Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by CWE-79
Total 21765 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-6017 1 Atmail 1 Atmail 2016-12-30 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Atmail Webmail Server before 7.2 allows remote attackers to inject arbitrary web script or HTML via the body of an e-mail message, as demonstrated by the SRC attribute of an IFRAME element.
CVE-2015-2064 1 Dlguard 1 Dlguard 2016-12-30 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in DLGuard 5, 4.6, and 4.5 allow remote attackers to inject arbitrary web script or HTML via the (1) page, (2) c, or (3) redirect parameter to index.php or (4) search field (searchTerm parameter) in the main page.
CVE-2013-2031 2 Gentoo, Mediawiki 2 Linux, Mediawiki 2016-12-30 4.3 MEDIUM N/A
MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a CDATA section containing valid UTF-7 encoded sequences in a SVG file, which is then incorrectly interpreted as UTF-8 by Chrome and Firefox.
CVE-2013-4995 1 Phpmyadmin 1 Phpmyadmin 2016-12-30 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SQL query that is not properly handled during the display of row information.
CVE-2013-7250 1 Projectforge 1 Projectforge 2016-12-30 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in the JsonBuilder implementation in ProjectForge before 5.3 allows remote authenticated users to inject arbitrary web script or HTML via an autocompletion string, related to web/core/JsonBuilder.java and web/wicket/autocompletion/PFAutoCompleteBehavior.java.
CVE-2013-7241 1 Zenphoto 1 Zenphoto 2016-12-30 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the export function in zp-core/zp-extensions/mergedRSS.php in Zenphoto before 1.4.5.4 allows remote attackers to inject arbitrary web script or HTML via the URI.
CVE-2013-7258 1 Web2ldap 1 Web2ldap 2016-12-30 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in web2ldap 1.1.x before 1.1.49 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "displaying group DN and entry data in group administration UI."
CVE-2013-5005 1 Tripwire 1 Tripwire Enterprise 2016-12-30 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in ajaxRequest/methodCall.do in Tripwire Enterprise 8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) m_target_class_name, (2) m_target_method_name, or (3) m_request_context_params parameters.
CVE-2013-4996 1 Phpmyadmin 1 Phpmyadmin 2016-12-30 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted database name, (2) a crafted user name, (3) a crafted logo URL in the navigation panel, (4) a crafted entry in a certain proxy list, or (5) crafted content in a version.json file.
CVE-2013-5094 1 Mcafee 1 Vulnerability Manager 2016-12-30 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.exp in McAfee Vulnerability Manager 7.5 allows remote attackers to inject arbitrary web script or HTML via the cert_cn cookie parameter.
CVE-2015-4127 1 Church Admin Project 1 Church Admin 2016-12-30 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the church_admin plugin before 0.810 for WordPress allows remote attackers to inject arbitrary web script or HTML via the address parameter, as demonstrated by a request to index.php/2015/05/21/church_admin-registration-form/.
CVE-2015-2960 1 Zohocorp 1 Manageengine Netflow Analyzer 2016-12-30 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Zoho NetFlow Analyzer build 10250 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-3921 1 Coppermine-gallery 1 Coppermine Photo Gallery 2016-12-30 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in contact.php in Coppermine Photo Gallery before 1.5.36 allows remote authenticated users to inject arbitrary web script or HTML via the referer parameter.
CVE-2015-4135 1 Phpwind 1 Phpwind 2016-12-30 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in goto.php in phpwind 8.7 allows remote attackers to inject arbitrary web script or HTML via the url parameter.
CVE-2016-7463 1 Vmware 1 Esxi 2016-12-30 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in the Host Client in VMware vSphere Hypervisor (aka ESXi) 5.5 and 6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted VM.
CVE-2016-2934 1 Ibm 1 Bigfix Remote Control 2016-12-30 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-1978 1 Ibm 1 Tivoli Directory Server 2016-12-30 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-9681 1 S9y 1 Serendipity 2016-12-30 3.5 LOW 5.4 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in Serendipity before 2.0.5 allow remote authenticated users to inject arbitrary web script or HTML via a category or directory name.
CVE-2015-4198 1 Cisco 1 Web Security Appliance 2016-12-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the web framework on Cisco Web Security Appliance (WSA) devices with software 8.5.0-497 allows remote attackers to inject arbitrary web script or HTML via an unspecified HTTP header, aka Bug ID CSCuu24409.
CVE-2015-4210 1 Cisco 1 Webex Meeting Center 2016-12-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCur03806.