CWE-79— Cross-site Scripting (XSS)
41,342 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-79page 49 of 827
- CVE-2010-0783NONECVSS 0.0EG 0.02010-11-09
Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vec…
- CVE-2010-0784NONECVSS 0.0EG 0.02010-11-09
Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2010-0797NONECVSS 0.0EG 0.02010-03-02
Cross-site scripting (XSS) vulnerability in the T3BLOG extension 0.6.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2010-0804NONECVSS 0.0EG 0.02010-03-02
Cross-site scripting (XSS) vulnerability in index.php in iBoutique 4.0 allows remote attackers to inject arbitrary web script or HTML via the key parameter in a products action.
- CVE-2010-0817NONECVSS 0.0EG 0.02010-04-29
Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script …
- CVE-2010-0920NONECVSS 0.0EG 0.02010-03-03
Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 allows remote attackers to inject arbitrary web script or HTML via vectors related to lack of "XSS/CSRF Get Fil…
- CVE-2010-0927NONECVSS 0.0EG 0.02010-03-05
Cross-site scripting (XSS) vulnerability in help/readme.nsf/Header in the Help component in IBM Lotus Domino 7.x before 7.0.4 and 8.x before 8.0.2 allows remote attackers to inject arbitrary web script or HTML via the BaseTarget parameter …
- CVE-2010-0936NONECVSS 0.0EG 0.02010-03-08
Cross-site scripting (XSS) vulnerability in auth.asp on the D-LINK DKVM-IP8 with firmware 2282_dlinkA4_p8_20071213 allows remote attackers to inject arbitrary web script or HTML via the nickname parameter.
- CVE-2010-0938NONECVSS 0.0EG 0.02010-03-08
Cross-site scripting (XSS) vulnerability in todooforum.php in Todoo Forum 2.0 allows remote attackers to inject arbitrary web script or HTML via the id_forum parameter in a post action.
- CVE-2010-0940NONECVSS 0.0EG 0.02010-03-08
Cross-site scripting (XSS) vulnerability in guestbook.php in Simple PHP Guestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via the action parameter.
- CVE-2010-0941NONECVSS 0.0EG 0.02010-03-08
Multiple cross-site scripting (XSS) vulnerabilities in eTek Systems Hit Counter 2.0 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) inc/login.php, (3) admin/index.php, and (4) admin/for…
- CVE-2010-0947NONECVSS 0.0EG 0.02010-03-10
Cross-site scripting (XSS) vulnerability in post.aspx in Max Network Technology BBSMAX 3.0, 4.1, and 4.2 allows remote attackers to inject arbitrary web script or HTML via the action parameter.
- CVE-2010-0949NONECVSS 0.0EG 0.02010-03-10
Multiple cross-site scripting (XSS) vulnerabilities in Natychmiast CMS allow remote attackers to inject arbitrary web script or HTML via the id_str parameter to (1) index.php and (2) a_index.php.
- CVE-2010-0959NONECVSS 0.0EG 0.02010-03-10
Cross-site scripting (XSS) vulnerability in WebEditor/Authentication/LoginPage.aspx in IBM ENOVIA SmarTeam 5 allows remote attackers to inject arbitrary web script or HTML via the errMsg parameter.
- CVE-2010-0963NONECVSS 0.0EG 0.02010-03-16
Cross-site scripting (XSS) vulnerability in index.php in dl Download Ticket Service before 0.7 allows remote attackers to inject arbitrary web script or HTML via the t parameter, related to an invalid ticket ID. NOTE: some of these detail…
- CVE-2010-0971NONECVSS 0.0EG 0.02010-03-16
Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.6.4 allow remote authenticated users, with Instructor privileges, to inject arbitrary web script or HTML via the (1) Question and (2) Choice fields in tools/polls/add.php, the…
- CVE-2010-0979NONECVSS 0.0EG 0.02010-03-16
Cross-site scripting (XSS) vulnerability in display.php in Obsession-Design Image-Gallery (ODIG) 1.1 allows remote attackers to inject arbitrary web script or HTML via the folder parameter.
- CVE-2010-0997NONECVSS 0.0EG 0.02010-04-20
Cross-site scripting (XSS) vulnerability in 107_plugins/content/content_manager.php in the Content Management plugin in e107 before 0.7.20, when the personal content manager is enabled, allows user-assisted remote authenticated users to in…
- CVE-2010-10002LOWCVSS 3.1EG 3.12023-01-01
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in SimpleSAMLphp simplesamlphp-module-openid. Affected is an unknown function of the file templates/consumer.php of the component OpenID Handler. The …
- CVE-2010-10004LOWCVSS 3.5EG 3.52023-01-09
A vulnerability was found in Information Cards Module on simpleSAMLphp and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgradi…
- CVE-2010-10008LOWCVSS 3.5EG 3.52023-01-17
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in simplesamlphp simplesamlphp-module-openidprovider up to 0.8.x. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file templat…
- CVE-2010-10010LOWCVSS 3.5EG 3.52023-06-01
A vulnerability classified as problematic has been found in Stars Alliance PsychoStats up to 3.2.2a. This affects an unknown part of the file upload/admin/login.php. The manipulation of the argument ref leads to cross site scripting. It is…
- CVE-2010-1005NONECVSS 0.0EG 0.02010-03-19
Cross-site scripting (XSS) vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2010-1008NONECVSS 0.0EG 0.02010-03-19
Cross-site scripting (XSS) vulnerability in the Sellector.com Widget Integration (chsellector) extension before 0.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2010-1011NONECVSS 0.0EG 0.02010-03-19
Cross-site scripting (XSS) vulnerability in the myDashboard (mydashboard) extension 0.1.13 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2010-1014NONECVSS 0.0EG 0.02010-03-19
Cross-site scripting (XSS) vulnerability in the Reports Logfile View (reports_logview) extension 1.2.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2010-1020NONECVSS 0.0EG 0.02010-03-19
Cross-site scripting (XSS) vulnerability in the Simple Gallery (sk_simplegallery) extension 0.0.9 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2010-1021NONECVSS 0.0EG 0.02010-03-19
Cross-site scripting (XSS) vulnerability in the Typo3 Quixplorer (t3quixplorer) extension before 1.7.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2010-1023NONECVSS 0.0EG 0.02010-03-19
Cross-site scripting (XSS) vulnerability in the UserTask Center, Recent (taskcenter_recent) extension 0.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2010-1025NONECVSS 0.0EG 0.02010-03-19
Cross-site scripting (XSS) vulnerability in the TGM-Newsletter (tgm_newsletter) extension 0.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2010-1036NONECVSS 0.0EG 0.02010-04-28
Cross-site scripting (XSS) vulnerability in HP System Insight Manager before 6.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2010-1048NONECVSS 0.0EG 0.02010-03-23
Cross-site scripting (XSS) vulnerability in blog/index.php in Uiga Business Portal allows remote attackers to inject arbitrary web script or HTML via the textcomment parameter (aka the Comment Box) in a noentryid action. NOTE: some of the…
- CVE-2010-1052NONECVSS 0.0EG 0.02010-03-23
Multiple cross-site scripting (XSS) vulnerabilities in index.php in AudiStat 1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) year and (2) mday parameters. NOTE: the provenance of this information is unknown; …
- CVE-2010-1068NONECVSS 0.0EG 0.02010-03-23
Multiple cross-site scripting (XSS) vulnerabilities in surgeftpmgr.cgi in NetWin SurgeFTP 2.3a6 allow remote attackers to inject arbitrary web script or HTML via the (1) domainid or (2) classid parameter in a class action.
- CVE-2010-1072NONECVSS 0.0EG 0.02010-03-23
Cross-site scripting (XSS) vulnerability in search.php in Sniggabo CMS 2.21 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
- CVE-2010-1074NONECVSS 0.0EG 0.02010-03-23
Cross-site scripting (XSS) vulnerability in the Currency Exchange module before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to watchdog logging.
- CVE-2010-1076NONECVSS 0.0EG 0.02010-03-23
Cross-site scripting (XSS) vulnerability in index.php in Entry Level CMS (EL CMS) allows remote attackers to inject arbitrary web script or HTML via the subj parameter, which is not properly handled in a forced SQL error message. NOTE: th…
- CVE-2010-1079NONECVSS 0.0EG 0.02010-03-23
Cross-site scripting (XSS) vulnerability in Sawmill before 7.2.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2010-1080NONECVSS 0.0EG 0.02010-03-23
Cross-site scripting (XSS) vulnerability in view.php in Pulse CMS 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter.
- CVE-2010-1091NONECVSS 0.0EG 0.02010-03-24
Multiple cross-site scripting (XSS) vulnerabilities in contact.php in phpMySite allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) city, (3) email, (4) state, and (5) message parameters.
- CVE-2010-1095NONECVSS 0.0EG 0.02010-03-24
Cross-site scripting (XSS) vulnerability in login_reset_password_page.php in Tracking Requirements & Use Cases (TRUC) 0.11.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter. NOTE: the pro…
- CVE-2010-1105NONECVSS 0.0EG 0.02010-03-25
Cross-site scripting (XSS) vulnerability in cgi/index.php in AdvertisementManager 3.1.0 and 3.6 allows remote attackers to inject arbitrary web script or HTML via the usr parameter.
- CVE-2010-1107NONECVSS 0.0EG 0.02010-03-25
Cross-site scripting (XSS) vulnerability in the Recent Comments module 5.x through 5.x-1.2 and 6.x through 6.x-1.0 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a "custom block title interface."
- CVE-2010-1108NONECVSS 0.0EG 0.02010-03-25
Cross-site scripting (XSS) vulnerability in the Control Panel module 5.x through 5.x-1.5 and 6.x through 6.x-1.2 for Drupal allows remote authenticated users, with "administer blocks" privileges, to inject arbitrary web script or HTML via …
- CVE-2010-1111NONECVSS 0.0EG 0.02010-03-25
Multiple cross-site scripting (XSS) vulnerabilities in Jokes Complete Website allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to joke.php and the (2) searchingred parameter to results.php.
- CVE-2010-1112NONECVSS 0.0EG 0.02010-03-25
Cross-site scripting (XSS) vulnerability in cat.php in KloNews 2.0 allows remote attackers to inject arbitrary web script or HTML via the cat parameter.
- CVE-2010-1113NONECVSS 0.0EG 0.02010-03-25
Cross-site scripting (XSS) vulnerability in the forum page in Web Server Creator - Web Portal 0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to index.php.
- CVE-2010-1137NONECVSS 0.0EG 0.02010-04-01
Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5, and the Server Console in VMware Server 1.0, allows remote attackers to inject arbitrary web script or HTML via the n…
- CVE-2010-1143NONECVSS 0.0EG 0.02010-05-07
Cross-site scripting (XSS) vulnerability in VMware View (formerly Virtual Desktop Manager or VDM) 3.1.x before 3.1.3 build 252693 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2010-1164NONECVSS 0.0EG 0.02010-04-20
Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA 3.12 through 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) element or (2) defaultColor parameter to the Colour Picker page; the (3) formN…
Map vulnerabilities like CWE-79 to your infrastructure
EchelonGraph correlates every CVE — across CWE-79 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →