CWE-CWE-79 CVE - OpenCVE

Filtered by CWE-79

Total 34649 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2008-5893	1 Icash	1 Click\&email	2017-09-29	2.6 LOW	N/A
Cross-site scripting (XSS) vulnerability in admin_dblayers.asp in ClickAndEmail allows remote attackers to inject arbitrary web script or HTML via the tablename parameter in an update action.
CVE-2008-4426	1 Phlatline	1 Personal Information Manager	2017-09-29	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in events.php in Phlatline's Personal Information Manager (pPIM) 1.0 allows remote attackers to inject arbitrary web script or HTML via the date parameter in a new action.
CVE-2008-5203	1 Poweraward	1 Poweraward	2017-09-29	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in external_vote.php in PowerAward 1.1.0 RC1 allows remote attackers to inject arbitrary web script or HTML via the l_vote_done parameter.
CVE-2008-4774	1 Questwork	1 Questcms	2017-09-29	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in main/main.php in QuestCMS allows remote attackers to inject arbitrary web script or HTML via the cx parameter.
CVE-2008-4370	1 Availscript	1 Availscript Photo Album	2017-09-29	4.3 MEDIUM	N/A
Multiple cross-site scripting (XSS) vulnerabilities in Availscript Photo Album allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to pics.php and the (2) a parameter to view.php.
CVE-2008-5214	1 Clanlite	1 Clanlite	2017-09-29	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in service/calendrier.php in ClanLite 2.2006.05.20 allows remote attackers to inject arbitrary web script or HTML via the annee parameter.
CVE-2008-5591	1 Iwrite	1 Nightfall Personal Diary	2017-09-29	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in login.asp in Nightfall Personal Diary 1.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter and possibly other "login fields." NOTE: some of these details are obtained from third party information.
CVE-2008-2997	1 Gravityboardx	1 Gravity Board X	2017-09-29	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in index.php in Gravity Board X (GBX) 2.0 Beta allows remote attackers to inject arbitrary web script or HTML via the subject parameter in a postnewsubmit (aka create new thread) action.
CVE-2008-2677	1 Telephone	1 Telephone Directory 2008	2017-09-29	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in edit1.php in Telephone Directory 2008 allows remote attackers to inject arbitrary web script or HTML via the action parameter.
CVE-2008-4083	1 Brim-project	1 Brim	2017-09-29	3.5 LOW	N/A
Cross-site scripting (XSS) vulnerability in the Bookmarks plugin in Brim 2.0 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter in an addItemPost action to index.php. NOTE: some of these details are obtained from third party information.
CVE-2008-2984	1 Cmreams	1 Cmreams Cms	2017-09-29	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in backend/umleitung.php in CMReams CMS 1.3.1.1 Beta 2 allows remote attackers to inject arbitrary web script or HTML via the lang[be_red_text] parameter.
CVE-2008-3779	1 Review-script	1 Five Star Review Script	2017-09-29	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in search/index.php in Five Star Review Script allows remote attackers to inject arbitrary web script or HTML via the words parameter in a search action.
CVE-2008-2973	1 Mm Chat	1 Mm Chat	2017-09-29	4.3 MEDIUM	N/A
Multiple cross-site scripting (XSS) vulnerabilities in chathead.php in MM Chat 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) sitename and (2) wmessage parameters.
CVE-2008-2980	1 Homeph Design	1 Homeph Design	2017-09-29	4.3 MEDIUM	N/A
Multiple cross-site scripting (XSS) vulnerabilities in HomePH Design 2.10 RC2 allow remote attackers to inject arbitrary web script or HTML via the (1) error_meldung parameter to admin/features/register/register.php, the (2) feature_language[ueberschrift] parameter to admin/features/memberlist/memberlist.php, the (3) language_array[ueberschrift] parameter to admin/features/lostpassword/lostpassword.php, the (4) language_feature[titel] parameter to admin/features/kalender/eingabe.php, and the (5) language_feature[bildmenu] parameter to admin/features/fotogalerie/eingabe.php.
CVE-2008-3305	1 Carlos Desseno	1 Youtube Blog	2017-09-29	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in mensaje.php in C. Desseno YouTube Blog (ytb) 0.1 allows remote attackers to inject arbitrary web script or HTML via the m parameter.
CVE-2008-3923	1 Hans Oesterholt	1 Cmme	2017-09-29	4.3 MEDIUM	N/A
Multiple cross-site scripting (XSS) vulnerabilities in statistics.php in Content Management Made Easy (CMME) 1.12 allow remote attackers to inject arbitrary web script or HTML via the (1) page and (2) year parameters in an hstat_year action.
CVE-2008-2496	1 Quate	1 Quate Cms	2017-09-29	4.3 MEDIUM	N/A
Multiple cross-site scripting (XSS) vulnerabilities in Quate CMS 0.3.4 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) login.php, and (3) credits.php in admin/, and (4) upgrade/index.php.
CVE-2008-2911	1 Contenido	1 Contendio	2017-09-29	4.3 MEDIUM	N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Contenido 4.8.4 allow remote attackers to inject arbitrary web script or HTML via the (1) contenido, (2) Belang, and (3) username parameters.
CVE-2008-3567	1 Nullsoft	1 Winamp	2017-09-29	4.3 MEDIUM	N/A
Cross-zone scripting vulnerability in the NowPlaying functionality in NullSoft Winamp before 5.541 allows remote attackers to conduct cross-site scripting (XSS) attacks via an MP3 file with JavaScript in id3 tags.
CVE-2008-2082	1 Siteman	1 Siteman	2017-09-29	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in index.php in Siteman 2.0.x2 allows remote attackers to inject arbitrary web script or HTML via the module parameter, which leaks the path in an error message.

Vulnerabilities (CVE)