CWE-79 CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (42958 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2014-0330	1 Dell	2 Kace K1000 Systems Management Appliance, Kace K1000 Systems Management Appliance Software	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in adminui/user_list.php on the Dell KACE K1000 management appliance 5.5.90545 allows remote attackers to inject arbitrary web script or HTML via the LABEL_ID parameter.
CVE-2012-1781	1 Socialcms	1 Socialcms	2025-04-11	N/A
Multiple cross-site scripting (XSS) vulnerabilities in ajax/commentajax.php in SocialCMS 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) TREF_email_address or (2) TR_name parameters.
CVE-2014-0332	1 Sonicwall	3 Analyzer, Global Management System, Uma E5000	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in mainPage in Dell SonicWALL GMS before 7.1 SP2, SonicWALL Analyzer before 7.1 SP2, and SonicWALL UMA E5000 before 7.1 SP2 might allow remote attackers to inject arbitrary web script or HTML via the node_id parameter in a ScreenDisplayManager genNetwork action.
CVE-2012-1787	1 Webglimpse	1 Webglimpse	2025-04-11	N/A
Multiple cross-site scripting (XSS) vulnerabilities in wgarcmin.cgi in Webglimpse 2.20.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) URL, (2) FILE, or (3) DOMAIN parameters.
CVE-2010-3926	1 Wb-i	2 Sgx-sp Final, Sgx-sp Final Ne	2025-04-11	N/A
Multiple cross-site scripting (XSS) vulnerabilities in Shop.cgi in SGX-SP Final before 11.00 and SGX-SP Final NE before 11.00 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-2068	2 Drupal, Tiger-fish	2 Drupal, Fancy Slide	2025-04-11	N/A
Multiple cross-site scripting (XSS) vulnerabilities in fancy_slide.module in the Fancy Slide module before 6.x-2.7 for Drupal allow remote authenticated users with the administer fancy_slide permission to inject arbitrary web script or HTML via the (1) node_title or (2) nodequeue_title parameter.
CVE-2012-2059	2 Drupal, Steve Lockwood	2 Drupal, Ticketyboo News Ticker	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in the ticketyboo News Ticker module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-4759	1 Magnolia-cms	2 Magnolia Cms, Magnolia Form Module	2025-04-11	N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Magnolia Form module 1.x before 1.4.7 and 2.x before 2.0.2 for Magnolia CMS allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) fullname, or (3) email parameter to magnoliaPublic/demo-project/members-area/registration.html.
CVE-2012-1814	1 Emerson	3 Deltav, Deltav Proessentials Scientific Graph, Deltav Workstation	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials Scientific Graph 5.0.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-1059	1 Oscommerce	1 Online Merchant	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Cart/pages/main.php in OSCommerce Online Merchant 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the value_title parameter, as demonstrated using the "Front" field in the shirt module.
CVE-2012-1956	2 Mozilla, Redhat	4 Firefox, Seamonkey, Thunderbird and 1 more	2025-04-11	N/A
Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 do not prevent use of the Object.defineProperty method to shadow the location object (aka window.location), which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving a plugin.
CVE-2012-1944	2 Mozilla, Redhat	5 Firefox, Seamonkey, Thunderbird and 2 more	2025-04-11	N/A
The Content Security Policy (CSP) implementation in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 does not block inline event handlers, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document.
CVE-2013-4372	1 Redhat	6 Fuse Esb Enterprise, Fuse Management Console, Fuse Mq Enterprise and 3 more	2025-04-11	N/A
Multiple cross-site scripting (XSS) vulnerabilities in Fuse Management Console in Red Hat JBoss Fuse 6.0.0 before patch 3 and JBoss A-MQ 6.0.0 before patch 3 allow remote attackers to inject arbitrary web script or HTML via the (1) user field in the create user page or (2) profile version to the create profile page.
CVE-2010-4783	1 Phpwebscripts	1 Easy Banner Free	2025-04-11	N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php in PHP Web Scripts Easy Banner Free 2009.05.18, when magic_quotes_gpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) siteurl and (2) urlbanner parameters.
CVE-2010-1332	1 Prettybook	1 Prettyformmail	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in PrettyBook PrettyFormMail allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-3985	2 Hp, Microsoft	2 Operations Orchestration, Internet Explorer	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in HP Operations Orchestration before 9.0, when Internet Explorer 6.0 is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-5010	1 Schoolmation	1 Schoolmation	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in schoolmv2/html/studentmain.php in SchoolMation 2.3 allows remote attackers to inject arbitrary web script or HTML via the session parameter.
CVE-2010-1333	1 Almas	1 Compiere	2025-04-11	N/A
Multiple cross-site scripting (XSS) vulnerabilities in Almas Inc. Compiere J300_A02 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-6914	1 Cybozu	1 Garoon	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in a calendar component in Cybozu Garoon before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-1077	1 Apache	1 Archiva	2025-04-11	N/A
Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

« first previous Page 817 of 2148. next last »