Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-79
Total 34649 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-4893 1 Festengine 1 Festos 2017-08-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in foodvendors.php in FestOS 2.3b allows remote attackers to inject arbitrary web script or HTML via the category parameter in a details action.
CVE-2010-4821 1 Phpmyfaq 1 Phpmyfaq 2017-08-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.6.9 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.
CVE-2010-4825 2 Pleer, Wordpress 2 Wp-twitter-feed, Wordpress 2017-08-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in magpie_debug.php in the Twitter Feed plugin (wp-twitter-feed) 0.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the url parameter.
CVE-2011-2172 1 Ibm 1 Websphere Portal 2017-08-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the search center in IBM WebSphere Portal 7.0.0.1 before CF004 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-4960 2 Martin Hesse, Typo3 2 Mh Branchenbuch, Typo3 2017-08-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Branchenbuch (aka Yellow Pages or mh_branchenbuch) extension before 0.9.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-5095 1 Silverstripe 1 Silverstripe 2017-08-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in SilverStripe 2.3.x before 2.3.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to DataObjectSet pagination.
CVE-2011-2958 1 Ecava 1 Integraxor 2017-08-29 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Ecava IntegraXor before 3.60 (Build 4080) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-2675 1 Utage.org 1 Enkai 2017-08-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Enkai-kun before 110916 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-5007 1 Ut-files 1 Utstats 2017-08-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in pages/match_report.php in UTStats Beta 4 and earlier allows remote attackers to inject arbitrary web script or HTML via the mid parameter.
CVE-2010-4895 1 Chillycms 1 Chillycms 2017-08-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in core/showsite.php in chillyCMS 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the username field). NOTE: some of these details are obtained from third party information.
CVE-2010-5192 1 Bluecoat 16 Proxysg, Proxysg Sg210-10, Proxysg Sg210-25 and 13 more 2017-08-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Java Management Console in Blue Coat ProxySG before SGOS 4.3.4.1, 5.x before SGOS 5.4.5.1, 5.5 before SGOS 5.5.4.1, and 6.x before SGOS 6.1.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-4823 1 Silverstripe 1 Silverstripe 2017-08-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the httpError method in sapphire/core/control/RequestHandler.php in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4, when custom error handling is not used, allows remote attackers to inject arbitrary web script or HTML via "missing URL actions."
CVE-2010-4978 1 Nicholas Berry 1 Candid 2017-08-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in image/view.php in CANDID allows remote attackers to inject arbitrary web script or HTML via the image_id parameter.
CVE-2011-2606 1 Ibm 1 Rational Team Concert 2017-08-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Rational Team Concert (RTC) 3.0 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Work Item 165511.
CVE-2011-2020 1 Tibco 2 Iprocess Engine, Iprocess Workspace 2017-08-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in TIBCO iProcess Engine before 11.1.3 and iProcess Workspace before 11.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-2644 2 Marcus Schafer, Novell 2 Kiwi, Suse Studio Onsite 2017-08-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to an RPM info display.
CVE-2011-2510 1 Dokuwiki 1 Dokuwiki 2017-08-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the RSS embedding feature in DokuWiki before 2011-05-25a Rincewind allows remote attackers to inject arbitrary web script or HTML via a link.
CVE-2010-5097 1 Typo3 1 Typo3 2017-08-29 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in the click enlarge functionality in TYPO3 4.3.x before 4.3.9 and 4.4.x before 4.4.5 when the caching framework is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-2976 1 Mozilla 1 Bugzilla 2017-08-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Bugzilla 2.16rc1 through 2.22.7, 3.0.x through 3.3.x, and 3.4.x before 3.4.12 allows remote attackers to inject arbitrary web script or HTML via vectors involving a BUGLIST cookie.
CVE-2011-2226 2 Marcus Schafer, Novell 2 Kiwi, Suse Studio Onsite 2017-08-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a pattern listing.