Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-79
Total 34649 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-5307 1 Ibm 1 Lotus Notes Traveler 2012-10-08 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in servlet/traveler in IBM Lotus Notes Traveler before 8.5.3.3 Interim Fix 1, when Firefox is used, allows remote attackers to inject arbitrary web script or HTML via the redirectURL parameter, a different vulnerability than CVE-2012-4824 and CVE-2012-4825.
CVE-2012-4825 1 Ibm 1 Lotus Notes Traveler 2012-10-08 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in servlet/traveler/ILNT.mobileconfig in IBM Lotus Notes Traveler before 8.5.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) userId or (2) address parameter in a getClientConfigFile action.
CVE-2010-5275 2 Drupal, Memcache Project 2 Drupal, Memcache 2012-10-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in memcache_admin in the Memcache module 5.x before 5.x-1.10 and 6.x before 6.x-1.6 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-4909 1 Joomla 1 Joomla\! 2012-10-08 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.5.12 allow remote attackers to inject arbitrary web script or HTML via the HTTP_REFERER header to (1) components/com_content/views/article/tmpl/form.php, (2) components/com_user/controller.php, (3) plugins/system/legacy/html.php, or (4) templates/beez/html/com_content/article/form.php.
CVE-2011-4910 1 Joomla 1 Joomla\! 2012-10-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Joomla! before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVE-2012-1898 1 Ivano Binetti 1 Wolf Cms 2012-10-02 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in wolfcms/admin/user/add in Wolf CMS 0.75 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user[name], (2) user[email], or (3) user[username] parameters.
CVE-2012-1604 1 Nextbbs 1 Nextbbs 2012-10-02 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in NextBBS 0.6 allows remote attackers to inject arbitrary web script or HTML via the do parameter to index.php.
CVE-2012-5233 2 Drupal, Luke Herrington 2 Drupal, Stickynote 2012-10-02 2.1 LOW N/A
Cross-site scripting (XSS) vulnerability in the stickynote module before 7.x-1.1 for Drupal allows remote authenticated users with edit stickynotes privileges to inject arbitrary web script or HTML via unspecified vecotrs.
CVE-2012-1470 1 Ocportal 1 Ocportal 2012-10-02 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in code_editor.php in ocPortal before 7.1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) path or (2) line parameters.
CVE-2012-2274 1 Pivotx 1 Pivotx 2012-09-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in pivotx/ajaxhelper.php in PivotX 2.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the file parameter.
CVE-2012-1829 1 Efstechnology 1 Autoform Pdm Archive 2012-09-29 3.5 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in AutoFORM PDM Archive before 6.920 allow remote authenticated users to inject arbitrary web script or HTML via unspecified fields.
CVE-2011-2083 1 Bestpractical 1 Rt 2012-09-29 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-4015 2 Microsoft, Mylittletools 2 Sql Server, Mylittleadmin 2012-09-25 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the management screen in myLittleTools myLittleAdmin for SQL Server 2000 allows remote attackers to inject arbitrary web script or HTML via vectors that trigger a crafted database entry.
CVE-2011-5191 2 Blairwilliams, Wordpress 2 Pretty Link Lite Plugin, Wordpress 2012-09-24 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in pretty-bar.php in Pretty Link Lite plugin before 1.5.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the slug parameter, a different vulnerability than CVE-2011-5192.
CVE-2011-5192 2 Blairwilliams, Wordpress 2 Pretty Link Lite Plugin, Wordpress 2012-09-24 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in pretty-bar.php in Pretty Link Lite plugin before 1.5.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the slug parameter, a different vulnerability than CVE-2011-5191.
CVE-2012-1632 2 Drupal, Erik Webb 2 Drupal, Password Policy 2012-09-20 2.1 LOW N/A
Cross-site scripting (XSS) vulnerability in password_policy.admin.inc in the Password Policy module before 6.x-1.4 and 7.x-1.0 beta3 for Drupal allows remote authenticated users with administer policies permissions to inject arbitrary web script or HTML via the name parameter.
CVE-2011-5185 1 Realmatrix 1 Online Subtitles Workshop 2012-09-20 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in video_comments.php in Online Subtitles Workshop before 2.0 rev 131 allows remote attackers to inject arbitrary web script or HTML via the comment parameter.
CVE-2012-1651 2 Drupal, Thinkleft 2 Drupal, Submenu Tree 2012-09-20 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in the Submenu Tree module before 6.x-1.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-3031 1 Siemens 2 Simatic Pcs7, Wincc 2012-09-19 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allow remote attackers to inject arbitrary web script or HTML via a (1) GET parameter, (2) POST parameter, or (3) Referer HTTP header.
CVE-2012-4968 1 Silverstripe 1 Silverstripe 2012-09-18 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe 2.3.x before 2.3.13 and 2.4.x before 2.4.7 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted string to the AbsoluteLinks, (2) BigSummary, (3) ContextSummary, (4) EscapeXML, (5) FirstParagraph, (6) FirstSentence, (7) Initial, (8) LimitCharacters, (9) LimitSentences, (10) LimitWordCount, (11) LimitWordCountXML, (12) Lower, (13) LowerCase, (14) NoHTML, (15) Summary, (16) Upper, (17) UpperCase, or (18) URL method in a template, different vectors than CVE-2012-0976.