CWE-79— Cross-site Scripting (XSS)
41,340 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-79page 41 of 827
- CVE-2009-3260NONECVSS 0.0EG 0.02009-09-18
Cross-site scripting (XSS) vulnerability in LiveStreet 0.2 allows remote attackers to inject arbitrary web script or HTML via the header of the topic in a comment.
- CVE-2009-3262NONECVSS 0.0EG 0.02009-09-18
Cross-site scripting (XSS) vulnerability in the Self Service UI (SSUI) in IBM Tivoli Identity Manager (ITIM) 5.0.0.5 allows remote authenticated users to inject arbitrary web script or HTML via the last name field in a profile.
- CVE-2009-3263NONECVSS 0.0EG 0.02009-09-18
Cross-site scripting (XSS) vulnerability in Google Chrome 2.x and 3.x before 3.0.195.21 allows remote attackers to inject arbitrary web script or HTML via a (1) RSS or (2) Atom feed, related to the rendering of the application/rss+xml cont…
- CVE-2009-3265NONECVSS 0.0EG 0.02009-09-18
Cross-site scripting (XSS) vulnerability in Opera 9 and 10 allows remote attackers to inject arbitrary web script or HTML via a (1) RSS or (2) Atom feed, related to the rendering of the application/rss+xml content type as "scripted content…
- CVE-2009-3266NONECVSS 0.0EG 0.02009-09-18
Opera before 10.01 does not properly restrict HTML in a (1) RSS or (2) Atom feed, which allows remote attackers to conduct cross-site scripting (XSS) attacks, and conduct cross-zone scripting attacks involving the Feed Subscription Page to…
- CVE-2009-3283NONECVSS 0.0EG 0.02009-09-22
Cross-site scripting (XSS) vulnerability in phpspot PHP BBS, PHP Image Capture BBS, PHP & CSS BBS, PHP BBS CE, PHP_RSS_Builder, and webshot, dated before 20090914, allows remote attackers to inject arbitrary web script or HTML via unspecif…
- CVE-2009-3299NONECVSS 0.0EG 0.02009-11-03
Cross-site scripting (XSS) vulnerability in the resume blocktype in Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2009-3300NONECVSS 0.0EG 0.02009-11-06
Multiple cross-site scripting (XSS) vulnerabilities in the Identity Provider (IdP) 1.3.x before 1.3.4 and 2.x before 2.1.5, and the Service Provider 1.3.x before 1.3.5 and 2.x before 2.3, in Internet2 Middleware Initiative Shibboleth allow…
- CVE-2009-3303NONECVSS 0.0EG 0.02009-11-24
Cross-site scripting (XSS) vulnerability in www/help/tracker.php in GForge 4.5.14, 4.7 rc2, and 4.8.1 allows remote attackers to inject arbitrary web script or HTML via the helpname parameter.
- CVE-2009-3311NONECVSS 0.0EG 0.02009-09-23
Cross-site scripting (XSS) vulnerability in index.php in RSSMediaScript allows remote attackers to inject arbitrary web script or HTML via the page parameter.
- CVE-2009-3320NONECVSS 0.0EG 0.02009-09-23
Cross-site scripting (XSS) vulnerability in scrivi.php in Zenas PaoLink (aka Pao-Link) 1.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
- CVE-2009-3328NONECVSS 0.0EG 0.02009-09-23
Cross-site scripting (XSS) vulnerability in sign.php in WX-Guestbook 1.1.208 allows remote attackers to inject arbitrary web script or HTML via the sName parameter (aka the name field). NOTE: some of these details are obtained from third …
- CVE-2009-3348NONECVSS 0.0EG 0.02009-09-24
Cross-site scripting (XSS) vulnerability in Datavore Gyro 5.0 allows remote attackers to inject arbitrary web script or HTML via the cid parameter in a cat action to the home component.
- CVE-2009-3355NONECVSS 0.0EG 0.02009-09-24
Cross-site scripting (XSS) vulnerability in profile.php in Datetopia Buy Dating Site 1.0 allows remote attackers to inject arbitrary web script or HTML via the s_r parameter.
- CVE-2009-3359NONECVSS 0.0EG 0.02009-09-24
Multiple cross-site scripting (XSS) vulnerabilities in Match Agency BiZ 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) important parameter to edit_profile.php and (2) pid parameter to report.php.
- CVE-2009-3360NONECVSS 0.0EG 0.02009-09-24
Multiple cross-site scripting (XSS) vulnerabilities in Datemill 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) return parameter to photo_view.php, and st parameter to (2) photo_search.php and (3) search.php.
- CVE-2009-3363NONECVSS 0.0EG 0.02009-09-24
Cross-site scripting (XSS) vulnerability in the BUEditor module 5.x before 5.x-1.2 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via input to the "plain textarea editor."
- CVE-2009-3367NONECVSS 0.0EG 0.02009-09-24
Multiple cross-site scripting (XSS) vulnerabilities in An image gallery 1.0 allow remote attackers to inject arbitrary web script or HTML via the path parameter to (1) index.php and (2) main.php, and the (3) show parameter to main.php. NO…
- CVE-2009-3368NONECVSS 0.0EG 0.02009-09-24
Cross-site scripting (XSS) vulnerability in the Hotel Booking Reservation System (aka HBS or com_hbssearch) component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the adult parameter in a showhoteldetails …
- CVE-2009-3420NONECVSS 0.0EG 0.02009-09-25
Multiple cross-site scripting (XSS) vulnerabilities in index.php in the Publisher module 2.0 for Miniweb allow remote attackers to inject arbitrary web script or HTML via the (1) begin parameter and the (2) PATH_INFO.
- CVE-2009-3427NONECVSS 0.0EG 0.02009-09-25
Cross-site scripting (XSS) vulnerability in Kayako SupportSuite 3.50.06 allows remote attackers to inject arbitrary web script or HTML via the subject field in a ticket.
- CVE-2009-3435NONECVSS 0.0EG 0.02009-09-28
Cross-site scripting (XSS) vulnerability in the variable editor in the Devel module 5.x before 5.x-1.2 and 6.x before 6.x-1.18, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a variable name.
- CVE-2009-3437NONECVSS 0.0EG 0.02009-09-28
Cross-site scripting (XSS) vulnerability in the live preview feature in the Markdown Preview module 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via "Markdown input."
- CVE-2009-3440NONECVSS 0.0EG 0.02009-09-28
Cross-site scripting (XSS) vulnerability in Open Source Security Information Management (OSSIM) before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the option parameter to the default URI (aka the main menu).
- CVE-2009-3444NONECVSS 0.0EG 0.02009-09-28
Cross-site scripting (XSS) vulnerability in email.php in e107 0.7.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header in a news.1 (aka news to email) action.
- CVE-2009-3450NONECVSS 0.0EG 0.02009-09-29
Multiple cross-site scripting (XSS) vulnerabilities in WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allow remote attackers to inject arbitrary web script or HTML via parameters with names beginning with __ (underscore underscor…
- CVE-2009-3453NONECVSS 0.0EG 0.02009-09-29
Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Quickr 8.1.0 services for WebSphere Portal allow remote attackers to inject arbitrary web script or HTML via the filename of a .odt file in a Lotus Quickr place, related to t…
- CVE-2009-3467NONECVSS 0.0EG 0.02010-05-13
Cross-site scripting (XSS) vulnerability in an unspecified method in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
- CVE-2009-3469NONECVSS 0.0EG 0.02009-09-29
Cross-site scripting (XSS) vulnerability in profiles/html/simpleSearch.do in IBM Lotus Connections 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter.
- CVE-2009-3479NONECVSS 0.0EG 0.02009-09-30
Cross-site scripting (XSS) vulnerability in Bibliography (Biblio) 5.x before 5.x-1.17 and 6.x before 6.x-1.6, a module for Drupal, allows remote attackers, with "create content displayed by the Bibliography module" permissions, to inject a…
- CVE-2009-3485NONECVSS 0.0EG 0.02009-09-30
Cross-site scripting (XSS) vulnerability in the J-Web interface in Juniper JUNOS 8.5R1.14 and 9.0R1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI.
- CVE-2009-3486NONECVSS 0.0EG 0.02009-09-30
Multiple cross-site scripting (XSS) vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via the host parameter to (1) the pinghost program, reachable thro…
- CVE-2009-3487NONECVSS 0.0EG 0.02009-09-30
Multiple cross-site scripting (XSS) vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via (1) the JEXEC_OUTID parameter in a JEXEC_MODE_RELAY_OUTPUT act…
- CVE-2009-3488NONECVSS 0.0EG 0.02009-09-30
Cross-site scripting (XSS) vulnerability in the Bibliography (aka Biblio) module 6.x-1.6 for Drupal allows remote authenticated users, with certain content-creation privileges, to inject arbitrary web script or HTML via the Title field, pr…
- CVE-2009-3493NONECVSS 0.0EG 0.02009-09-30
Multiple cross-site scripting (XSS) vulnerabilities in Zenas PaoBacheca Guestbook 2.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) scrivi.php and (2) index.php.
- CVE-2009-3496NONECVSS 0.0EG 0.02009-09-30
Cross-site scripting (XSS) vulnerability in view_mag.php in Vastal I-Tech DVD Zone allows remote attackers to inject arbitrary web script or HTML via the mag_id parameter.
- CVE-2009-3506NONECVSS 0.0EG 0.02009-10-01
Multiple cross-site scripting (XSS) vulnerabilities in CMSphp 0.21 allow remote attackers to inject arbitrary web script or HTML via the (1) cook_user parameter to index.php and the (2) name parameter to modules.php.
- CVE-2009-3509NONECVSS 0.0EG 0.02009-10-01
Cross-site scripting (XSS) vulnerability in admin/admin_index.php in CJ Dynamic Poll PRO 2.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
- CVE-2009-3512NONECVSS 0.0EG 0.02009-10-01
Multiple cross-site scripting (XSS) vulnerabilities in MyWeight 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) date parameter to user_addfood.php, info parameter to (2) user_forgot_pwd_form.php and (3) user_l…
- CVE-2009-3513NONECVSS 0.0EG 0.02009-10-01
Multiple cross-site scripting (XSS) vulnerabilities in Pilot Group (PG) eTraining allow remote attackers to inject arbitrary web script or HTML via (1) the cat_id parameter to courses_login.php, the id parameter to (2) news_read.php or (3)…
- CVE-2009-3521NONECVSS 0.0EG 0.02009-10-01
Multiple cross-site scripting (XSS) vulnerabilities in the Visualization Engine (VE) in IBM Tivoli Composite Application Manager for WebSphere (ITCAM) 6.1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vect…
- CVE-2009-3530NONECVSS 0.0EG 0.02009-10-02
Cross-site scripting (XSS) vulnerability in storefront.php in RadScripts RadBids Gold 4 allows remote attackers to inject arbitrary web script or HTML via the mode parameter.
- CVE-2009-3539NONECVSS 0.0EG 0.02009-10-02
Multiple cross-site scripting (XSS) vulnerabilities in YourFreeWorld Ultra Classifieds Pro allow remote attackers to inject arbitrary web script or HTML via the (1) cname parameter to subclass.php and the (2) sn parameter to listads.php.
- CVE-2009-3540NONECVSS 0.0EG 0.02009-10-02
Cross-site scripting (XSS) vulnerability in listads.php in YourFreeWorld Ultra Classifieds Pro allows remote attackers to inject arbitrary web script or HTML via the cn parameter. NOTE: the provenance of this information is unknown; the d…
- CVE-2009-3562NONECVSS 0.0EG 0.02009-10-05
Cross-site scripting (XSS) vulnerability in Xerver HTTP Server 4.32 allows remote attackers to inject arbitrary web script or HTML via the currentPath parameter in a chooseDirectory action.
- CVE-2009-3565NONECVSS 0.0EG 0.02009-11-13
Multiple cross-site scripting (XSS) vulnerabilities in intruvert/jsp/module/Login.jsp in McAfee IntruShield Network Security Manager (NSM) before 5.1.11.6 allow remote attackers to inject arbitrary web script or HTML via the (1) iaction or…
- CVE-2009-3566NONECVSS 0.0EG 0.02009-11-13
McAfee IntruShield Network Security Manager (NSM) before 5.1.11.8.1 does not include the HTTPOnly flag in the Set-Cookie header for the session identifier, which allows remote attackers to hijack a session by leveraging a cross-site script…
- CVE-2009-3567NONECVSS 0.0EG 0.02009-10-06
Cross-site scripting (XSS) vulnerability in modules/tickets/functions_ticketsui.php in Kayako SupportSuite and eSupport 3.60.04 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the staff…
- CVE-2009-3579NONECVSS 0.0EG 0.02009-10-07
Cross-site scripting (XSS) vulnerability in the CookieDump.java sample application in Mort Bay Jetty 6.1.19 and 6.1.20 allows remote attackers to inject arbitrary web script or HTML via the Value parameter in a GET request to cookie/.
- CVE-2009-3581NONECVSS 0.0EG 0.02009-12-23
Multiple cross-site scripting (XSS) vulnerabilities in SQL-Ledger 2.8.24 allow remote authenticated users to inject arbitrary web script or HTML via (1) the DCN Description field in the Accounts Receivables menu item for Add Transaction, (…
Map vulnerabilities like CWE-79 to your infrastructure
EchelonGraph correlates every CVE — across CWE-79 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →