CWE-CWE-79 CVE - CVE Search - CVE Details

Filtered by CWE-79

Total 21765 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2013-6239	1 Exis-ti	1 Exis Contexis	2019-12-02	4.3 MEDIUM	6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the photo gallery model in Exis Contexis before 2.0 allows remote attackers to inject arbitrary web script or HTML via the image parameter in a detail action.
CVE-2013-6878	1 Miwisoft	1 Mijosearch	2019-12-02	4.3 MEDIUM	6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the Mijosoft MijoSearch component 2.0.4 and earlier for Joomla! allows remote attackers to inject arbitrary web script or HTML via the query parameter to component/mijosearch/search.
CVE-2014-2214	1 Posh Project	1 Posh	2019-12-02	4.3 MEDIUM	6.1 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in POSH (aka Posh portal or Portaneo) 3.0 through 3.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) error parameter to /includes/plugins/mobile/scripts/login.php or (2) id parameter to portal/openrssarticle.php
CVE-2015-4457	1 Cloudera	1 Cloudera Manager	2019-12-02	3.5 LOW	5.4 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in the Cloudera Manager UI before 5.4.3 allow remote authenticated users to inject arbitrary web script or HTML using unspecified vectors.
CVE-2019-19386	1 Fusionpbx	1 Fusionpbx	2019-12-02	4.3 MEDIUM	6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in app/voicemail_greetings/voicemail_greeting_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the id and/or voicemail_id parameter.
CVE-2019-19388	1 Fusionpbx	1 Fusionpbx	2019-12-02	4.3 MEDIUM	6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in app/dialplans/dialplan_detail_edit.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the dialplan_uuid parameter.
CVE-2019-19387	1 Fusionpbx	1 Fusionpbx	2019-12-02	4.3 MEDIUM	6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in app/fifo_list/fifo_interactive.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the c parameter.
CVE-2019-19385	1 Fusionpbx	1 Fusionpbx	2019-12-02	4.3 MEDIUM	6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in app/dialplans/dialplans.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the app_uuid parameter.
CVE-2019-19384	1 Fusionpbx	1 Fusionpbx	2019-12-02	4.3 MEDIUM	6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in app/fax/fax_log_view.php in FusionPBX 4.4.1 allows remote attackers to inject arbitrary web script or HTML via the fax_uuid parameter.
CVE-2019-18454	1 Gitlab	1 Gitlab	2019-11-27	4.3 MEDIUM	6.1 MEDIUM
An issue was discovered in GitLab Community and Enterprise Edition 10.5 through 12.4 in link validation for RDoc wiki pages feature. It has XSS.
CVE-2018-1000426	1 Jenkins	1 Git Changelog	2019-11-26	4.3 MEDIUM	6.1 MEDIUM
A cross-site scripting vulnerability exists in Jenkins Git Changelog Plugin 2.6 and earlier in GitChangelogSummaryDecorator/summary.jelly, GitChangelogLeftsideBuildDecorator/badge.jelly, GitLogJiraFilterPostPublisher/config.jelly, GitLogBasicChangelogPostPublisher/config.jelly that allows attackers able to control the Git history parsed by the plugin to have Jenkins render arbitrary HTML on some pages.
CVE-2013-5309	2 Fudforum, Ilia Alshanetsky	2 Fudforum, Fudforum	2019-11-25	2.6 LOW	N/A
Cross-site scripting (XSS) vulnerability in install/forum_data/src/custom_fields.inc.t in FUDforum 3.0.4.1 and earlier, when registering a new user, allows remote attackers to inject arbitrary web script or HTML via a custom profile field to index.php. NOTE: some of these details are obtained from third party information.
CVE-2019-14343	1 Vocabularyserver	1 Tematres	2019-11-25	3.5 LOW	5.4 MEDIUM
TemaTres 3.0 has stored XSS via the value parameter to the vocab/admin.php?vocabulario_id=list URI.
CVE-2014-1238	1 Ideagen	1 Q-pulse	2019-11-24	4.3 MEDIUM	6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in ui/common/managedlistdialog.aspx in Gael Q-Pulse 0.6 and earlier.
CVE-2019-15071	1 Openfind	1 Mail2000	2019-11-22	4.3 MEDIUM	6.1 MEDIUM
The "/cgi-bin/go" page in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code via ACTION parameter without authentication. The code can executed for any user accessing the page. This vulnerability affects many mail system of governments, organizations, companies and universities.
CVE-2018-8048	2 Debian, Loofah Project	2 Debian Linux, Loofah	2019-11-22	4.3 MEDIUM	6.1 MEDIUM
In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment.
CVE-2019-15072	1 Openfind	1 Mail2000	2019-11-21	4.3 MEDIUM	6.1 MEDIUM
The login feature in "/cgi-bin/portal" in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code via any parameter. This vulnerability affects many mail system of governments, organizations, companies and universities.
CVE-2011-3352	1 Ziku	1 Zikula	2019-11-21	3.5 LOW	4.8 MEDIUM
Zikula 1.3.0 build #3168 and probably prior has XSS flaw due to improper sanitization of the 'themename' parameter by setting default, modifying and deleting themes. A remote attacker with Zikula administrator privilege could use this flaw to execute arbitrary HTML or web script code in the context of the affected website.
CVE-2010-4659	1 Status	1 Statusnet	2019-11-21	4.3 MEDIUM	6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in statusnet through 2010 in error message contents.
CVE-2019-18982	1 Pimcore	1 Pimcore	2019-11-21	4.3 MEDIUM	6.1 MEDIUM
bundles/AdminBundle/Controller/Admin/EmailController.php in Pimcore before 6.3.0 allows script execution in the Email Log preview window because of the lack of a Content-Security-Policy header.

Vulnerabilities (CVE)