CWE-79— Cross-site Scripting (XSS)
41,291 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-79page 10 of 826
- CVE-2007-5280NONECVSS 0.0EG 0.02007-10-09
Multiple cross-site scripting (XSS) vulnerabilities in messages.jsp in AppFuse before 2.0 Final allow remote attackers to inject arbitrary web script or HTML via unspecified input that is recorded in (1) success or (2) error messages.
- CVE-2007-5290NONECVSS 0.0EG 0.02007-10-09
Multiple cross-site scripting (XSS) vulnerabilities in MailBee WebMail Pro 3.4 and earlier; and possibly MailBee WebMail Pro ASP before 3.4.64, WebMail Lite ASP before 4.0.11, and WebMail Lite PHP before 4.0.22; allow remote attackers to i…
- CVE-2007-5291NONECVSS 0.0EG 0.02007-10-09
Cross-site scripting (XSS) vulnerability in Edit.asp in DB Manager 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
- CVE-2007-5292NONECVSS 0.0EG 0.02007-10-09
Cross-site scripting (XSS) vulnerability in photos.cfm in Directory Image Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the backwardDirectory parameter.
- CVE-2007-5293NONECVSS 0.0EG 0.02007-10-09
Multiple cross-site scripting (XSS) vulnerabilities in IDMOS 1.0-beta (aka Phoenix) allow remote attackers to inject arbitrary web script or HTML via the (1) err_msg parameter to error.php and the (2) content parameter to templates/simple/…
- CVE-2007-5295NONECVSS 0.0EG 0.02007-10-09
Multiple cross-site scripting (XSS) vulnerabilities in index.php in (a) Wikepage Opus 13 2007.2 and (b) TipiWiki 2 allow remote attackers to inject arbitrary web script or HTML via the (1) PageContent and (2) PageName parameters.
- CVE-2007-5296NONECVSS 0.0EG 0.02007-10-09
Multiple cross-site scripting (XSS) vulnerabilities in dblisttest.asp in dbList 8.1 allow remote attackers to inject arbitrary web script or HTML via the (1) db, (2) pagesize, (3) sort, (4) strKeyWords, and (5) table parameters. NOTE: som…
- CVE-2007-5297NONECVSS 0.0EG 0.02007-10-09
Cross-site scripting (XSS) vulnerability in index.php in Minki 1.30 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
- CVE-2007-5302NONECVSS 0.0EG 0.02007-10-09
Multiple cross-site scripting (XSS) vulnerabilities in HP System Management Homepage (SMH) in HP-UX B.11.11, B.11.23, and B.11.31, and SMH before 2.1.10 for Linux and Windows, allow remote attackers to inject arbitrary web script or HTML v…
- CVE-2007-5303NONECVSS 0.0EG 0.02007-10-09
Cross-site scripting (XSS) vulnerability in news_page.php in SnewsCMS Rus 2.1 allows remote attackers to inject arbitrary web script or HTML via the page_id parameter.
- CVE-2007-5304NONECVSS 0.0EG 0.02007-10-09
Multiple cross-site scripting (XSS) vulnerabilities in ELSEIF CMS Beta 0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) repertimage parameter to utilisateurs/vousetesbannis.php, the (2) elseifvotetxtresultatduv…
- CVE-2007-5312NONECVSS 0.0EG 0.02007-10-09
Cross-site scripting (XSS) vulnerability in TorrentTrader Classic 1.07 allows remote attackers to inject arbitrary web script or HTML via the (1) color parameter to pjirc/css.php and the (2) cat parameter to browse.php.
- CVE-2007-5370NONECVSS 0.0EG 0.02007-10-11
Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/dnewsweb.exe in NetWin DNewsWeb (DNews News Server) 57e1 allow remote attackers to inject arbitrary web script or HTML via the (1) group or (2) utag parameter.
- CVE-2007-5385NONECVSS 0.0EG 0.02007-10-12
Multiple cross-site scripting (XSS) vulnerabilities in the Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2007-5386NONECVSS 0.0EG 0.02007-10-12
Cross-site scripting (XSS) vulnerability in scripts/setup.php in phpMyAdmin 2.11.1, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string.
- CVE-2007-5403NONECVSS 0.0EG 0.02008-01-09
Multiple cross-site scripting (XSS) vulnerabilities in Layton HelpBox 3.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Forename, (2) Surname, (3) Telephone, and (4) Fax fields to writeenduserenduser…
- CVE-2007-5411NONECVSS 0.0EG 0.02007-10-12
Cross-site scripting (XSS) vulnerability in the Linksys SPA941 VoIP Phone with firmware 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the From header in a SIP message.
- CVE-2007-5414NONECVSS 0.0EG 0.02007-10-12
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0, when UTF-7 document content is rendered directly in UTF-7, allows remote attackers to inject arbitrary web script or HTML via a gopher URI that uses single quote chara…
- CVE-2007-5415NONECVSS 0.0EG 0.02007-10-12
Cross-site scripting (XSS) vulnerability in Mozilla Firefox 2.0, when UTF-7 document content is rendered directly in UTF-7, allows remote attackers to inject arbitrary web script or HTML via a gopher URI that uses '/' (slash) characters to…
- CVE-2007-5426NONECVSS 0.0EG 0.02007-10-12
Multiple cross-site scripting (XSS) vulnerabilities in ActiveKB NX 2.5.4 allow remote attackers to inject arbitrary web script or HTML via the page parameter to the default URI for some directories, as demonstrated by (1) ActiveKB/ and (2)…
- CVE-2007-5427NONECVSS 0.0EG 0.02007-10-12
Cross-site scripting (XSS) vulnerability in the com_search component in Joomla! 1.0.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchword parameter. NOTE: this might be related to CVE-2007-4189.1.
- CVE-2007-5428NONECVSS 0.0EG 0.02007-10-12
Cross-site scripting (XSS) vulnerability in UMI CMS allows remote attackers to inject arbitrary web script or HTML via the search_string parameter to the default URI in search_do/.
- CVE-2007-5429NONECVSS 0.0EG 0.02007-10-12
Cross-site scripting (XSS) vulnerability in index.php in Nucleus 3.01 allows remote attackers to inject arbitrary web script or HTML via the archive parameter.
- CVE-2007-5433NONECVSS 0.0EG 0.02007-10-12
Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in Site-Up 2.64 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) search or (2) search mask field.
- CVE-2007-5434NONECVSS 0.0EG 0.02007-10-12
Cross-site scripting (XSS) vulnerability in PRO-search 0.17.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter to the default URI.
- CVE-2007-5443NONECVSS 0.0EG 0.02007-10-14
Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple 1.1.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) the anchor tag and (2) listtags.
- CVE-2007-5455NONECVSS 0.0EG 0.02007-10-14
Cross-site scripting (XSS) vulnerability in wxis.exe in WWWISIS 7.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a call to the iah/iah.xis IsisScript code, possibly involving the lang or exprSearch paramet…
- CVE-2007-5459NONECVSS 0.0EG 0.02007-10-14
Cross-site scripting (XSS) vulnerability in the sidebar HTML page in the MouseoverDictionary before 0.6.2 extension for Mozilla Firefox allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2007-5472NONECVSS 0.0EG 0.02007-10-22
Cross-site scripting (XSS) vulnerability in the Server component in CA Host-Based Intrusion Prevention System (HIPS) before 8.0.0.93 allows remote attackers to inject arbitrary web script or HTML via requests that are written to logs for l…
- CVE-2007-5477NONECVSS 0.0EG 0.02007-10-16
Cross-site scripting (XSS) vulnerability in auth.w in djeyl.net WebMod 0.48 Half-Life Dedicated Server plugin allows remote attackers to inject arbitrary web script or HTML via the redir parameter.
- CVE-2007-5478NONECVSS 0.0EG 0.02007-10-16
Cross-site scripting (XSS) vulnerability in projects in Nabh Stringbeans Portal (sbportal) 3.2 allows remote attackers to inject arbitrary web script or HTML via the project_name parameter.
- CVE-2007-5479NONECVSS 0.0EG 0.02007-10-16
Cross-site scripting (XSS) vulnerability in Search.asp in Xcomputer allows remote attackers to inject arbitrary web script or HTML via the EXPS parameter.
- CVE-2007-5480NONECVSS 0.0EG 0.02007-10-16
Multiple cross-site scripting (XSS) vulnerabilities in InnovaAge InnovaShop allow remote attackers to inject arbitrary web script or HTML via the (1) msg parameter to msg.jsp, and the (2) contentid parameter to tc/contents/home001.jsp.
- CVE-2007-5496NONECVSS 0.0EG 0.02008-05-23
Cross-site scripting (XSS) vulnerability in setroubleshoot 2.0.5 allows local users to inject arbitrary web script or HTML via a crafted (1) file or (2) process name, which triggers an Access Vector Cache (AVC) log entry in a log file used…
- CVE-2007-5547NONECVSS 0.0EG 0.02007-10-18
Cross-site scripting (XSS) vulnerability in Cisco IOS allows remote attackers to inject arbitrary web script or HTML, and execute IOS commands, via unspecified vectors, aka PSIRT-2022590358. NOTE: as of 20071016, the only disclosure is a …
- CVE-2007-5562NONECVSS 0.0EG 0.02007-10-18
Cross-site scripting (XSS) vulnerability in cgi-bin/welcome (aka the login page) in Netgear SSL312 PROSAFE SSL VPN-Concentrator 25 allows remote attackers to inject arbitrary web script or HTML via the err parameter in the context of an er…
- CVE-2007-5564NONECVSS 0.0EG 0.02007-10-18
Multiple cross-site scripting (XSS) vulnerabilities in NSSboard (formerly Simple PHP Forum) 6.1 allow remote attackers to inject arbitrary web script or HTML via (1) HTML tags when BBcode is disabled; or the (2) user, (3) email, or (4) Rea…
- CVE-2007-5577NONECVSS 0.0EG 0.02007-10-18
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.13 (aka Sunglow) allow remote attackers to inject arbitrary web script or HTML via the (1) Title or (2) Section Name form fields in the Section Manager component, or…
- CVE-2007-5581NONECVSS 0.0EG 0.02007-11-08
Multiple cross-site scripting (XSS) vulnerabilities in mpweb/scripts/mpx.dll in Cisco Unified MeetingPlace 5.4 and earlier and 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) FirstName and (2) LastName paramet…
- CVE-2007-5582NONECVSS 0.0EG 0.02007-12-15
Cross-site scripting (XSS) vulnerability in the login page in Cisco CiscoWorks Server (CS), possibly 2.6 and earlier, when using CiscoWorks Common Services 3.0.x and 3.1, allows remote attackers to inject arbitrary web script or HTML via u…
- CVE-2007-5588NONECVSS 0.0EG 0.02007-10-19
Cross-site scripting (XSS) vulnerability in mnoGoSearch before 3.2.43 allows remote attackers to inject arbitrary web script or HTML via the t parameter in search.cgi, as reachable from search.htm-dist.
- CVE-2007-5589NONECVSS 0.0EG 0.02007-10-19
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in (1) PHP_SELF in (a) server_status.php, and (b) grab_globals.lib.…
- CVE-2007-5596NONECVSS 0.0EG 0.02007-10-19
The core Upload module in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 places the .html extension on a whitelist, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading .html files.
- CVE-2007-5598NONECVSS 0.0EG 0.02007-10-19
Cross-site scripting (XSS) vulnerability in Weblinks for Drupal 4.7.x before 4.7.x-1.0 and 5.x before 5.x-1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2007-5621NONECVSS 0.0EG 0.02007-10-22
Multiple cross-site scripting (XSS) vulnerabilities in the Token module before 4.7.x-1.5, and 5.x before 5.x-1.9, for Drupal; as used by the ASIN Field, e-Commerce, Fullname field for CCK, Invite, Node Relativity, Pathauto, PayPal Node, an…
- CVE-2007-5624NONECVSS 0.0EG 0.02007-10-23
Cross-site scripting (XSS) vulnerability in Nagios 2.x before 2.10 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts.
- CVE-2007-5625NONECVSS 0.0EG 0.02007-10-23
Cross-site scripting (XSS) vulnerability in filename.asp in ASP Site Search SearchSimon Lite 1.0 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter.
- CVE-2007-5629NONECVSS 0.0EG 0.02007-10-23
Cross-site scripting (XSS) vulnerability in admin/logon.asp in ShoppingTree CandyPress Store 4.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter, a different vector than CVE-2007-2804. NOTE: the proven…
- CVE-2007-5647NONECVSS 0.0EG 0.02007-10-23
Multiple cross-site scripting (XSS) vulnerabilities in SocketKB 1.1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) art_id or (2) node parameter in an article action to the default URI.
- CVE-2007-5648NONECVSS 0.0EG 0.02007-10-23
Multiple cross-site scripting (XSS) vulnerabilities in rnote.php in rNote 0.9.7.5 allow remote attackers to inject arbitrary web script or HTML via the (1) d or the (2) u parameter.
Map vulnerabilities like CWE-79 to your infrastructure
EchelonGraph correlates every CVE — across CWE-79 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →