Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-79
Total 34649 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-7896 1 Hp 4 Xp7 Global Link Manager Software, Xp P9000 Device Manager, Xp P9000 Replication Manager and 1 more 2015-03-12 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in HP XP P9000 Command View Advanced Edition Software Online Help, as used in HP Device Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Tiered Storage Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Replication Manager 6.x and 7.x before 7.6.1-06, and HP XP7 Global Link Manager Software (aka HGLM) 6.x through 8.x before 8.1.2-00, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-2182 1 Ajsquare 1 Zeuscart 2015-03-11 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in ZeusCart 4 allow remote attackers to inject arbitrary web script or HTML via the (1) schltr parameter in a brands action or (2) brand parameter in a viewbrands action to index.php. NOTE: The search parameter vector is already covered by CVE-2010-5322.
CVE-2010-5322 1 Ajsquare 1 Zeuscart 2015-03-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in ZeusCart 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in a search action to index.php.
CVE-2015-2244 1 Webshophun 1 Webshop Hun 2015-03-10 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Webshop hun 1.062S allow remote attackers to inject arbitrary web script or HTML via the (1) param, (2) center, (3) lap, (4) termid, or (5) nyelv_id parameter to index.php.
CVE-2015-2197 1 Entity Api Project 1 Entity Api 2015-03-04 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in the Entity API module before 7.x-1.6 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a field label in the Token API.
CVE-2015-2198 1 Beehive Forum 1 Beehive Forum 2015-03-04 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in edit_prefs.php in Beehive Forum 1.4.4 allow remote attackers to inject arbitrary web script or HTML via the (1) homepage_url, (2) pic_url, or (3) avatar_url parameter, which are not properly handled in an error message.
CVE-2015-2088 1 Term Queue Project 1 Term Queue 2015-02-26 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in unspecified administration pages in the Term Queue module before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2015-2086 1 Panopoly Magic Project 1 Panopoly Magic 2015-02-26 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in the live preview in the Panopoly Magic module before 7.x-1.17 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a pane title.
CVE-2015-2043 1 Visualware 1 Myconnection Server 2015-02-26 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Visualware MyConnection Server 8.2b allow remote attackers to inject arbitrary web script or HTML via the (1) bt, (2) variable, or (3) et parameter to myspeed/db/historyitem.
CVE-2015-1603 1 Adminsystems Cms Project 1 Adminsystems Cms 2015-02-21 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Adminsystems CMS before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to index.php or (2) id parameter in a users_users action to asys/site/system.php.
CVE-2015-1879 1 Google Doc Embedder 1 Google Doc Embedder 2015-02-20 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Google Doc Embedder plugin before 2.5.19 for WordPress allows remote attackers to inject arbitrary web script or HTML via the profile parameter in an edit action in the gde-settings page to wp-admin/options-general.php.
CVE-2015-0623 1 Cisco 1 Web Security Appliance 2015-02-19 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Administrator report page on Cisco Web Security Appliance (WSA) devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCus40627.
CVE-2015-1451 1 Fortinet 1 Fortios 2015-02-19 3.5 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiOS 5.0 Patch 7 build 4457 allow remote authenticated users to inject arbitrary web script or HTML via the (1) WTP Name or (2) WTP Active Software Version field in a CAPWAP Join request.
CVE-2014-6301 1 Pnmsoft 1 Sequence Kinetics 2015-02-19 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the tables-management module in PNMsoft Sequence Kinetics before 7.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-1619 1 Mcafee 1 Email Gateway 2015-02-18 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in the Secure Web Mail Client user interface in McAfee Email Gateway (MEG) 7.6.x before 7.6.3.2, 7.5.x before 75.6, 7.0.x through 7.0.5, 5.6, and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified tokens in Digest messages.
CVE-2015-1617 1 Mcafee 1 Data Loss Prevention Endpoint 2015-02-18 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-1621 1 Webform Prepopulate Block Project 1 Webform Prepopulate Block 2015-02-18 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in the Webform prepopulate block module before 7.x-3.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-7850 1 Freeipa 1 Freeipa 2015-02-17 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Web UI in FreeIPA 4.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to breadcrumb navigation.
CVE-2015-0873 1 Homepage Decorator 1 Perltreebbs 2015-02-13 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Homepage Decorator PerlTreeBBS 2.30 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-1582 1 Web-dorado 1 Spider Facebook 2015-02-12 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Spider Facebook plugin before 1.0.11 for WordPress allow (1) remote attackers to inject arbitrary web script or HTML via the appid parameter in a registration task to the default URI or remote administrators to inject arbitrary web script or HTML via the (2) asc_or_desc, (3) order_by, (4) page_number, (5) serch_or_not, or (6) search_events_by_title parameter in (a) the Spider_Facebook_manage page to wp-admin/admin.php or a (b) selectpagesforfacebook or (c) selectpostsforfacebook action to wp-admin/admin-ajax.php.