Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by CWE-79
Total 21765 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-1000042 1 Mapbox Project 1 Mapbox 2017-07-20 4.3 MEDIUM 6.1 MEDIUM
Mapbox.js versions 1.x prior to 1.6.5 and 2.x prior to 2.1.7 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON Name.
CVE-2017-1000059 1 Livehelperchat 1 Live Helper Chat 2017-07-20 4.3 MEDIUM 6.1 MEDIUM
Live Helper Chat version 2.06v and older is vulnerable to Cross-Site Scripting in the HTTP Header handling resulting in the execution of any user provided Javascript code in the session of other users.
CVE-2017-7276 1 Topdesk 1 Topdesk 2017-07-20 4.3 MEDIUM 6.1 MEDIUM
There is reflected XSS in TOPdesk before 5.7.6 and 6.x and 7.x before 7.03.019.
CVE-2016-8946 1 Ibm 1 Emptoris Sourcing 2017-07-20 3.5 LOW 5.4 MEDIUM
IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118833.
CVE-2016-6114 1 Ibm 1 Emptoris Sourcing 2017-07-20 3.5 LOW 5.4 MEDIUM
IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 118352.
CVE-2017-2172 1 Cybozu 1 Kunai 2017-07-20 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting vulnerability in Cybozu KUNAI for Android 3.0.0 to 3.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2017-1000011 1 Mywebsql 1 Mywebsql 2017-07-20 4.3 MEDIUM 6.1 MEDIUM
MyWebSQL version 3.6 is vulnerable to stored XSS in the database manager component resulting in account takeover or stealing of information
CVE-2006-5843 1 Speedywiki 1 Speedywiki 2017-07-19 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in Speedywiki 2.0 allows remote attackers to inject arbitrary web script or HTML via the showRevisions parameter.
CVE-2006-5847 1 Freewebshop 1 Freewebshop 2017-07-19 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter.
CVE-2006-6035 1 F-art Agency 1 Blog Cms 2017-07-19 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in list.php in BLOG:CMS 4.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the FADDR parameter.
CVE-2006-5860 1 Adobe 2 Coldfusion, Jrun 2017-07-19 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the administrator console for Adobe JRun 4.0, as used in ColdFusion, allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2006-6046 1 Epic Designs 1 Eggblog 2017-07-19 6.8 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in eggblog 3.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) edit parameter to (a) admin/articles.php or (b) admin/comments.php, or the (2) add parameter to admin/users.php.
CVE-2006-6108 1 Ec-cube 1 Ec-cube 2017-07-19 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in EC-CUBE before 1.0.1a-beta allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
CVE-2006-5080 1 Six Apart 1 Movable Type 2017-07-19 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the search function in Six Apart Movable Type 3.3 to 3.32, and Movable Type Enterprise 1.01 and 1.02, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2006-5486 1 Sun 2 Iplanet Messaging Server, Java System Messaging Server 2017-07-19 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Webmail in Sun Java System Messaging Server 6.0 through 6.2 and iPlanet Messaging Server 5.2 allows remote attackers to execute arbitrary Javascript via crafted messages.
CVE-2006-4542 2 Usermin, Webmin 2 Usermin, Webmin 2017-07-19 6.8 MEDIUM N/A
Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs.
CVE-2006-4727 1 Tumbleweed 1 Email Firewall 2017-07-19 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in emfadmin/statusView.do in Tumbleweed EMF Administration Module 6.2.2 Build 4123, and possibly other versions before 6.3.2, allows remote attackers to inject arbitrary web script or HTML via the (1) lineId and (2) sort parameters.
CVE-2006-3087 1 Ezgallery 1 Ezgallery 2017-07-19 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in EZGallery 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) pUserID, (2) aid, (3) aname, (4) uid, and (5) m parameter in (a) common/galleries.asp; (6) aid, (7) aname, (8) uid, (9) m, (10) gp, and (11) g parameter in (b) common/pupload.asp; and (12) msg, (13) fn and (14) gp parameter in (c) common/upload.asp.
CVE-2006-3138 1 Accomplishtechnology 1 Phpmydirectory 2017-07-19 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpMyDirectory 10.4.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PIC parameter in offers-pix.php, (2) from parameter in cp/index.php, and (3) action parameter in cp/admin_index.php.
CVE-2006-3306 1 Zoid Technologies 1 Project Eros Bbsengine 2017-07-19 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the preparestring function in lib/common.php in Project EROS bbsengine before 20060501-0142-jam, and possibly earlier versions dating back to 2006-02-23, might allow remote attackers to inject arbitrary web script or HTML via unknown vectors.