CWE-79— Cross-site Scripting (XSS)
25,499 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-79page 1 of 510
- CVE-2003-5003MEDIUMCVSS 5.0EG 6.12022-03-28
A vulnerability was found in ISS BlackICE PC Protection. It has been rated as problematic. Affected by this issue is the Update Handler. The manipulation with an unknown input leads to cross site scripting. The attack may be launched remot…
- CVE-2005-2350MEDIUMCVSS 6.1EG 6.12019-11-01
Cross-site scripting (XSS) vulnerability in websieve v0.62 allows remote attackers to inject arbitrary web script or HTML code in the web user interface.
- CVE-2006-10001LOWCVSS 3.5EG 5.42023-03-05
A vulnerability, which was classified as problematic, was found in Subscribe to Comments Plugin up to 2.0.7 on WordPress. This affects an unknown part of the file subscribe-to-comments.php. The manipulation leads to cross site scripting. I…
- CVE-2008-10001MEDIUMCVSS 5.5EG 6.12022-03-28
A vulnerability, which was classified as problematic, has been found in Pro2col Stingray FTS. The manipulation of the argument Username leads to cross site scripting. The attack may be initiated remotely. It is recommended to upgrade the a…
- CVE-2008-10002LOWCVSS 3.5EG 6.12023-03-05
A vulnerability has been found in cfire24 ajaxlife up to 0.3.2 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to versi…
- CVE-2008-7321MEDIUMCVSS 6.1EG 6.12019-08-22
The tubepress plugin before 1.6.5 for WordPress has XSS.
- CVE-2009-10001LOWCVSS 3.5EG 6.12023-01-13
A vulnerability classified as problematic was found in jianlinwei cool-php-captcha up to 0.2. This vulnerability affects unknown code of the file example-form.php. The manipulation of the argument captcha with the input %3Cscript%3Ealert(1…
- CVE-2009-10002LOWCVSS 3.5EG 6.12023-01-13
A vulnerability, which was classified as problematic, has been found in dpup fittr-flickr. This issue affects some unknown processing of the file fittr-flickr/features/easy-exif.js of the component EXIF Preview Handler. The manipulation le…
- CVE-2009-10003LOWCVSS 3.5EG 6.12023-01-29
A vulnerability was found in capnsquarepants wordcraft up to 0.6. It has been classified as problematic. Affected is an unknown function of the file tag.php. The manipulation of the argument tag leads to cross site scripting. It is possibl…
- CVE-2009-10004LOWCVSS 3.5EG 6.12023-04-10
A vulnerability was found in Turante Sandbox Theme up to 1.5.2. It has been classified as problematic. This affects the function sandbox_body_class of the file functions.php. The manipulation of the argument page leads to cross site script…
- CVE-2009-2802MEDIUMCVSS 6.1EG 6.12019-11-09
MantisBT 1.2.x before 1.2.2 insecurely handles attachments and MIME types. Arbitrary inline attachment rendering could lead to cross-domain scripting or other browser attacks.
- CVE-2009-3724MEDIUMCVSS 6.1EG 6.12020-01-15
python-markdown2 before 1.0.1.14 has multiple cross-site scripting (XSS) issues.
- CVE-2009-4900MEDIUMCVSS 6.1EG 6.12019-10-28
pixelpost 1.7.1 has XSS
- CVE-2009-5046MEDIUMCVSS 6.1EG 6.12019-11-06
JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22.
- CVE-2009-5048MEDIUMCVSS 6.1EG 6.12019-11-06
Cookie Dump Servlet stored XSS vulnerability in jetty though 6.1.20.
- CVE-2009-5049MEDIUMCVSS 6.1EG 6.12019-11-06
WebApp JSP Snoop page XSS in jetty though 6.1.21.
- CVE-2009-5159MEDIUMCVSS 6.1EG 6.12020-03-13
Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, when Internet Explorer 5 is used, allows XSS via a .txt attachment.
- CVE-2010-10002LOWCVSS 3.1EG 3.12023-01-01
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in SimpleSAMLphp simplesamlphp-module-openid. Affected is an unknown function of the file templates/consumer.php of the component OpenID Handler. The …
- CVE-2010-10004LOWCVSS 3.5EG 3.52023-01-09
A vulnerability was found in Information Cards Module on simpleSAMLphp and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgradi…
- CVE-2010-10008LOWCVSS 3.5EG 3.52023-01-17
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in simplesamlphp simplesamlphp-module-openidprovider up to 0.8.x. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file templat…
- CVE-2010-10010LOWCVSS 3.5EG 3.52023-06-01
A vulnerability classified as problematic has been found in Stars Alliance PsychoStats up to 3.2.2a. This affects an unknown part of the file upload/admin/login.php. The manipulation of the argument ref leads to cross site scripting. It is…
- CVE-2010-1673MEDIUMCVSS 6.1EG 6.12019-10-30
A cross-site scripting (XSS) vulnerability in ikiwiki before 3.20101112 allows remote attackers to inject arbitrary web script or HTML via a comment.
- CVE-2010-2250MEDIUMCVSS 6.1EG 6.12019-11-07
Drupal 5.x and 6.x before 6.16 uses a user-supplied value in output during site installation which could allow an attacker to craft a URL and perform a cross-site scripting attack.
- CVE-2010-2472MEDIUMCVSS 4.8EG 4.82019-11-07
Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an attacker to perform a cros…
- CVE-2010-3660MEDIUMCVSS 5.4EG 5.42019-11-01
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the backend.
- CVE-2010-3665MEDIUMCVSS 5.4EG 5.42019-11-04
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the Extension Manager.
- CVE-2010-3669MEDIUMCVSS 5.4EG 5.42019-11-04
TYPO3 before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS and Open Redirection in the frontend login box.
- CVE-2010-3672MEDIUMCVSS 6.1EG 6.12019-11-05
TYPO3 before 4.3.4 and 4.4.x before 4.4.1 allows XSS in the textarea view helper in an extbase extension.
- CVE-2010-3674MEDIUMCVSS 6.1EG 6.12019-11-05
TYPO3 before 4.4.1 allows XSS in the frontend search box.
- CVE-2010-3857MEDIUMCVSS 6.1EG 6.12019-11-12
JBoss BRMS before 5.1.0 has a XSS vulnerability via asset=UUID parameter.
- CVE-2010-4240MEDIUMCVSS 6.1EG 6.12019-10-28
Tiki Wiki CMS Groupware 5.2 has XSS
- CVE-2010-4245MEDIUMCVSS 6.1EG 6.12019-10-28
pootle 2.0.5 has XSS via 'match_names' parameter
- CVE-2010-4264MEDIUMCVSS 6.1EG 6.12021-06-22
It was found in vanilla forums before 2.0.10 a cross-site scripting vulnerability where a filename could contain arbitrary code to execute on the client side.
- CVE-2010-4659MEDIUMCVSS 6.1EG 6.12019-11-20
Cross-site scripting (XSS) vulnerability in statusnet through 2010 in error message contents.
- CVE-2010-4662MEDIUMCVSS 6.1EG 6.12020-02-05
PmWiki before 2.2.21 has XSS.
- CVE-2010-5336MEDIUMCVSS 6.1EG 6.12019-10-11
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: admin/login.html with the parameter username is persistent in 10.2.0.
- CVE-2010-5337MEDIUMCVSS 6.1EG 6.12019-10-11
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][controller] is non-persistent in 10.1.3 and 10.2.0.
- CVE-2010-5338MEDIUMCVSS 6.1EG 6.12019-10-11
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][action] is non-persistent in 10.1.3 and 10.2.0.
- CVE-2010-5339MEDIUMCVSS 6.1EG 6.12019-10-11
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][uid] is non-persistent in 10.1.3 and 10.2.0.
- CVE-2010-5340MEDIUMCVSS 6.1EG 6.12019-10-11
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/ with the parameter password is non-persistent in 10.2.0.
- CVE-2011-0428MEDIUMCVSS 6.1EG 6.12019-10-29
Cross Site Scripting (XSS) in ikiwiki before 3.20110122 could allow remote attackers to insert arbitrary JavaScript due to insufficient checking in comments.
- CVE-2011-0544MEDIUMCVSS 6.1EG 6.12019-11-14
phpbb 3.0.x-3.0.6 has an XSS vulnerability via the [flash] BB tag.
- CVE-2011-10006LOWCVSS 3.5EG 3.52024-04-08
A vulnerability was found in GamerZ WP-PostRatings up to 1.64. It has been classified as problematic. This affects an unknown part of the file wp-postratings.php. The manipulation leads to cross site scripting. It is possible to initiate t…
- CVE-2011-1009MEDIUMCVSS 6.1EG 6.12020-02-05
Vanilla Forums 2.0.17.1 through 2.0.17.5 has XSS in /vanilla/index.php via the p parameter.
- CVE-2011-1069MEDIUMCVSS 6.1EG 6.12020-02-05
PHPShop through 0.8.1 has XSS.
- CVE-2011-1084MEDIUMCVSS 6.1EG 6.12020-02-07
A cross-site scripting (XSS) vulnerability in Smoothwall Express 3.
- CVE-2011-1086MEDIUMCVSS 6.1EG 6.12020-02-07
Cross-site scripting (XSS) vulnerability in admin/system.html in Openfiler 2.3 allows remote attackers to inject arbitrary web script or HTML via the device parameter.
- CVE-2011-1133MEDIUMCVSS 6.1EG 6.12019-11-05
Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code via plugins/ExtendedFileManager/backend.php.
- CVE-2011-1135MEDIUMCVSS 6.1EG 6.12019-11-05
Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in plugins/ExtendedFileManager/manager.php and plugins/ImageManager/manager.php.
- CVE-2011-1150MEDIUMCVSS 6.1EG 6.12020-02-05
bbPress through 1.0.2 has XSS in /bb-login.php url via the re parameter.
Map vulnerabilities like CWE-79 to your infrastructure
EchelonGraph correlates every CVE — across CWE-79 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →