Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-79

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 20468 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-0729 1 Cisco 1 Secure Access Control Server 2017-01-06 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Cisco Secure Access Control Server Solution Engine (ACSE) 5.5(0.1) allows remote attackers to inject arbitrary web script or HTML via a file-inclusion attack, aka Bug ID CSCuu11005.
CVE-2015-0738 1 Cisco 1 Web Security Appliance 2017-01-06 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Web Tracking Report page on Cisco Web Security Appliance (WSA) devices 8.5.0-497 allows remote attackers to inject arbitrary web script or HTML via an unspecified field, aka Bug ID CSCuu16008.
CVE-2015-0728 1 Cisco 1 Secure Access Control System 2017-01-06 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Cisco Access Control Server (ACS) 5.5(0.1) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuu11002.
CVE-2015-0724 1 Cisco 1 Headend Digital Broadband Delivery System 2017-01-06 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in dncs 7.0.0.12 in Cisco Headend Digital Broadband Delivery System allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in a (1) GET or (2) POST request, aka Bug ID CSCur25604.
CVE-2015-0698 1 Cisco 1 Web Security Appliance 2017-01-06 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in filter search forms in admin web pages on Cisco Web Security Appliance (WSA) devices with software 8.5.0-497 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCut39213.
CVE-2015-0696 1 Cisco 1 Telepresence Tc Software 2017-01-06 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the login page in Cisco TC Software before 7.1.0 on Cisco TelePresence Collaboration Desk and Room Endpoints devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuq94977.
CVE-2015-0703 1 Cisco 1 Unified Meetingplace 2017-01-06 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the administrative web interface in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCus95857.
CVE-2015-0727 1 Cisco 1 Security Manager 2017-01-06 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the HTTP module in Cisco Security Manager (CSM) 4.7(0)SP1(1) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCut27789.
CVE-2016-1000117 1 Huge-it 1 Slideshow 2017-01-06 6.5 MEDIUM 7.2 HIGH
XSS & SQLi in HugeIT slideshow v1.0.4
CVE-2015-6255 1 Cisco 1 Unified Web And E-mail Interaction Manager 2017-01-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Cisco Unified Web and E-Mail Interaction Manager 9.0(2) allows remote attackers to inject arbitrary web script or HTML via a crafted chat message, aka Bug ID CSCuo89051.
CVE-2015-4310 1 Cisco 1 Finesse 2017-01-04 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Finesse 10.5(1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in a (1) GET or (2) POST request, aka Bug IDs CSCuq82322, CSCut95853, and CSCuq73975.
CVE-2015-0766 1 Cisco 1 Firesight System Software 2017-01-04 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in the Management Center component in Cisco FireSIGHT System Software 6.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified fields, aka Bug IDs CSCus93566, CSCut31557, and CSCut47196.
CVE-2015-0774 1 Cisco 1 Application And Content Networking System Software 2017-01-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Cisco Application and Content Networking System (ACNS) 5.5(9) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuu70650.
CVE-2015-0752 1 Cisco 1 Telepresence Video Communication Server 2017-01-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Cisco TelePresence Video Communication Server (VCS) X8.5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCut27635.
CVE-2015-0737 1 Cisco 1 Firesight System Software 2017-01-04 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSIGHT System Software 5.3.1.1 allow remote attackers to inject arbitrary web script or HTML via a crafted (1) GET or (2) POST parameter, aka Bug ID CSCuu11099.
CVE-2015-0762 1 Cisco 1 Unified Meetingplace 2017-01-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified MeetingPlace 8.6(1.2) and 8.6(1.9) for Microsoft Outlook allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCuu51400.
CVE-2016-10083 1 Piwigo 1 Piwigo 2017-01-03 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in admin/plugin.php in Piwigo through 2.8.3 allows remote attackers to inject arbitrary web script or HTML via a crafted filename that is mishandled in a certain error case.
CVE-2016-9891 1 Dotclear 1 Dotclear 2017-01-03 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in admin/media.php and admin/media_item.php in Dotclear before 2.11 allows remote authenticated users to inject arbitrary web script or HTML via the upfiletitle or media_title parameter (aka the media title).
CVE-2015-1880 1 Fortinet 1 Fortios 2017-01-03 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the sslvpn login page in Fortinet FortiOS 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-8618 1 Fortinet 6 Fortiadc-1500d, Fortiadc-2000d, Fortiadc-200d and 3 more 2017-01-03 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the theme login page in Fortinet FortiADC D models before 4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-8026 1 Cisco 1 Jabber Guest 2017-01-03 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Guest Server in Cisco Jabber allows remote attackers to inject arbitrary web script or HTML via a (1) GET or (2) POST parameter, aka Bug ID CSCus08074.
CVE-2014-8018 1 Cisco 1 Unified Communications Domain Manager 2017-01-03 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Business Voice Services Manager (BVSM) pages in the Application Software in Cisco Unified Communications Domain Manager 8 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCur19651, CSCur18555, CSCur19630, and CSCur19661.
CVE-2014-8619 1 Fortinet 1 Fortiweb 2017-01-03 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the autolearn configuration page in Fortinet FortiWeb 5.1.2 through 5.3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-7852 1 Redhat 1 Jboss Enterprise Portal Platform 2017-01-03 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in JBoss RichFaces, as used in JBoss Portal 6.1.1, allows remote attackers to inject arbitrary web script or HTML via crafted URL, which is not properly handled in a CSS file.
CVE-2014-9569 1 Sap 1 Netweaver Business Client For Html 2017-01-03 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver Business Client (NWBC) for HTML 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) roundtrips parameter, aka SAP Security Note 2051285.
CVE-2015-1264 2 Debian, Google 2 Debian Linux, Chrome 2017-01-03 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Google Chrome before 43.0.2357.65 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted data that is improperly handled by the Bookmarks feature.
CVE-2014-8616 1 Fortinet 1 Fortios 2017-01-03 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiOS 5.2.x before 5.2.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) user group or (2) vpn template menus.
CVE-2014-8986 1 Mantisbt 1 Mantisbt 2017-01-03 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in the selection list in the filters in the Configuration Report page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.17 allows remote administrators to inject arbitrary web script or HTML via a crafted config option, a different vulnerability than CVE-2014-8987.
CVE-2015-0513 1 Emc 2 Vipr Srm, Watch4net 2017-01-03 3.5 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging privileged access to set crafted values of unspecified fields.
CVE-2013-7368 1 Raoul Proenca 1 Gnew 2016-12-31 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Gnew 2013.1 allow remote attackers to inject arbitrary web script or HTML via the gnew_template parameter to (1) users/profile.php, (2) articles/index.php, or (3) admin/polls.php; (4) category_id parameter to news/submit.php; news_id parameter to (5) news/send.php or (6) comments/add.php; or (7) post_subject or (8) thread_id parameter to posts/edit.php.
CVE-2013-7241 1 Zenphoto 1 Zenphoto 2016-12-31 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the export function in zp-core/zp-extensions/mergedRSS.php in Zenphoto before 1.4.5.4 allows remote attackers to inject arbitrary web script or HTML via the URI.
CVE-2013-5002 1 Phpmyadmin 1 Phpmyadmin 2016-12-31 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in libraries/schema/Export_Relation_Schema.class.php in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted pageNumber value to schema_export.php.
CVE-2013-5005 1 Tripwire 1 Tripwire Enterprise 2016-12-31 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in ajaxRequest/methodCall.do in Tripwire Enterprise 8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) m_target_class_name, (2) m_target_method_name, or (3) m_request_context_params parameters.
CVE-2015-1389 1 Arubanetworks 1 Clearpass Policy Manager 2016-12-31 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote attackers to inject arbitrary web script or HTML via the username parameter to tips/tipsLoginSubmit.action.
CVE-2013-7389 1 D-link 2 Dir-645, Dir-645 Firmware 2016-12-31 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. A1) with firmware before 1.04B11 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceid parameter to parentalcontrols/bind.php, (2) RESULT parameter to info.php, or (3) receiver parameter to bsc_sms_send.php.
CVE-2013-5951 1 Extplorer 1 Extplorer 2016-12-31 2.6 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in eXtplorer 2.1.3, when used as a component for Joomla!, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) application.js.php in scripts/ or (2) admin.php, (3) copy_move.php, (4) functions.php, (5) header.php, or (6) upload.php in include/.
CVE-2013-5094 1 Mcafee 1 Vulnerability Manager 2016-12-31 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.exp in McAfee Vulnerability Manager 7.5 allows remote attackers to inject arbitrary web script or HTML via the cert_cn cookie parameter.
CVE-2013-7250 1 Projectforge 1 Projectforge 2016-12-31 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in the JsonBuilder implementation in ProjectForge before 5.3 allows remote authenticated users to inject arbitrary web script or HTML via an autocompletion string, related to web/core/JsonBuilder.java and web/wicket/autocompletion/PFAutoCompleteBehavior.java.
CVE-2013-5583 1 Joomla 1 Joomla\! 2016-12-31 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in libraries/idna_convert/example.php in Joomla! 3.1.5 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
CVE-2013-7365 1 Sap 1 Enterprise Portal 2016-12-31 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in SAP Enterprise Portal allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
CVE-2013-7277 1 Aphpkb 1 Aphpkb 2016-12-31 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) before 0.95.8 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP Referer header to saa.php, (2) username parameter to login.php, or (3) keyword_list parameter to keysearch.php.
CVE-2013-6017 1 Atmail 1 Atmail 2016-12-31 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Atmail Webmail Server before 7.2 allows remote attackers to inject arbitrary web script or HTML via the body of an e-mail message, as demonstrated by the SRC attribute of an IFRAME element.
CVE-2013-2031 2 Gentoo, Mediawiki 2 Linux, Mediawiki 2016-12-31 4.3 MEDIUM N/A
MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a CDATA section containing valid UTF-7 encoded sequences in a SVG file, which is then incorrectly interpreted as UTF-8 by Chrome and Firefox.
CVE-2013-4372 1 Redhat 2 Jboss A-mq, Jboss Fuse 2016-12-31 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Fuse Management Console in Red Hat JBoss Fuse 6.0.0 before patch 3 and JBoss A-MQ 6.0.0 before patch 3 allow remote attackers to inject arbitrary web script or HTML via the (1) user field in the create user page or (2) profile version to the create profile page.
CVE-2015-4127 1 Church Admin Project 1 Church Admin 2016-12-31 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the church_admin plugin before 0.810 for WordPress allows remote attackers to inject arbitrary web script or HTML via the address parameter, as demonstrated by a request to index.php/2015/05/21/church_admin-registration-form/.
CVE-2015-2064 1 Dlguard 1 Dlguard 2016-12-31 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in DLGuard 5, 4.6, and 4.5 allow remote attackers to inject arbitrary web script or HTML via the (1) page, (2) c, or (3) redirect parameter to index.php or (4) search field (searchTerm parameter) in the main page.
CVE-2015-3921 1 Coppermine-gallery 1 Coppermine Photo Gallery 2016-12-31 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in contact.php in Coppermine Photo Gallery before 1.5.36 allows remote authenticated users to inject arbitrary web script or HTML via the referer parameter.
CVE-2013-2205 1 Wordpress 1 Wordpress 2016-12-31 4.3 MEDIUM N/A
The default configuration of SWFUpload in WordPress before 3.5.2 has an unrestrictive security.allowDomain setting, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted web site.
CVE-2015-0344 1 Adobe 1 Connect 2016-12-31 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the web app in Adobe Connect before 9.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-4135 1 Phpwind 1 Phpwind 2016-12-31 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in goto.php in phpwind 8.7 allows remote attackers to inject arbitrary web script or HTML via the url parameter.