Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-79
Total 27423 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-6569 1 Sun 2 Java System Web Proxy Server, Java System Web Server 2011-03-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the View Error Log functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566246.
CVE-2007-6465 1 Ganglia 1 Ganglia 2011-03-08 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in ganglia-web in Ganglia before 3.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) c and (2) h parameters to (a) web/host_gmetrics.php; the (3) G, (4) me, (5) x, (6) n, (7) v, (8) l, (9) vl, and (10) st parameters to (b) web/graph.php; and the (11) c, (12) G, (13) h, (14) r, (15) m, (16) s, (17) cr, (18) hc, (19) sh, (20) p, (21) t, (22) jr, (23) js, (24) gw, (25) z, and (26) gs parameters to (c) web/get_context.php. NOTE: some of these details are obtained from third party information.
CVE-2007-6343 1 Hp 1 Openview Network Node Manager 2011-03-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-6219 1 Ibm 1 Tivoli Netcool Security Manager 2011-03-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in IBM Tivoli Netcool Security Manager 1.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-6102 1 Feed2js 1 Feed2js 2011-03-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Feed to JavaScript (Feed2JS) 1.91 allows remote attackers to inject arbitrary web script or HTML via a URL in a feed.
CVE-2007-5948 1 Script-fun 1 Sf-shoutbox 2011-03-08 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in main.php in SF-Shoutbox 1.2.1 through 1.4 allow remote attackers to inject arbitrary web script or HTML via the (1) nick (aka Name) and (2) shout (aka Shout) parameters.
CVE-2007-5944 1 Ibm 1 Websphere Application Server 2011-03-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Servlet Engine / Web Container in IBM WebSphere Application Server (WAS) 5.1.1.4 through 5.1.1.16 allows remote attackers to inject arbitrary web script or HTML via the Expect HTTP header. NOTE: this might be the same issue as CVE-2006-3918, but there are insufficient details to be sure.
CVE-2007-5924 1 Ibm 1 Lotus Domino 2011-03-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Web Server (HTTP) task in IBM Lotus Domino before 6.5.6 FP2, and 7.x before 7.0.2 FP2, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-5809 1 Hitachi 14 Cosminexus Application Server Enterprise, Cosminexus Application Server Standard, Cosminexus Developer Light Version 6 and 11 more 2011-03-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Hitachi Web Server 01-00 through 03-10, as used by certain Cosminexus products, allows remote attackers to inject arbitrary web script or HTML via unspecified HTTP requests that trigger creation of a server-status page.
CVE-2007-5136 1 Dragonfrugal 1 Dfd Cart 2011-03-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in DFD Cart 1.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-5046 1 Icewarp 1 Merak Mail Server 2011-03-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Webmail interface for IceWarp Merak Mail Server before 9.0.0 allows remote attackers to inject arbitrary JavaScript via a javascript: URI in an attribute of an element in an email message body, as demonstrated by the onload attribute in a BODY element.
CVE-2007-4717 1 Claroline 1 Claroline 2011-03-08 3.5 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.6 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) dir parameter in admin/adminusers.php, the (2) action parameter in admin/advancedUserSearch.php, and the (3) view parameter in admin/campusProblem.php.
CVE-2007-4542 1 University Of Minnesota 1 Mapserver 2011-03-08 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in MapServer before 4.10.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the (1) processLine function in maptemplate.c and the (2) writeError function in mapserv.c in the mapserv CGI program.
CVE-2007-3918 1 Gforge 1 Gforge 2011-03-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in account/verify.php in GForge 4.6b2 allows remote attackers to inject arbitrary web script or HTML via the confirm_hash parameter.
CVE-2006-6832 1 Joomla 1 Joomla 2011-03-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Joomla! before 1.0.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to poll.php or the module title.
CVE-2006-5859 1 Adobe 1 Coldfusion 2011-03-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 7.0 and 7.0.1, when Global Script Protection is not enabled, allows remote attackers to inject arbitrary HTML and web script via unknown vectors, possibly related to Linkdirect.cfm, Topnav.cfm, and Welcomedoc.cfm.
CVE-2006-4220 1 Novell 2 Groupwise, Groupwise Webaccess 2011-03-08 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in webacc in Novell GroupWise WebAccess before 7 Support Pack 3 Public Beta allow remote attackers to inject arbitrary web script or HTML via the (1) User.html, (2) Error, (3) User.Theme.index, and (4) and User.lang parameters.
CVE-2005-4245 1 Snipegallery 1 Snipe Gallery 2011-03-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in search.php in Snipe Gallery 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.
CVE-2005-3908 1 Amazon Shop 1 Amazon Shop 2011-03-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in search.php in GhostScripter Amazon Shop 5.0.0, and other versions before 5.0.2, allows remote attackers to inject web script or HTML via the query parameter.
CVE-2005-2818 1 Eric Fichot 1 Downfile 2011-03-08 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in DownFile 1.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter to (1) email.php,(2) index.php, (3) del.php, or (4) add_form.php.