CWE-79— Cross-site Scripting (XSS)
41,291 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-79page 6 of 826
- CVE-2006-6037NONECVSS 0.0EG 0.02006-11-22
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Dan Jensen Travelsized CMS 0.4.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) page, (2) page_id, or (3) language parameter.
- CVE-2006-6046NONECVSS 0.0EG 0.02006-11-22
Multiple cross-site scripting (XSS) vulnerabilities in eggblog 3.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) edit parameter to (a) admin/articles.php or (b) admin/comments.php, or the (2) add parameter to …
- CVE-2006-6096NONECVSS 0.0EG 0.02006-11-24
Cross-site scripting (XSS) vulnerability in activenews_search.asp in ActiveNews Manager allows remote attackers to inject arbitrary web script or HTML via the query parameter.
- CVE-2006-6108NONECVSS 0.0EG 0.02006-11-26
Cross-site scripting (XSS) vulnerability in EC-CUBE before 1.0.1a-beta allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
- CVE-2006-6159NONECVSS 0.0EG 0.02006-11-28
Multiple cross-site scripting (XSS) vulnerabilities in newticket.php in DeskPRO 2.0.0 and 2.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) message or (2) subject parameter.
- CVE-2006-6162NONECVSS 0.0EG 0.02006-11-29
Cross-site scripting (XSS) vulnerability in tiki-edit_structures.php in TikiWiki 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the pageAlias parameter. NOTE: The provenance of this information is unknown; the de…
- CVE-2006-6163NONECVSS 0.0EG 0.02006-11-29
Cross-site scripting (XSS) vulnerability in tiki-setup_base.php in TikiWiki before 1.9.7 allows remote attackers to inject arbitrary JavaScript via unspecified parameters.
- CVE-2006-6359NONECVSS 0.0EG 0.02006-12-07
Cross-site scripting (XSS) vulnerability in Stefan Frech online-bookmarks 0.6.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2006-6401NONECVSS 0.0EG 0.02006-12-10
Multiple cross-site scripting (XSS) vulnerabilities in mystats.php in MyStats 1.0.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) connexion, (2) by, and (3) details parameter.
- CVE-2006-6451NONECVSS 0.0EG 0.02006-12-10
Multiple cross-site scripting (XSS) vulnerabilities in SWsoft Plesk 8.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) get_password.php or (2) login_up.php3.
- CVE-2006-6687NONECVSS 0.0EG 0.02006-12-21
Cross-site scripting (XSS) vulnerability in Web Automated Perl Portal (WebAPP) 0.9.9.4, and 0.9.9.3.4 Network Edition (NE) (aka WebAPP.NET), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: The…
- CVE-2006-6729NONECVSS 0.0EG 0.02006-12-26
Cross-site scripting (XSS) vulnerability in a-blog 1.51 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2006-6733NONECVSS 0.0EG 0.02006-12-26
Cross-site scripting (XSS) vulnerability in support/view.php in Support Cards 1 (osTicket) allows remote attackers to inject arbitrary web script or HTML via the e parameter.
- CVE-2006-6734NONECVSS 0.0EG 0.02006-12-26
Cross-site scripting (XSS) vulnerability in modules/viewcategory.php in Minh Nguyen Duong Obie Website Mini Web Shop 2.1.c allows remote attackers to inject arbitrary web script or HTML via the catname parameter.
- CVE-2006-6746NONECVSS 0.0EG 0.02006-12-27
Multiple cross-site scripting (XSS) vulnerabilities in Xt-News 0.1 allow remote attackers to inject arbitrary web script or HTML via the id_news parameter to (1) add_comment.php or (2) show_news.php.
- CVE-2006-6824NONECVSS 0.0EG 0.02006-12-29
Multiple cross-site scripting (XSS) vulnerabilities in Jim Hu and Chad Little PHP iCalendar 2.23 rc1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) getdate parameter in (a) day.php, (b) month.php, (c)…
- CVE-2006-6832NONECVSS 0.0EG 0.02006-12-31
Cross-site scripting (XSS) vulnerability in Joomla! before 1.0.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to poll.php or the module title.
- CVE-2006-6882NONECVSS 0.0EG 0.02006-12-31
Cross-site scripting (XSS) vulnerability in golden book allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2006-6942NONECVSS 0.0EG 0.02007-01-19
Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin before 2.9.1.1 allow remote attackers to inject arbitrary HTML or web script via (1) a comment for a table name, as exploited through (a) db_operations.php, (2) the db param…
- CVE-2006-6977NONECVSS 0.0EG 0.02007-02-08
Cross-site scripting (XSS) vulnerability in the "Basic Toolbar Selection" in FreeTextBox allows remote attackers to execute arbitrary JavaScript via the javascript: URI in the (1) href or (2) onmouseover attribute of the A HTML tag.
- CVE-2006-6978NONECVSS 0.0EG 0.02007-02-08
Cross-site scripting (XSS) vulnerability in the "Basic Toolbar Selection" in FCKEditor allows remote attackers to execute arbitrary JavaScript via the javascript: URI in the (1) href or (2) onmouseover attribute of the A HTML tag.
- CVE-2006-7059NONECVSS 0.0EG 0.02007-02-24
Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net E-Dating System allow remote attackers to inject arbitrary web script or HTML via encoded entities (') in IMG tags to (1) messages, (2) profile fields, or (3) the…
- CVE-2006-7233NONECVSS 0.0EG 0.02006-12-31
Cross-site scripting (XSS) vulnerability in the login form (login.jsp) of the admin console in Openfire (formerly Wildfire) 2.6.0, and possibly other versions before 3.5.3, allows remote attackers to inject arbitrary web script or HTML via…
- CVE-2006-7238NONECVSS 0.0EG 0.02009-04-21
Cross-site scripting (XSS) vulnerability in MyShoutPro before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2007-0045NONECVSS 0.0EG 0.02007-01-03
Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft I…
- CVE-2007-0136NONECVSS 0.0EG 0.02007-01-09
Multiple cross-site scripting (XSS) vulnerabilities in Drupal before 4.6.11, and 4.7 before 4.7.5, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in the (1) filter and (2) system modules. NOTE: so…
- CVE-2007-0175NONECVSS 0.0EG 0.02007-01-11
Cross-site scripting (XSS) vulnerability in htsrv/login.php in b2evolution 1.8.6 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes in the redirect_to parameter.
- CVE-2007-0220NONECVSS 0.0EG 0.02007-05-08
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certa…
- CVE-2007-0275NONECVSS 0.0EG 0.02007-01-17
Cross-site scripting (XSS) vulnerability in Oracle Reports Web Cartridge (RWCGI60) in the Workflow Cartridge component, as used in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Colla…
- CVE-2007-0364NONECVSS 0.0EG 0.02007-01-19
Multiple cross-site scripting (XSS) vulnerabilities in nicecoder.com INDEXU 5.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) error_msg parameter to (a) suggest_category.php; the (2) u parameter to (…
- CVE-2007-0478NONECVSS 0.0EG 0.02007-01-25
WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by…
- CVE-2007-0519NONECVSS 0.0EG 0.02007-01-26
Cross-site scripting (XSS) vulnerability in memcp.php in XMB U2U Instant Messenger allows remote authenticated users to inject arbitrary web script or HTML via the recipient field.
- CVE-2007-0537NONECVSS 0.0EG 0.02007-01-29
The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML…
- CVE-2007-0780NONECVSS 0.0EG 0.02007-02-26
browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by openin…
- CVE-2007-0830NONECVSS 0.0EG 0.02007-02-07
Multiple cross-site scripting (XSS) vulnerabilities in the Admin Control Panel (AdminCP) in Jelsoft vBulletin 3.6.4 allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors related to the (1)…
- CVE-2007-0891NONECVSS 0.0EG 0.02007-02-12
Cross-site scripting (XSS) vulnerability in the GetCurrentCompletePath function in phpmyvisites.php in phpMyVisites before 2.2 allows remote attackers to inject arbitrary web script or HTML via the query string.
- CVE-2007-0896NONECVSS 0.0EG 0.02007-02-13
Cross-site scripting (XSS) vulnerability in the (1) Sage before 1.3.10, and (2) Sage++ extensions for Firefox, allows remote attackers to inject arbitrary web script or HTML via a "<SCRIPT/=''SRC='" sequence in an RSS feed, a different vul…
- CVE-2007-0995NONECVSS 0.0EG 0.02007-02-26
Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 ignores trailing invalid HTML characters in attribute names, which allows remote attackers to bypass content filters that use regular expressions.
- CVE-2007-1012NONECVSS 0.0EG 0.02007-02-21
Cross-site scripting (XSS) vulnerability in faq.php in DeskPRO 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the article parameter.
- CVE-2007-1050NONECVSS 0.0EG 0.02007-02-21
Multiple cross-site scripting (XSS) vulnerabilities in index.php in AbleDesign MyCalendar allow remote attackers to inject arbitrary web script or HTML via (1) the go parameter, (2) the keyword parameter in the search menu (go=search), or …
- CVE-2007-1101NONECVSS 0.0EG 0.02007-02-26
Multiple cross-site scripting (XSS) vulnerabilities in Photostand 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) message ("comment") or (2) name field, or the (3) q parameter in a search action in index.php.
- CVE-2007-1109NONECVSS 0.0EG 0.02007-02-26
Multiple cross-site scripting (XSS) vulnerabilities in Phpwebgallery 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) login or (2) mail_address field in Register.php, or the (3) search_author, (4) mode, (5) s…
- CVE-2007-1115NONECVSS 0.0EG 0.02007-02-26
The child frames in Opera 9 before 9.20 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) atta…
- CVE-2007-1132NONECVSS 0.0EG 0.02007-02-27
Multiple cross-site scripting (XSS) vulnerabilities in the "Contact Us" functionality in MTCMS 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) message and (2) title fields.
- CVE-2007-1142NONECVSS 0.0EG 0.02007-03-02
Cross-site scripting (XSS) vulnerability in Magic News Plus 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the link_parameters parameter in (1) news.php and (2) n_layouts.php.
- CVE-2007-1145NONECVSS 0.0EG 0.02007-03-02
Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite - ESupport 3.00.13 and 3.04.10 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a (1) lostpassword or (2) register a…
- CVE-2007-1151NONECVSS 0.0EG 0.02007-03-02
Cross-site scripting (XSS) vulnerability in LoveCMS 1.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter to the top-level URI, possibly related to a SQL error.
- CVE-2007-1159NONECVSS 0.0EG 0.02007-03-02
Cross-site scripting (XSS) vulnerability in modules/out.php in Pyrophobia 2.1.3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: the provenance of this information is unknown; the details are ob…
- CVE-2007-1161NONECVSS 0.0EG 0.02007-03-02
Cross-site scripting (XSS) vulnerability in call_entry.php in Call Center Software 0,93 allows remote attackers to inject arbitrary web script or HTML via the problem_desc parameter, as demonstrated by the ONLOAD attribute of a BODY elemen…
- CVE-2007-1229NONECVSS 0.0EG 0.02007-03-02
Cross-site scripting (XSS) vulnerability in the Nullsoft ShoutcastServer 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the top-level URI on the Incoming interface (port 8001/tcp), which is not properly handled in…
Map vulnerabilities like CWE-79 to your infrastructure
EchelonGraph correlates every CVE — across CWE-79 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →