Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-79
Total 28117 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-6156 1 Secureideas 1 Basic Analysis And Security Engine 2012-07-03 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in base_qry_main.php in Base Analysis and Security Engine (BASE) before 1.3.9 allow remote attackers to inject arbitrary web script or HTML via the (1) sig[0] and (2) sig[1] parameters.
CVE-2012-3232 1 Webatall 1 Web\@all 2012-07-02 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in search.php in web@all 2.0, as downloaded before May 30, 2012, allows remote attackers to inject arbitrary web script or HTML via the _text[title] parameter.
CVE-2012-0323 2 Paul Lesniewsk, Squirrelmail 2 Autocomplete, Squirrelmail 2012-07-02 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Autocomplete plugin before 3.0 for SquirrelMail allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-4956 1 Wordpress 1 Wordpress 2012-06-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in WordPress before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-1253 1 Roundcube 1 Webmail 2012-06-28 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 0.7, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via vectors involving an embedded image attachment.
CVE-2012-3790 1 Adiscon 1 Loganalyzer 2012-06-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in Adiscon LogAnalyzer before 3.4.4 and 3.5.x before 3.5.5 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter in a Search action.
CVE-2012-2637 1 Kent-web 1 Web Patio 2012-06-20 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in KENT-WEB WEB PATIO 4.04 and earlier might allow remote attackers to inject arbitrary web script or HTML via a crafted cookie.
CVE-2012-2638 1 Wap2 1 Smallpict 2012-06-20 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in SmallPICT.cgi in SmallPICT before 2.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-2636 1 Kent-web 1 Web Patio 2012-06-20 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in KENT-WEB WEB PATIO 4.04 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-2634 1 Newsgator 1 Feeddemon 2012-06-18 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in FeedDemon before 4.0, when the feed preview option is enabled, allows remote attackers to inject arbitrary web script or HTML via a feed.
CVE-2012-2631 1 Atmarkweb 2 \@web Shoppingcart, \@web Shoppingcart T 2012-06-15 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in WEBLOGIC @WEB ShoppingCart before 1.5.2.0, and @WEB ShoppingCart T 1.5.0.1 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-2545 1 Cisco 18 Spa2102 Phone Adapter With Router, Spa2102 Phone Adapter With Router Firmware, Spa3102 Voice Gateway With Router and 15 more 2012-06-14 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the SIP implementation on the Cisco SPA8000 and SPA8800 before 6.1.11, SPA2102 and SPA3102 before 5.2.13, and SPA 500 series IP phones before 7.4.9 allows remote attackers to inject arbitrary web script or HTML via the FROM field of an INVITE message, aka Bug IDs CSCtr27277, CSCtr27256, CSCtr27274, and CSCtr14715.
CVE-2012-2604 1 Bradfordnetworks 2 Network Sentry Appliance, Network Sentry Appliance Software 2012-06-13 3.5 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in GuestAccess.jsp in the Guest/Contractor access component in the administrative interface in Bradford Network Sentry before 5.3.3 allow remote authenticated users to inject arbitrary web script or HTML via unspecified fields.
CVE-2012-2595 1 Siemens 1 Wincc 2012-06-12 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 allow remote attackers to inject arbitrary web script or HTML via vectors involving special characters in parameters.
CVE-2012-1825 1 Forescout 1 Counteract 2012-06-12 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the status program on the ForeScout CounterACT appliance with software 6.3.3.2 through 6.3.4.10 allow remote attackers to inject arbitrary web script or HTML via (1) the loginname parameter in a forgotpass action or (2) the username parameter.
CVE-2011-3317 1 Cisco 1 Secure Access Control Server 2012-06-09 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCtr78192.
CVE-2008-1082 1 Opera 1 Opera Browser 2012-06-07 4.3 MEDIUM N/A
Opera before 9.26 allows remote attackers to "bypass sanitization filters" and conduct cross-site scripting (XSS) attacks via crafted attribute values in an XML document, which are not properly handled during DOM presentation.
CVE-2008-5682 1 Opera 1 Opera Browser 2012-06-07 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Opera before 9.63 allows remote attackers to inject arbitrary web script or HTML via built-in XSLT templates.
CVE-2012-1252 1 Rssowl 1 Rssowl 2012-06-05 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in RSSOwl before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via a feed, a different vulnerability than CVE-2006-4760.
CVE-2010-2491 1 Roundup-tracker 1 Roundup 2012-05-31 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.14 allows remote attackers to inject arbitrary web script or HTML via the template argument to the /issue program.