Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by CWE-79
Total 21765 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2005-3047 1 Phpmyfaq 1 Phpmyfaq 2016-10-17 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in PhpMyFaq 1.5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) PMF_CONF[version] parameter to footer.php or (2) PMF_LANG[metaLanguage] to header.php.
CVE-2005-0896 1 Accomplishtechnology 1 Phpmydirectory 2016-10-17 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in review.php in phpMyDirectory 10.1.3-rel allow remote attackers to inject arbitrary web script or HTML via the (1) subcat, (2) page, or (3) subsubcat parameter.
CVE-2003-0310 1 Ez 1 Ez Publish 2016-10-17 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in articleview.php for eZ publish 2.2 allows remote attackers to insert arbitrary web script.
CVE-2002-2340 1 Phorum 1 Phorum 2016-10-17 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in read.php in Phorum 3.3.2a allows remote attackers to inject arbitrary web script or HTML via (1) the t parameter or (2) the body of an email response.
CVE-2002-0270 1 Opera Software 1 Opera Web Browser 2016-10-17 4.3 MEDIUM N/A
Opera, when configured with the "Determine action by MIME type" option disabled, interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web applications that use a text/plain type to prevent cross-site scripting attacks.
CVE-2016-7571 1 Drupal 1 Drupal 2016-10-04 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in Drupal 8.x before 8.1.10 allows remote attackers to inject arbitrary web script or HTML via vectors involving an HTTP exception.
CVE-2016-5398 1 Redhat 1 Jboss Bpm Suite 2016-10-04 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in Business Process Editor in Red Hat JBoss BPM Suite before 6.3.3 allows remote authenticated users to inject arbitrary web script or HTML by levering permission to create business processes.
CVE-2014-2018 1 Mozilla 3 Seamonkey, Thunderbird, Thunderbird Esr 2016-10-03 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in a (1) OBJECT or (2) EMBED element, a related issue to CVE-2013-6674.
CVE-2016-0927 1 Pivotal Software 1 Cloud Foundry Elastic Runtime 2016-09-30 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2012-1038 1 Juniper 1 Networks Mobility System Software 2016-09-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the WebAAA login functionality (wba_login.html) in Juniper Networks Mobility System Software (MSS) 7.6.x before 7.6.3, 7.7.x before 7.7.1, 7.5.x before 7.5.3, and other unspecified versions before 7.4 and 7.3 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter name.
CVE-2016-6913 1 Alienvault 2 Open Source Security Information And Event Management, Unified Security Management 2016-09-28 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in AlienVault OSSIM before 5.3 and USM before 5.3 allows remote attackers to inject arbitrary web script or HTML via the back parameter to ossim/conf/reload.php.
CVE-2016-5974 1 Ibm 1 Security Privileged Identity Manager Virtual Appliance 2016-09-28 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string.
CVE-2016-6840 1 Huawei 1 Oceanstor Ism 2016-09-28 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the management interface in Huawei OceanStor ISM before V200R001C04SPC200 allows remote attackers to inject arbitrary web script or HTML via the loginName parameter to cgi-bin/doLogin_CgiEntry and possibly other unspecified vectors.
CVE-2016-5395 1 Apache 1 Ranger 2016-09-27 3.5 LOW 4.8 MEDIUM
Cross-site scripting (XSS) vulnerability in the create user functionality in the policy admin tool in Apache Ranger before 0.6.1 allows remote authenticated administrators to inject arbitrary web script or HTML via vectors related to policies.
CVE-2016-4969 1 Fortinet 1 Fortiwan 2016-09-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote attackers to inject arbitrary web script or HTML via the IP parameter to script/statistics/getconn.php.
CVE-2013-6711 1 Cisco 1 Webex Sales Center 2016-09-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the product-creation administrative page in Cisco WebEx Sales Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul25540.
CVE-2013-6690 1 Cisco 1 Prime Collaboration 2016-09-15 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the web interface in the Assurance component in Cisco Prime Collaboration allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs CSCui92643, CSCui94038, and CSCui94161.
CVE-2013-6974 1 Cisco 1 Secure Access Control System 2016-09-09 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud89431.
CVE-2014-3265 1 Cisco 1 Security Manager 2016-09-07 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Auto Update Server (AUS) web framework in Cisco Security Manager 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuo06900.
CVE-2014-9517 1 D-link 2 Dcs-2103 Hd Cube Network Camera, Dcs-2103 Hd Cube Network Camera Firmware 2016-09-06 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in D-link IP camera DCS-2103 with firmware before 1.20 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to vb.htm.