CWE-CWE-79 CVE - Yack CVE

Filtered by CWE-79

Total 42233 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2014-9021	1 Zteusa	1 Zxdsl 831	2025-04-12	4.3 MEDIUM	N/A
Multiple cross-site scripting (XSS) vulnerabilities in ZTE ZXDSL 831 allow remote attackers to inject arbitrary web script or HTML via the (1) tr69cAcsURL, (2) tr69cAcsUser, (3) tr69cAcsPwd, (4) tr69cConnReqPwd, or (5) tr69cDebugEnable parameter to the TR-069 client page (tr69cfg.cgi); the (6) timezone parameter to the Time and date page (sntpcfg.sntp); or the (7) hostname parameter in a save action to the Quick Stats page (psilan.cgi). NOTE: this issue was SPLIT from CVE-2014-9020 per ADT1 due ... Show More
CVE-2014-9146	1 Fiyo	1 Fiyo Cms	2025-04-12	4.3 MEDIUM	N/A
Multiple cross-site scripting (XSS) vulnerabilities in Fiyo CMS 2.0.1.8 allow remote attackers to inject arbitrary web script or HTML via the (1) view, (2) id, (3) page, or (4) app parameter to the default URI or the (5) act parameter to dapur/index.php.
CVE-2016-6319	1 Theforeman	1 Foreman	2025-04-12	4.3 MEDIUM	6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in app/helpers/form_helper.rb in Foreman before 1.12.2, as used by Remote Execution and possibly other plugins, allows remote attackers to inject arbitrary web script or HTML via the label parameter.
CVE-2012-6430	1 Opensolution	2 Quick Cart, Quick Cms	2025-04-12	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in Open Solution Quick.Cms 5.0 and Quick.Cart 6.0, possibly as downloaded before December 19, 2012, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin.php. NOTE: this might be a duplicate of CVE-2008-4140.
CVE-2014-4581	1 Wpcb Project	1 Wpcb	2025-04-12	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in facture.php in the WPCB plugin 2.4.8 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-2012-6316	1 Tp-link	2 Tl-wr841n, Tl-wr841n Firmware	2025-04-12	4.3 MEDIUM	N/A
Multiple cross-site scripting (XSS) vulnerabilities in the TP-LINK TL-WR841N router with firmware 3.13.9 Build 120201 Rel.54965n and earlier allow remote administrators to inject arbitrary web script or HTML via the (1) username or (2) pwd parameter to userRpm/NoipDdnsRpm.htm.
CVE-2015-0299	1 Open Source Point Of Sale Project	1 Open Source Point Of Sale	2025-04-12	4.0 MEDIUM	N/A
Multiple cross-site scripting (XSS) vulnerabilities in Open Source Point of Sale 2.3.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-4724	1 Custom Banners Project	1 Custom Banners	2025-04-12	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in the Custom Banners plugin 1.2.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the custom_banners_registered_name parameter to wp-admin/options.php.
CVE-2014-2242	1 Mediawiki	1 Mediawiki	2025-04-12	4.3 MEDIUM	N/A
includes/upload/UploadBase.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 does not prevent use of invalid namespaces in SVG files, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an SVG upload, as demonstrated by use of a W3C XHTML namespace in conjunction with an IFRAME element.
CVE-2014-3808	2 Barracudadrive, Realtimelogic	2 Barracudadrive, Barracudadrive	2025-04-12	4.3 MEDIUM	N/A
Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive before 6.7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) role parameter to roles.lsp, (2) name parameter to user.lsp, (3) path parameter to wizard/setuser.lsp, (4) host parameter to tunnelconstr.lsp, or (5) newpath parameter to wfsconstr.lsp in rtl/protected/admin/.
CVE-2016-1306	1 Sun	1 Opensolaris	2025-04-12	4.3 MEDIUM	6.1 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Fog Director 1.0(0) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux80466.
CVE-2015-5500	1 Navigate Project	1 Navigate	2025-04-12	3.5 LOW	N/A
Cross-site scripting (XSS) vulnerability in the Navigate module for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-6145	1 Ibm	1 Cognos Business Intelligence	2025-04-12	3.5 LOW	N/A
Cross-site scripting (XSS) vulnerability in the server in IBM Cognos Business Intelligence 10.1 before IF10, 10.1.1 before IF9, 10.2 before IF11, 10.2.1 before IF8, and 10.2.1.1 before IF7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
CVE-2014-3324	1 Cisco	1 Telepresence Server Software	2025-04-12	4.3 MEDIUM	N/A
Multiple cross-site scripting (XSS) vulnerabilities in the login page in the administrative web interface in Cisco TelePresence Server Software 4.0(2.8) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCup90060.
CVE-2014-3876	1 Ulli Horlacher	1 Fex	2025-04-12	4.3 MEDIUM	N/A
Multiple cross-site scripting (XSS) vulnerabilities in Frams' Fast File EXchange (F*EX, aka fex) before fex-20140530 allow remote attackers to inject arbitrary web script or HTML via the (1) akey parameter to rup or (2) disclaimer or (3) gm parameter to fuc.
CVE-2016-5305	1 Symantec	1 Endpoint Protection Manager	2025-04-12	3.5 LOW	5.4 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to inject arbitrary web script or HTML via a "DOM link manipulation" attack.
CVE-2011-5283	1 Smoothwall	1 Smoothwall	2025-04-12	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in the web management interface in httpd/cgi-bin/ipinfo.cgi in Smoothwall Express 3.1 and 3.0 SP3 and earlier allows remote attackers to inject arbitrary web script or HTML via the IP parameter in a Run action.
CVE-2014-8619	1 Fortinet	1 Fortiweb	2025-04-12	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in the autolearn configuration page in Fortinet FortiWeb 5.1.2 through 5.3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-1759	1 Opensource Technologies	1 Responsive Logo Slideshow	2025-04-12	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in the Responsive Logo Slideshow plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the "URL and Image" field.
CVE-2016-9998	1 Spip	1 Spip	2025-04-12	4.3 MEDIUM	6.1 MEDIUM
SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/info_plugin.php involving the `$plugin` parameter, as demonstrated by a /ecrire/?exec=info_plugin URL.
CVE-2015-2241	1 Djangoproject	1 Django	2025-04-12	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in the contents function in admin/helpers.py in Django before 1.7.6 and 1.8 before 1.8b2 allows remote attackers to inject arbitrary web script or HTML via a model attribute in ModelAdmin.readonly_fields, as demonstrated by a @property.
CVE-2013-3943	1 Dotnetnuke	1 Dotnetnuke	2025-04-12	3.5 LOW	N/A
Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the Display Name field in the Manage Profile.
CVE-2013-7389	1 Dlink	2 Dir-645, Dir-645 Firmware	2025-04-12	4.3 MEDIUM	N/A
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. A1) with firmware before 1.04B11 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceid parameter to parentalcontrols/bind.php, (2) RESULT parameter to info.php, or (3) receiver parameter to bsc_sms_send.php.
CVE-2014-8744	1 Drupal	1 Nivo Slider	2025-04-12	3.5 LOW	N/A
Cross-site scripting (XSS) vulnerability in the Nivo Slider module 7.x-2.x before 7.x-1.11 for Drupal allows remote authenticated users with the "administer nivo slider" permission to inject arbitrary web script or HTML via an image title.
CVE-2014-8578	1 Openstack	1 Horizon	2025-04-12	3.5 LOW	N/A
Cross-site scripting (XSS) vulnerability in the Groups panel in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-3475.
CVE-2014-2711	1 Juniper	1 Junos	2025-04-12	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos before 11.4R11, 11.4X27 before 11.4X27.62 (BBE), 12.1 before 12.1R9, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.2 before 12.2R7, 12.3 before 12.3R6, 13.1 before 13.1R4, 13.2 before 13.2R3, and 13.3 before 13.3R1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-7830	1 Moodle	1 Moodle	2025-04-12	3.5 LOW	N/A
Cross-site scripting (XSS) vulnerability in mod/feedback/mapcourse.php in the Feedback module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the mod/feedback:mapcourse capability to provide a searchcourse parameter.
CVE-2015-6058	1 Microsoft	1 Edge	2025-04-12	4.3 MEDIUM	N/A
Microsoft Edge mishandles HTML attributes in HTTP responses, which allows remote attackers to bypass a cross-site scripting (XSS) protection mechanism via unspecified vectors, aka "Microsoft Edge XSS Filter Bypass."
CVE-2016-5148	1 Google	1 Chrome	2025-04-12	4.3 MEDIUM	6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML via vectors related to widget updates, aka "Universal XSS (UXSS)."
CVE-2014-8380	1 Splunk	1 Splunk	2025-04-12	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in Splunk 6.1.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer Header in a "404 Not Found" response. NOTE: this vulnerability might exist because of a CVE-2010-2429 regression.
CVE-2014-5345	1 Disqus	1 Disqus Comment System	2025-04-12	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in upgrade.php in the Disqus Comment System plugin before 2.76 for WordPress allows remote attackers to inject arbitrary web script or HTML via the step parameter.
CVE-2015-2681	1 Asus	2 Rt-g32, Rt-g32 Firmware	2025-04-12	4.3 MEDIUM	N/A
Multiple cross-site scripting (XSS) vulnerabilities in the ASUS RT-G32 routers with firmware 2.0.2.6 and 2.0.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) next_page, (2) group_id, (3) action_script, or (4) flag parameter to start_apply.htm.
CVE-2014-4820	1 Ibm	1 Integration Bus Manufacturing Pack	2025-04-12	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in IBM Integration Bus Manufacturing Pack 1.x before 1.0.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-6173	1 Ibm	1 Business Process Manager	2025-04-12	3.5 LOW	N/A
Cross-site scripting (XSS) vulnerability in the Process Inspector in IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3 and 8.5.x through 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
CVE-2016-1396	1 Cisco	6 Rv110w Wireless-n Vpn Firewall, Rv110w Wireless-n Vpn Firewall Firmware, Rv130w Wireless-n Multifunction Vpn Router and 3 more	2025-04-12	4.3 MEDIUM	6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux82583.
CVE-2014-3266	1 Cisco	1 Security Manager	2025-04-12	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCun65189.
CVE-2014-0149	1 Redhat	1 Jboss Web Framework Kit	2025-04-12	4.3 MEDIUM	N/A
Multiple cross-site scripting (XSS) vulnerabilities in Red Hat JBoss Web Framework Kit 2.5.0 allow remote attackers to inject arbitrary web script or HTML via a (1) parameter or (2) id name.
CVE-2013-2695	1 Wpsymposiumpro	1 Wp Symposium	2025-04-12	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in invite.php in the WP Symposium plugin before 13.04 for WordPress allows remote attackers to inject arbitrary web script or HTML via the u parameter.
CVE-2014-6620	1 Arubanetworks	1 Clearpass	2025-04-12	4.3 MEDIUM	N/A
Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-1000148	1 S3-video Project	1 S3-video	2025-04-12	4.3 MEDIUM	6.1 MEDIUM
Reflected XSS in wordpress plugin s3-video v0.983

Vulnerabilities (CVE)