Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-79
Total 34649 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-6921 1 Zendesk 1 Zendesk Feedback Tab 2015-09-14 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in the Zendesk Feedback Tab module 7.x-1.x before 7.x-1.1 for Drupal allows remote administrators with the "Configure Zendesk Feedback Tab" permission to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-6919 1 Googlesearch Project 1 Googlesearch 2015-09-14 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the googleSearch (CSE) (com_googlesearch_cse) component 3.0.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the q parameter to index.php.
CVE-2015-6751 1 Time Tracker Project 1 Time Tracker 2015-09-11 3.5 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Time Tracker module 7.x-1.x before 7.x-1.4 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via a (1) note added to a time entry or an (2) activity used to categorize time tracker entries.
CVE-2015-0139 1 Ibm 1 Websphere Portal 2015-09-11 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF15 and 8.5.0 before CF05 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
CVE-2015-0521 1 Emc 2 Rsa Certificate Manager, Rsa Registration Manager 2015-09-11 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA Registration Manager (RRM) before 6.9 build 558 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the CMP shared secret parameter.
CVE-2015-0522 1 Emc 2 Rsa Certificate Manager, Rsa Registration Manager 2015-09-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA Registration Manager (RRM) before 6.9 build 558 allows remote attackers to inject arbitrary web script or HTML via vectors related to the email address parameter.
CVE-2015-0129 1 Ibm 1 Rational Quality Manager 2015-09-11 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manager (RQM) 4.x before 4.0.7 iFix3 and 5.x before 5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
CVE-2015-0177 1 Ibm 1 Websphere Portal 2015-09-11 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF05 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
CVE-2015-0714 1 Cisco 1 Finesse 2015-09-10 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Finesse Server 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCut53595.
CVE-2014-3408 1 Cisco 1 Prime Optical 2015-09-10 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the web framework in Cisco Prime Optical 10 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuq80763.
CVE-2014-2853 1 Mediawiki 1 Mediawiki 2015-09-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in includes/actions/InfoAction.php in MediaWiki before 1.21.9 and 1.22.x before 1.22.6 allows remote attackers to inject arbitrary web script or HTML via the sort key in an info action.
CVE-2014-7280 1 Tenable 1 Web Ui 2015-09-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Web UI before 2.3.4 Build #85 for Tenable Nessus 5.x allows remote web servers to inject arbitrary web script or HTML via the server header.
CVE-2014-5316 1 Dotclear 1 Dotclear 2015-09-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Dotclear before 2.6.4 allows remote attackers to inject arbitrary web script or HTML via a crafted page.
CVE-2014-5242 1 Mediawiki 1 Mediawiki 2015-09-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in mediawiki.page.image.pagination.js in MediaWiki 1.22.x before 1.22.9 and 1.23.x before 1.23.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving the multipageimagenavbox class in conjunction with an action=raw value.
CVE-2014-5191 1 Ckeditor 1 Ckeditor 2015-09-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Preview plugin before 4.4.3 in CKEditor allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-2989 1 Lemon-s Php 1 Twit Bbs 2015-09-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in LEMON-S PHP Twit BBS allows remote attackers to inject arbitrary web script or HTML via the imagetitle parameter.
CVE-2015-2986 1 Rakuto 1 Rktsns2 2015-09-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in rakuto.net hitSuji (rktSNS2) 0.2.2b allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-2985 1 Guide-park 1 Bbs X102 2015-09-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in guide-park.com BBS X102 1.03 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-6810 1 Invisionpower 1 Invision Power Board 2015-09-04 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) 4.x before 4.0.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the event_location[address] array parameter to calendar/submit/.
CVE-2015-6809 1 Bedita 1 Bedita 2015-09-04 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in BEdita before 3.6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cfg[projectName] parameter to index.php/admin/saveConfig, the (2) data[stats_provider_url] parameter to index.php/areas/saveArea, or the (3) data[description] parameter to index.php/areas/saveSection.