CWE-79 CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (42958 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2013-5095	1 Juniper	3 Junos Space, Junos Space Ja1500 Appliance, Junos Space Virtual Appliance	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in the web-based interface in Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka PR 884469.
CVE-2013-5098	2 Mikejolley, Wordpress	2 Download Monitor, Wordpress	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in admin/admin.php in the Download Monitor plugin before 3.3.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the sort parameter, a different vulnerability than CVE-2013-3262.
CVE-2013-5131	1 Apple	1 Iphone Os	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVE-2013-5210	1 Adtran	3 Aos, Netvanta 7060, Netvanta 7100	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in the GUI login page in ADTRAN AOS before R10.8.1 on the NetVanta 7100 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-5222	1 Esri	1 Arcgis Server	2025-04-11	N/A
Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Server 10.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-5305	2 Joachim Ruhs, Typo3	2 Locator, Typo3	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-5307	2 Kennziffer, Typo3	2 Ke Search, Typo3	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in the Faceted Search (ke_search) extension before 1.4.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-5308	2 Juralsulek, Typo3	2 Realurlmanagement, Typo3	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in the RealURL Management (realurlmanagement) extension 0.3.4 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-5314	1 S9y	1 Serendipity	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in serendipity_admin_image_selector.php in Serendipity 1.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the serendipity[htmltarget] parameter.
CVE-2013-5317	1 Ritecms	1 Ritecms	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in RiteCMS 1.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the mode parameter to cms/index.php.
CVE-2013-5326	1 Adobe	1 Coldfusion	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 9.0 before Update 12, 9.0.1 before Update 11, 9.0.2 before Update 6, and 10 before Update 12, when the CFIDE directory is available, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the logviewer directory.
CVE-2013-5695	1 Opsview	1 Opsview	2025-04-11	N/A
Multiple cross-site scripting (XSS) vulnerabilities in Opsview before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/auditlog/, (2) PATH_INFO to info/host/ or (3) viewport/, (4) back parameter to login, or (5) "from" parameter to status/service/recheck.
CVE-2013-5698	1 Open-xchange	2 Open-xchange Appsuite, Open-xchange Server	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite and Server before 6.22.0 rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0 before rev8 allows remote authenticated users to inject arbitrary web script or HTML via a delivery=view action, aka Bug ID 26373, a different vulnerability than CVE-2013-3106.
CVE-2013-5744	1 Fengoffice	1 Feng Office	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in Feng Office 2.3.2-rc and earlier allows remote attackers to inject arbitrary web script or HTML via an arbitrary ref_XXX parameter.
CVE-2013-5913	1 Oxid-esales	1 Eshop	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in the getRecommSearch function in recommlist.php in OXID eShop before 4.6.7, Professional and Community Edition 4.7.x before 4.7.8, and Enterprise Edition 5.x before 5.0.8 allows remote attackers to inject arbitrary web script or HTML via the searchrecomm parameter.
CVE-2013-5938	2 Click2sell, Drupal	2 Click2sell Suite Module, Drupal	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in the Click2Sell Suite module 6.x-1.x for Drupal allows remote attackers to inject arbitrary web script or HTML via a confirmation form.
CVE-2013-6374	1 Jenkins-ci	1 Build Failure Analyzer	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.5.1 for Jenkins allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-6416	1 Rubyonrails	1 Rails	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in the simple_format helper in actionpack/lib/action_view/helpers/text_helper.rb in Ruby on Rails 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML attribute.
CVE-2013-6395	1 Ganglia	1 Ganglia-web	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in header.php in Ganglia Web 3.5.8 and 3.5.10 allows remote attackers to inject arbitrary web script or HTML via the host_regex parameter to the default URI, which is processed by get_context.php.
CVE-2013-6415	3 Redhat, Rhel Sam, Rubyonrails	5 Openstack, Rhel Software Collections, 1.4 and 2 more	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in the number_to_currency helper in actionpack/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the unit parameter.

« first previous Page 836 of 2148. next last »