29 and earlier allows remote attackers to inject arbitrary web script or HTML via the Search field.
CVE-2015-0871 1 Shiromuku 1 Guestbook 2015-02-09 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Mrs. Shiromuku Perl CGI shiromuku(u1)GUESTBOOK 1.62 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-1562 1 Saurus 1 Saurus Cms 2015-02-09 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Saurus CMS 4.7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) search parameter to admin/user_management.php, (2) data_search parameter to /admin/profile_data.php, or (3) filter parameter to error_log.php.
CVE-2014-9562 1 M2 Technologies 1 Optimalsite 2015-02-05 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in display_dialog.php in M2 OptimalSite 0.1 and 2.4 allows remote attackers to inject arbitrary web script or HTML via the image parameter.
CVE-2014-9042 1 Owncloud 1 Owncloud 2015-02-05 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in the import functionality in the bookmarks application in ownCloud before 5.0.18, 6.x before 6.0.6, and 7.x before 7.0.3 allows remote authenticated users to inject arbitrary web script or HTML by importing a link with an unspecified protocol. NOTE: this can be leveraged by remote attackers using CVE-2014-9041.
CVE-2015-1478 1 Cmsjunkie 1 J-classifiedsmanager 2015-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the CMSJunkie J-ClassifiedsManager component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the view parameter to /classifieds.
CVE-2015-1404 1 Content Rating Extbase Project 1 Content Rating Extbase 2015-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Content Rating Extbase extension 2.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-1402 1 Content Rating Project 1 Content Rating 2015-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Content Rating extension 1.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-1383 1 Geo Mashup Project 1 Geo Mashup 2015-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the geo search widget in the Geo Mashup plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the search key.
CVE-2014-9559 1 Snipsnap 1 Snipsnap 2015-02-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in SnipSnap 0.5.2a, 1.0b1, and 1.0b2 allows remote attackers to inject arbitrary web script or HTML via the query parameter to /snipsnap-search.
CVE-2015-0870 1 Nishishi 1 Fumy News Clipper 2015-02-03 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in hb.cgi in Nishishi Factory Fumy News Clipper 2.x before 2.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-8267 1 Qpr 1 Portal 2015-02-02 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in QPR Portal 2014.1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the RID parameter.
CVE-2014-8266 1 Qpr 1 Portal 2015-02-02 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the note-creation page in QPR Portal 2014.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) body field.