Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-79
Total 34649 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-3361 1 Craig Barratt 1 Backuppc 2017-08-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in CGI/Browse.pm in BackupPC 3.2.0 and possibly other versions before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the num parameter in a browse action to index.cgi.
CVE-2011-5255 1 X3cms 1 X3 Cms 2017-08-29 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in admin/login in X3 CMS 0.4.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, (2) username, or (3) password parameter.
CVE-2011-5040 1 Infoproject 1 Biznis Heroj 2017-08-29 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Infoproject Biznis Heroj allow remote attackers to inject arbitrary web script or HTML via the config parameter to (1) nalozi_naslov.php and (2) widget.dokumenti_lista.php.
CVE-2011-5081 1 Craig Barratt 1 Backuppc 2017-08-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in RestoreFile.pm in BackupPC 3.1.0, 3.2.1, and possibly other earlier versions allows remote attackers to inject arbitrary web script or HTML via the share parameter in a RestoreFile action to index.cgi.
CVE-2011-5220 1 Cristopher Shi 1 Php-scms 2017-08-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in templates/default/Admin/Login.html in PHP-SCMS 1.6.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter to index.php.
CVE-2012-0203 1 Ibm 2 Infosphere Information Server, Infosphere Metadata Workbench 2017-08-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in InfoSphere Metadata Workbench (MWB) 8.1 through 8.7 in IBM InfoSphere Information Server 8.1, 8.5 before FP3, and 8.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-5187 2 Drupal, Tag1consulting 2 Drupal, Support 2017-08-29 2.1 LOW N/A
Cross-site scripting (XSS) vulnerability in the Support Ticketing System module 6.x-1.x before 6.x-1.7 for Drupal allows remote authenticated users with the "administer support projects" permission to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-4764 1 Parallels 1 Parallels Plesk Small Business Panel 2017-08-29 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by Wizard/Edit/Modules/Image and certain other files.
CVE-2011-5228 1 Apprain 1 Apprain 2017-08-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Search module (quickstart/search) in appRain CMF 0.1.5 allows remote attackers to inject arbitrary web script or HTML via the ss parameter.
CVE-2011-5045 1 Jjwdesign 1 Php Booking Calendar 2017-08-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in details_view.php in PHP Booking Calendar 10e allows remote attackers to inject arbitrary web script or HTML via the page_info_message parameter.
CVE-2011-5177 1 Esyndicat 1 Esyndicat Pro 2017-08-29 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in admin/controller.php in eSyndiCat Pro 2.3.05 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to the admins (2) blocks, (3) articles, or (4) suggest-category; or (5) sort parameter to the search page.
CVE-2011-5132 1 Mybb 1 Mybb 2017-08-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in MyBB before 1.6.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "usernames via AJAX."
CVE-2011-5149 1 Spamtitan 1 Spamtitan 2017-08-29 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5.08 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) testaddr or (2) testpass parameter to auth-settings.php; (3) hostname, (4) domainname, or (5) mailserver parameter to setup-relay.php; or (6) subnetmask or (7) defaultroute parameter to setup-network.php.
CVE-2011-4923 1 Craig Barratt 1 Backuppc 2017-08-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in View.pm in BackupPC 3.0.0, 3.1.0, 3.2.0, 3.2.1, and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the num parameter in a view action to index.cgi, related to the log file viewer, a different vulnerability than CVE-2011-3361.
CVE-2011-4465 1 Ibm 1 Lotus Mobile Connect 2017-08-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in IBM Lotus Mobile Connect (LMC) 6.1.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to a hidden redirect URL.
CVE-2011-5261 1 Axis 2 M1054 Network Camera, M10 Series Network Cameras Firmware 2017-08-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in serverreport.cgi in Axis M10 Series Network Cameras M1054 firmware 5.21 and earlier allows remote attackers to inject arbitrary web script or HTML via the pageTitle parameter to admin/showReport.shtml.
CVE-2011-5104 2 Getshopped, Wordpress 2 Wp E-commerce, Wordpress 2017-08-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in wpsc-admin/display-sales-logs.php in WP e-Commerce plugin 3.8.7.1 and possibly earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the custom_text parameter. NOTE: some of these details are obtained from third party information.
CVE-2011-5223 1 Cacti 1 Cacti 2017-08-29 4.3 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in logout.php in Cacti before 0.8.7i allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2011-4547 1 Zen-cart 1 Zen Cart 2017-08-29 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in includes/templates/template_default/common/tpl_header_test_info.php in Zen Cart 1.3.9h, when debugging is enabled, might allow remote attackers to inject arbitrary web script or HTML via the (1) main_page parameter or (2) PATH_INFO, a different vulnerability than CVE-2011-4567.
CVE-2011-5019 1 Textpattern 1 Textpattern 2017-08-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in setup/index.php in Textpattern CMS 4.4.1, when the product is incompletely installed, allows remote attackers to inject arbitrary web script or HTML via the ddb parameter.