Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by CWE-79
Total 21765 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-4966 1 Atcom 1 Netvolution 2012-05-13 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in default.asp in ATCOM Netvolution allows remote attackers to inject arbitrary web script or HTML via the query parameter in a Search action.
CVE-2011-0459 1 Cyber-ark 1 Password Vault Web Access 2012-05-13 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Cyber-Ark Password Vault Web Access (PVWA) 5.0 and earlier, 5.5 through 5.5 patch 4, and 6.0 through 6.0 patch 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-2661 1 Novell 1 Groupwise 2012-05-13 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in Novell GroupWise 8.0 before HP3 allow remote attackers to inject arbitrary web script or HTML via the (1) Directory.Item.name or (2) Directory.Item.displayName parameter.
CVE-2011-1221 1 Realnetworks 2 Realplayer, Realplayer Sp 2012-05-13 4.3 MEDIUM N/A
Cross-zone scripting vulnerability in the RealPlayer ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to inject arbitrary web script or HTML in the Local Zone via a local HTML document, a different vulnerability than CVE-2011-2947.
CVE-2011-4777 2 Microsoft, Parallels 3 Windows 2003 Server, Windows Server 2008, Parallels Plesk Panel 2012-05-12 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Site Editor (aka SiteBuilder) feature in Parallels Plesk Panel 10.4.4_build20111103.18 allows remote attackers to inject arbitrary web script or HTML via the login parameter to preferences.html.
CVE-2011-4170 1 Gnome 1 Empathy 2012-05-12 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the theme_adium_append_message function in empathy-theme-adium.c in the Adium theme in libempathy-gtk in Empathy 3.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted alias (aka nickname) in a /me event, a different vulnerability than CVE-2011-3635.
CVE-2012-1807 1 Koyo 8 H0-ecom, H0-ecom100, H2-ecom and 5 more 2012-04-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the web server in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-1030 1 Dotnetnuke 1 Dotnetnuke 2012-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in DotNetNuke 6.x through 6.0.2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted URL containing text that is used within a modal popup.
CVE-2012-1036 1 Dotnetnuke 1 Dotnetnuke 2012-04-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the telerik HTML editor in DotNetNuke before 5.6.4 and 6.x before 6.1.0 allows remote attackers to inject arbitrary web script or HTML via a message.
CVE-2012-1782 1 Osqa 1 Osqa 2012-03-19 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in questions/ask in OSQA 3b allow remote attackers to inject arbitrary web script or HTML via the (1) url bar or (2) picture bar.
CVE-2012-0404 1 Emc 1 Documentum Eroom 2012-03-14 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in EMC Documentum eRoom before 7.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-0688 1 Tibco 5 Activematrix Bpm, Activematrix Businessworks Service Engine, Activematrix Service Bus and 2 more 2012-03-13 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ActiveMatrix Service Grid Distribution 3.1.3, Service Grid and Service Bus 3.x before 3.1.5, BusinessWorks Service Engine 5.9.x before 5.9.3, and BPM before 1.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-4264 1 Etomite 1 Etomite 2012-03-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Etomite before 1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-4265 1 Phpwebsite 1 Phpwebsite 2012-03-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in phpWebSite before 1.0.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-4054 1 Ca 1 Siteminder 2012-03-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in login.fcc in CA SiteMinder R6 SP6 before CR7 and R12 SP3 before CR8 allows remote attackers to inject arbitrary web script or HTML via the postpreservationdata parameter.
CVE-2012-1410 1 Kadu 1 Kadu 2012-02-29 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the History Window implementation in Kadu 0.9.0 through 0.11.0 allow remote attackers to inject arbitrary web script or HTML via a crafted (1) SMS message, (2) presence message, or (3) status description.
CVE-2012-1087 2 Bluechip, Typo3 2 Bc Post2facebook, Typo3 2012-02-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Post data records to facebook (bc_post2facebook) extension before 0.2.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-1081 2 Roderick Braun, Typo3 2 Ya Googlesearch, Typo3 2012-02-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Yet another Google search (ya_googlesearch) extension before 0.3.10 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-1080 1 Typo3 2 Skt Eurocalc, Typo3 2012-02-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Euro Calculator (skt_eurocalc) extension 0.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-1086 1 Typo3 2 Aeurltool, Typo3 2012-02-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the UrlTool (aeurltool) extension 0.1.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.