CWE-79— Cross-site Scripting (XSS)
41,342 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-79page 52 of 827
- CVE-2010-2040NONECVSS 0.0EG 0.02010-05-25
Cross-site scripting (XSS) vulnerability in search.php in V-EVA Shopzilla Affiliate Script PHP allows remote attackers to inject arbitrary web script or HTML via the s parameter.
- CVE-2010-2041NONECVSS 0.0EG 0.02010-05-25
Multiple cross-site scripting (XSS) vulnerabilities in index.php in PHP-Calendar before 2.0 Beta7 allow remote attackers to inject arbitrary web script or HTML via the (1) description and (2) lastaction parameters.
- CVE-2010-2043NONECVSS 0.0EG 0.02010-05-25
Cross-site scripting (XSS) vulnerability in Home.aspx in DataTrack System 3.5 and 3.5.8019.4 allows remote attackers to inject arbitrary web script or HTML via the Work_Order_Summary parameter (aka the request summary). NOTE: some of thes…
- CVE-2010-2046NONECVSS 0.0EG 0.02010-05-25
Multiple cross-site scripting (XSS) vulnerabilities in the ActiveHelper LiveHelp (com_activehelper_livehelp) component 2.0.3 for Joomla! allow remote attackers to inject arbitrary web script or HTML via (1) the DOMAINID parameter to server…
- CVE-2010-2048NONECVSS 0.0EG 0.02010-05-25
Multiple cross-site scripting (XSS) vulnerabilities in the Heartbeat module 6.x before 6.x-4.9 for Drupal allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2010-2049NONECVSS 0.0EG 0.02010-05-25
Cross-site scripting (XSS) vulnerability in jsp/audit/reports/ExportReport.jsp in ManageEngine ADAudit Plus 4.0.0 build 4043 allows remote attackers to inject arbitrary web script or HTML via the reportList parameter. NOTE: the provenance…
- CVE-2010-2080NONECVSS 0.0EG 0.02010-09-20
Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2010-2084NONECVSS 0.0EG 0.02010-05-27
Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to an attribute.
- CVE-2010-2085NONECVSS 0.0EG 0.02010-05-27
The default configuration of ASP.NET in Microsoft .NET before 1.1 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the __VIEWSTATE parameter.
- CVE-2010-2086NONECVSS 0.0EG 0.02010-05-27
Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute …
- CVE-2010-2087NONECVSS 0.0EG 0.02010-05-27
Oracle Mojarra 1.2_14 and 2.0.2, as used in IBM WebSphere Application Server, Caucho Resin, and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) att…
- CVE-2010-2088NONECVSS 0.0EG 0.02010-05-27
ASP.NET in Microsoft .NET 3.5 does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks against the form control via the __VIEWSTATE parameter.
- CVE-2010-2091NONECVSS 0.0EG 0.02010-05-27
Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which might allow remote attackers to obtain s…
- CVE-2010-2123NONECVSS 0.0EG 0.02010-06-01
Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (…
- CVE-2010-2125NONECVSS 0.0EG 0.02010-06-01
Multiple cross-site scripting (XSS) vulnerabilities in the Rotor Banner module 5.x before 5.x-1.8 and 6.x before 6.x-2.5 for Drupal allow remote authenticated users, with "create rotor item" or "edit any rotor item" privileges, to inject a…
- CVE-2010-2130NONECVSS 0.0EG 0.02010-06-02
Cross-site scripting (XSS) vulnerability in wflogin.jsp in Aris Global ARISg 5.0 allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter.
- CVE-2010-2144NONECVSS 0.0EG 0.02010-06-03
Cross-site scripting (XSS) vulnerability in signinform.php in Zeeways eBay Clone Auction Script allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: some of these details are obtained from third part…
- CVE-2010-2147NONECVSS 0.0EG 0.02010-06-03
Cross-site scripting (XSS) vulnerability in the My Car (com_mycar) component 1.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the modveh parameter to index.php.
- CVE-2010-2150NONECVSS 0.0EG 0.02010-06-03
Cross-site scripting (XSS) vulnerability Fujitsu e-Pares V01 L01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2010-2154NONECVSS 0.0EG 0.02010-06-03
Cross-site scripting (XSS) vulnerability in the Search Site in CMScout 2.09, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: some of these details are obtained fr…
- CVE-2010-2155NONECVSS 0.0EG 0.02010-06-03
Multiple cross-site scripting (XSS) vulnerabilities in zc/publisher/html.rb in ZoneCheck 2.1.0 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) xmlnode.value, (2) zc-error text, (3) $zc_version, (4) …
- CVE-2010-2158NONECVSS 0.0EG 0.02010-06-07
Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (…
- CVE-2010-2179NONECVSS 0.0EG 0.02010-06-15
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when Firefox or Chrome is used, allows remote attackers to inject arbitrary web script or HTML vi…
- CVE-2010-2228NONECVSS 0.0EG 0.02010-06-28
Cross-site scripting (XSS) vulnerability in the MNET access-control interface in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via vectors involving extended characters in a user…
- CVE-2010-2229NONECVSS 0.0EG 0.02010-06-28
Multiple cross-site scripting (XSS) vulnerabilities in blog/index.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.
- CVE-2010-2250MEDIUMCVSS 6.1EG 6.12019-11-07
Drupal 5.x and 6.x before 6.16 uses a user-supplied value in output during site installation which could allow an attacker to craft a URL and perform a cross-site scripting attack.
- CVE-2010-2256NONECVSS 0.0EG 0.02010-06-09
Multiple cross-site scripting (XSS) vulnerabilities in Pay Per Minute Video Chat Script 2.0 and 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/memberviewdetails.php and the (2) model par…
- CVE-2010-2258NONECVSS 0.0EG 0.02010-06-09
Cross-site scripting (XSS) vulnerability in signupconfirm.php in phpBannerExchange 1.2 Arabic allows remote attackers to inject arbitrary web script or HTML via the bannerurl parameter.
- CVE-2010-2260NONECVSS 0.0EG 0.02010-06-09
Multiple cross-site scripting (XSS) vulnerabilities in Gambit Design Bandwidth Meter, 0.72 and possibly 1.2, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) view_by_name.php or (2) view_by_ip.php in a…
- CVE-2010-2265NONECVSS 0.0EG 0.02010-06-15
Cross-site scripting (XSS) vulnerability in the GetServerName function in sysinfo/commonFunc.js in Microsoft Windows Help and Support Center for Windows XP and Windows Server 2003 allows remote attackers to inject arbitrary web script or H…
- CVE-2010-2267NONECVSS 0.0EG 0.02010-06-15
Multiple cross-site scripting (XSS) vulnerabilities in Accoria Web Server (aka Rock Web Server) 1.4.7 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the getenv sample program, (2) the desc paramet…
- CVE-2010-2275NONECVSS 0.0EG 0.02010-06-15
Cross-site scripting (XSS) vulnerability in dijit/tests/_testCommon.js in Dojo Toolkit SDK before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the theme parameter, as demonstrated by an attack against dijit/test…
- CVE-2010-2277NONECVSS 0.0EG 0.02010-06-15
Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Connections 2.5.x before 2.5.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) create or (2) edit form in the Communities component, the (3) verbi…
- CVE-2010-2281NONECVSS 0.0EG 0.02010-06-15
Multiple cross-site scripting (XSS) vulnerabilities in index.php in TomatoCMS 2.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) keyword or (2) bannerid parameter in conjunction with a /admin/ad/banner/list PAT…
- CVE-2010-2288NONECVSS 0.0EG 0.02010-06-15
Cross-site scripting (XSS) vulnerability in dana/nc/ncrun.cgi in Juniper Networks IVE 6.5R1 (Build 14599) and 6.5R2 (Build 14951) allows remote attackers to inject arbitrary web script or HTML via the DSSignInURL cookie.
- CVE-2010-2290NONECVSS 0.0EG 0.02010-06-15
Cross-site scripting (XSS) vulnerability in cgi-bin/cgix/help in McAfee Unified Threat Management (UTM) Firewall (formerly SnapGear) firmware 3.0.0 through 4.0.6 allows remote attackers to inject arbitrary web script or HTML via the page p…
- CVE-2010-2292NONECVSS 0.0EG 0.02010-06-15
Cross-site scripting (XSS) vulnerability in the Ping tools web interface in Dlink Di-604 router allows remote attackers to inject arbitrary web script or HTML via the IP field.
- CVE-2010-2301NONECVSS 0.0EG 0.02010-06-15
Cross-site scripting (XSS) vulnerability in editing/markup.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to inject arbitrary web script or HTML via vectors related to the node.innerHTML property of a T…
- CVE-2010-2316NONECVSS 0.0EG 0.02010-06-17
Multiple cross-site scripting (XSS) vulnerabilities in default.asp in WmsCms 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) search, (2) sbr, (3) p, and (4) sbl parameters, different vectors than C…
- CVE-2010-2318NONECVSS 0.0EG 0.02010-06-17
Cross-site scripting (XSS) vulnerability in cms_data.php in PHPCityPortal 1.3 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
- CVE-2010-2325NONECVSS 0.0EG 0.02010-06-18
Cross-site scripting (XSS) vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related in…
- CVE-2010-2344NONECVSS 0.0EG 0.02010-06-21
Multiple cross-site scripting (XSS) vulnerabilities in odCMS 1.06, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the Page parameter to (1) _main/index.php, (2) _members/index.php, (3) _forum/index.…
- CVE-2010-2355NONECVSS 0.0EG 0.02010-06-21
Cross-site scripting (XSS) vulnerability in error.php in Pilot Group (PG) eLMS Pro allows remote attackers to inject arbitrary web script or HTML via the message parameter. NOTE: the provenance of this information is unknown; the details …
- CVE-2010-2356NONECVSS 0.0EG 0.02010-06-21
Cross-site scripting (XSS) vulnerability in subscribe.php in Pilot Group (PG) eLMS Pro allows remote attackers to inject arbitrary web script or HTML via the course_id parameter.
- CVE-2010-2364NONECVSS 0.0EG 0.02010-08-31
Cross-site scripting (XSS) vulnerability in Free CGI Moo moobbs before 1.03 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2010-2365NONECVSS 0.0EG 0.02010-08-31
Cross-site scripting (XSS) vulnerability in Free CGI Moo moobbs2 before 1.03 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2010-2366NONECVSS 0.0EG 0.02010-09-13
Cross-site scripting (XSS) vulnerability in futomi CGI Cafe Access Analyzer CGI Professional, and Standard 4.0.2 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2010-2367NONECVSS 0.0EG 0.02010-10-06
Cross-site scripting (XSS) vulnerability in search.cgi in AD-EDIT2 before 3.0.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2010-2428NONECVSS 0.0EG 0.02010-06-24
Cross-site scripting (XSS) vulnerability in admin_loginok.html in the Administrator web interface in Wing FTP Server for Windows 3.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted POST request.
- CVE-2010-2429NONECVSS 0.0EG 0.02010-06-24
Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.1.2, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer in a "404 Not Found" response.
Map vulnerabilities like CWE-79 to your infrastructure
EchelonGraph correlates every CVE — across CWE-79 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →