Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by CWE-79
Total 21765 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-0513 1 Emc 2 Vipr Srm, Watch4net 2017-01-02 3.5 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging privileged access to set crafted values of unspecified fields.
CVE-2014-9569 1 Sap 1 Netweaver Business Client For Html 2017-01-02 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver Business Client (NWBC) for HTML 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) roundtrips parameter, aka SAP Security Note 2051285.
CVE-2014-7852 1 Redhat 1 Jboss Enterprise Portal Platform 2017-01-02 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in JBoss RichFaces, as used in JBoss Portal 6.1.1, allows remote attackers to inject arbitrary web script or HTML via crafted URL, which is not properly handled in a CSS file.
CVE-2014-8012 1 Cisco 1 Adaptive Security Appliance Software 2017-01-02 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the WebVPN Portal Login page in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to inject arbitrary web script or HTML via crafted attributes in a cookie, aka Bug ID CSCuh24695.
CVE-2014-8018 1 Cisco 1 Unified Communications Domain Manager 2017-01-02 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Business Voice Services Manager (BVSM) pages in the Application Software in Cisco Unified Communications Domain Manager 8 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCur19651, CSCur18555, CSCur19630, and CSCur19661.
CVE-2014-8026 1 Cisco 1 Jabber Guest 2017-01-02 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Guest Server in Cisco Jabber allows remote attackers to inject arbitrary web script or HTML via a (1) GET or (2) POST parameter, aka Bug ID CSCus08074.
CVE-2014-8618 1 Fortinet 6 Fortiadc-1500d, Fortiadc-2000d, Fortiadc-200d and 3 more 2017-01-02 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the theme login page in Fortinet FortiADC D models before 4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-8986 1 Mantisbt 1 Mantisbt 2017-01-02 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in the selection list in the filters in the Configuration Report page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.17 allows remote administrators to inject arbitrary web script or HTML via a crafted config option, a different vulnerability than CVE-2014-8987.
CVE-2013-2205 1 Wordpress 1 Wordpress 2016-12-30 4.3 MEDIUM N/A
The default configuration of SWFUpload in WordPress before 3.5.2 has an unrestrictive security.allowDomain setting, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted web site.
CVE-2013-6037 1 Aker 1 Secure Mail Gateway 2016-12-30 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in Aker Secure Mail Gateway 2.5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg_id parameter.
CVE-2013-7368 1 Raoul Proenca 1 Gnew 2016-12-30 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Gnew 2013.1 allow remote attackers to inject arbitrary web script or HTML via the gnew_template parameter to (1) users/profile.php, (2) articles/index.php, or (3) admin/polls.php; (4) category_id parameter to news/submit.php; news_id parameter to (5) news/send.php or (6) comments/add.php; or (7) post_subject or (8) thread_id parameter to posts/edit.php.
CVE-2013-7365 1 Sap 1 Enterprise Portal 2016-12-30 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in SAP Enterprise Portal allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
CVE-2013-7277 1 Aphpkb 1 Aphpkb 2016-12-30 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) before 0.95.8 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP Referer header to saa.php, (2) username parameter to login.php, or (3) keyword_list parameter to keysearch.php.
CVE-2013-7389 1 D-link 2 Dir-645, Dir-645 Firmware 2016-12-30 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. A1) with firmware before 1.04B11 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceid parameter to parentalcontrols/bind.php, (2) RESULT parameter to info.php, or (3) receiver parameter to bsc_sms_send.php.
CVE-2013-5583 1 Joomla 1 Joomla\! 2016-12-30 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in libraries/idna_convert/example.php in Joomla! 3.1.5 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
CVE-2015-0344 1 Adobe 1 Connect 2016-12-30 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the web app in Adobe Connect before 9.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-1389 1 Arubanetworks 1 Clearpass Policy Manager 2016-12-30 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote attackers to inject arbitrary web script or HTML via the username parameter to tips/tipsLoginSubmit.action.
CVE-2015-0343 1 Adobe 1 Connect 2016-12-30 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in admin/home/homepage/search in the web app in Adobe Connect before 9.4 allows remote attackers to inject arbitrary web script or HTML via the query parameter.
CVE-2013-5002 1 Phpmyadmin 1 Phpmyadmin 2016-12-30 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in libraries/schema/Export_Relation_Schema.class.php in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted pageNumber value to schema_export.php.
CVE-2013-5951 1 Extplorer 1 Extplorer 2016-12-30 2.6 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in eXtplorer 2.1.3, when used as a component for Joomla!, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) application.js.php in scripts/ or (2) admin.php, (3) copy_move.php, (4) functions.php, (5) header.php, or (6) upload.php in include/.