CWE-CWE-79 CVE - OpenCVE

Filtered by CWE-79

Total 34649 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2015-7316	1 Plone	1 Plone	2017-10-03	4.3 MEDIUM	6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.x before 4.3.7, and 5.0rc1.
CVE-2015-7347	1 Zcms Project	1 Zcms	2017-09-30	3.5 LOW	4.8 MEDIUM
Cross-site scripting (XSS) vulnerability in ZCMS JavaServer Pages Content Management System 1.1.
CVE-2015-4706	1 Ipython	1 Ipython	2017-09-30	4.3 MEDIUM	6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in IPython 3.x before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/contents path.
CVE-2017-14765	1 Genixcms	1 Genixcms	2017-09-29	4.3 MEDIUM	6.1 MEDIUM
In GeniXCMS 1.1.4, gxadmin/index.php has XSS via the Menu ID field in a page=menus request.
CVE-2017-14761	1 Genixcms	1 Genixcms	2017-09-29	4.3 MEDIUM	6.1 MEDIUM
In GeniXCMS 1.1.4, /inc/lib/backend/menus.control.php has XSS via the id parameter.
CVE-2017-14762	1 Genixcms	1 Genixcms	2017-09-29	4.3 MEDIUM	6.1 MEDIUM
In GeniXCMS 1.1.4, /inc/lib/Control/Backend/menus.control.php has XSS via the id parameter.
CVE-2017-1530	1 Ibm	1 Business Process Manager	2017-09-29	3.5 LOW	5.4 MEDIUM
IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130409.
CVE-2017-1531	1 Ibm	1 Business Process Manager	2017-09-29	3.5 LOW	5.4 MEDIUM
IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130410.
CVE-2015-5282	1 Theforeman	1 Foreman	2017-09-29	4.3 MEDIUM	6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in Foreman 1.7.0 and after.
CVE-2017-14142	1 Kaltura	1 Kaltura Server	2017-09-29	4.3 MEDIUM	6.1 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in Kaltura before 13.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) partnerId or (2) playerVersion parameter to server/admin_console/web/tools/bigRedButton.php; the (3) partnerId, (4) playerVersion, (5) secret, (6) entryId, (7) adminUiConfId, or (8) uiConfId parameter to server/admin_console/web/tools/bigRedButtonPtsPoc.php; the (9) streamUsername, (10) streamPassword, (11) streamRemoteId, (12) streamRemoteBackupId, or (13) entryId parameter to server/admin_console/web/tools/AkamaiBroadcaster.php; the (14) entryId parameter to server/admin_console/web/tools/XmlJWPlayer.php; or the (15) partnerId or (16) playerVersion parameter to server/alpha/web/lib/bigRedButtonPtsPocHlsjs.php.
CVE-2009-1809	1 Collector	1 Mycolex	2017-09-29	4.3 MEDIUM	N/A
Multiple cross-site scripting (XSS) vulnerabilities in myColex 1.4.2 allow remote attackers to inject arbitrary web script or HTML via (1) the year parameter to modules/kalender.php, (2) the Page parameter in a List action to modules/ereignis.php, (3) the Kontext parameter in a Search action to modules/kategorie.php, or (4) the image parameter to modules/image.php.
CVE-2009-2145	1 Pantha	1 Translucid	2017-09-29	4.3 MEDIUM	N/A
Multiple cross-site scripting (XSS) vulnerabilities in transLucid 1.75 allow remote attackers to inject arbitrary web script or HTML via the (a) NodeID and (b) action parameters to the default URI, and the (c) NodeID parameter to the default URI for the admin section; and allow remote authenticated users to inject arbitrary web script or HTML via the (d) Title (aka page name) and (e) Url fields in a (1) new or (2) modified page.
CVE-2009-1735	1 Omnisoftsol	1 Vidsharepro	2017-09-29	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in search.php in VidSharePro allows remote attackers to inject arbitrary web script or HTML via the searchtxt parameter. NOTE: some of these details are obtained from third party information.
CVE-2009-1451	1 Bluevirus-design	1 Sma-db	2017-09-29	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in startpage.php in SMA-DB 0.3.12 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVE-2009-1951	1 Propertymaxpro	1 Propertymax Pro Free	2017-09-29	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in index.php in PropertyMax Pro FREE 0.3 allows remote attackers to inject arbitrary web script or HTML via the pl parameter in a mi action.
CVE-2009-2020	1 Virtuenetz	1 Virtue News Manager	2017-09-29	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in news_detail.php in Virtue News Manager allows remote attackers to inject arbitrary web script or HTML via the nid parameter.
CVE-2009-1623	1 Dew-code	1 Dew-newphplinks	2017-09-29	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in index.php in Dew-NewPHPLinks 2.0 allows remote attackers to inject arbitrary web script or HTML via the PID parameter.
CVE-2009-1367	1 Mozilo	1 Mozilocms	2017-09-29	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in index.php in moziloCMS 1.11 allows remote attackers to inject arbitrary web script or HTML via the query parameter in search action, a different issue than CVE-2008-6127.2a.
CVE-2009-1654	1 Easy-scripts	1 Answer And Question Script	2017-09-29	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in questiondetail.php in Easy Scripts Answer and Question Script allows remote attackers to inject arbitrary web script or HTML via the questionid parameter.
CVE-2009-2127	1 Elvinbts	1 Elvinbts	2017-09-29	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in show_activity.php in Elvin 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.

Vulnerabilities (CVE)