CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Description
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85
CVEs mapped to this weakness (22,700)
page 1042 of 1,135| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2011-0552 | 0.00 | — | 0.01 | Oct 2, 2011 | Multiple cross-site scripting (XSS) vulnerabilities in the management console in Symantec IM Manager before 8.4.18 allow remote attackers to inject arbitrary web script or HTML via the (1) refreshRateSetting parameter to IMManager/Admin/IMAdminSystemDashboard.asp, the (2) nav or… | |||
| CVE-2011-3864 | 0.00 | — | 0.00 | Sep 28, 2011 | Cross-site scripting (XSS) vulnerability in the The Erudite theme before 2.7.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. | |||
| CVE-2011-3857 | 0.00 | — | 0.00 | Sep 28, 2011 | Cross-site scripting (XSS) vulnerability in the Antisnews theme before 1.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. | |||
| CVE-2011-3854 | 0.00 | — | 0.00 | Sep 28, 2011 | Cross-site scripting (XSS) vulnerability in the ZenLite theme before 4.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. | |||
| CVE-2011-3853 | 0.00 | — | 0.00 | Sep 28, 2011 | Cross-site scripting (XSS) vulnerability in the Hybrid theme before 0.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. | |||
| CVE-2011-3851 | 0.00 | — | 0.00 | Sep 28, 2011 | Cross-site scripting (XSS) vulnerability in the News theme before 0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. | |||
| CVE-2011-3689 | 0.00 | — | 0.00 | Sep 27, 2011 | Cross-site scripting (XSS) vulnerability in Licenses.html in Wibu-Systems CodeMeter WebAdmin 3.30 and 4.30 allows remote attackers to inject arbitrary web script or HTML via the BoxSerial parameter. | |||
| CVE-2011-3687 | 0.00 | — | 0.00 | Sep 27, 2011 | Multiple cross-site scripting (XSS) vulnerabilities in Sonexis ConferenceManager 9.2.11.0 allow remote attackers to inject arbitrary web script or HTML via (1) the txtConferenceID parameter to HostLogin.asp, (2) the txtConferenceID parameter to ParticipantLogin.asp, (3) the acp… | |||
| CVE-2011-3686 | 0.00 | — | 0.00 | Sep 27, 2011 | Multiple cross-site scripting (XSS) vulnerabilities in myAddressBook.asp in Sonexis ConferenceManager 9.2.11.0 and 9.3.14.0 allow remote attackers to inject arbitrary web script or HTML via the (1) fname, (2) lname, (3) email_edit, (4) email, (5) email2, (6) email3, (7) sms, (8)… | |||
| CVE-2011-3684 | 0.00 | — | 0.00 | Sep 27, 2011 | Multiple cross-site scripting (XSS) vulnerabilities in Tembria Server Monitor before 6.0.5 Build 2252 allow remote attackers to inject arbitrary web script or HTML via (1) the siteid parameter to logbook.asp, (2) the siteid parameter to monitor-events.asp, (3) the siteid… | |||
| CVE-2010-4841 | 0.00 | — | 0.00 | Sep 27, 2011 | Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine EventLog Analyzer 6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) HOST_ID, (2) OS, (3) GROUP, (4) exportFile, (5) load, (6) type, or (7) tab parameter to INDEX.do, the (8) reported… | |||
| CVE-2010-4848 | 0.00 | — | 0.00 | Sep 27, 2011 | Multiple cross-site scripting (XSS) vulnerabilities in addlink.php in AXScripts AxsLinks 0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) url or (2) title parameter. | |||
| CVE-2011-2444 | 0.00 | — | 0.01 | Sep 22, 2011 | Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to a "universal cross-site… | |||
| CVE-2011-3578 | 0.00 | — | 0.01 | Sep 21, 2011 | Cross-site scripting (XSS) vulnerability in bug_actiongroup_ext_page.php in MantisBT before 1.2.8 allows remote attackers to inject arbitrary web script or HTML via the action parameter, related to bug_actiongroup_page.php, a different vulnerability than CVE-2011-3357. | |||
| CVE-2011-3358 | 0.00 | — | 0.01 | Sep 21, 2011 | Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before 1.2.8 allow remote attackers to inject arbitrary web script or HTML via the (1) os, (2) os_build, or (3) platform parameter to (a) bug_report_page.php or (b) bug_update_advanced_page.php, related to use of… | |||
| CVE-2011-3356 | 0.00 | — | 0.01 | Sep 21, 2011 | Multiple cross-site scripting (XSS) vulnerabilities in config_defaults_inc.php in MantisBT before 1.2.8 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO, as demonstrated by the PATH_INFO to (1) manage_config_email_page.php, (2)… | |||
| CVE-2011-2938 | 0.00 | — | 0.16 | Sep 21, 2011 | Multiple cross-site scripting (XSS) vulnerabilities in filter_api.php in MantisBT before 1.2.7 allow remote attackers to inject arbitrary web script or HTML via a parameter, as demonstrated by the project_id parameter to search.php. | |||
| CVE-2011-2937 | 0.00 | — | 0.01 | Sep 21, 2011 | Cross-site scripting (XSS) vulnerability in the UI messages functionality in Roundcube Webmail before 0.5.4 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter to the default URI. | |||
| CVE-2011-2672 | 0.00 | — | 0.00 | Sep 20, 2011 | Cross-site scripting (XSS) vulnerability in SemanticScuttle before 0.98 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2011-1510 | 0.00 | — | 0.00 | Sep 20, 2011 | Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus (SDP) before 8012 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. |
- CVE-2011-0552Oct 2, 2011risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in the management console in Symantec IM Manager before 8.4.18 allow remote attackers to inject arbitrary web script or HTML via the (1) refreshRateSetting parameter to IMManager/Admin/IMAdminSystemDashboard.asp, the (2) nav or…
- CVE-2011-3864Sep 28, 2011risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in the The Erudite theme before 2.7.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter.
- CVE-2011-3857Sep 28, 2011risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in the Antisnews theme before 1.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
- CVE-2011-3854Sep 28, 2011risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in the ZenLite theme before 4.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
- CVE-2011-3853Sep 28, 2011risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in the Hybrid theme before 0.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter.
- CVE-2011-3851Sep 28, 2011risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in the News theme before 0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter.
- CVE-2011-3689Sep 27, 2011risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in Licenses.html in Wibu-Systems CodeMeter WebAdmin 3.30 and 4.30 allows remote attackers to inject arbitrary web script or HTML via the BoxSerial parameter.
- CVE-2011-3687Sep 27, 2011risk 0.00cvss —epss 0.00
Multiple cross-site scripting (XSS) vulnerabilities in Sonexis ConferenceManager 9.2.11.0 allow remote attackers to inject arbitrary web script or HTML via (1) the txtConferenceID parameter to HostLogin.asp, (2) the txtConferenceID parameter to ParticipantLogin.asp, (3) the acp…
- CVE-2011-3686Sep 27, 2011risk 0.00cvss —epss 0.00
Multiple cross-site scripting (XSS) vulnerabilities in myAddressBook.asp in Sonexis ConferenceManager 9.2.11.0 and 9.3.14.0 allow remote attackers to inject arbitrary web script or HTML via the (1) fname, (2) lname, (3) email_edit, (4) email, (5) email2, (6) email3, (7) sms, (8)…
- CVE-2011-3684Sep 27, 2011risk 0.00cvss —epss 0.00
Multiple cross-site scripting (XSS) vulnerabilities in Tembria Server Monitor before 6.0.5 Build 2252 allow remote attackers to inject arbitrary web script or HTML via (1) the siteid parameter to logbook.asp, (2) the siteid parameter to monitor-events.asp, (3) the siteid…
- CVE-2010-4841Sep 27, 2011risk 0.00cvss —epss 0.00
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine EventLog Analyzer 6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) HOST_ID, (2) OS, (3) GROUP, (4) exportFile, (5) load, (6) type, or (7) tab parameter to INDEX.do, the (8) reported…
- CVE-2010-4848Sep 27, 2011risk 0.00cvss —epss 0.00
Multiple cross-site scripting (XSS) vulnerabilities in addlink.php in AXScripts AxsLinks 0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) url or (2) title parameter.
- CVE-2011-2444Sep 22, 2011risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to a "universal cross-site…
- CVE-2011-3578Sep 21, 2011risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in bug_actiongroup_ext_page.php in MantisBT before 1.2.8 allows remote attackers to inject arbitrary web script or HTML via the action parameter, related to bug_actiongroup_page.php, a different vulnerability than CVE-2011-3357.
- CVE-2011-3358Sep 21, 2011risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before 1.2.8 allow remote attackers to inject arbitrary web script or HTML via the (1) os, (2) os_build, or (3) platform parameter to (a) bug_report_page.php or (b) bug_update_advanced_page.php, related to use of…
- CVE-2011-3356Sep 21, 2011risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in config_defaults_inc.php in MantisBT before 1.2.8 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO, as demonstrated by the PATH_INFO to (1) manage_config_email_page.php, (2)…
- CVE-2011-2938Sep 21, 2011risk 0.00cvss —epss 0.16
Multiple cross-site scripting (XSS) vulnerabilities in filter_api.php in MantisBT before 1.2.7 allow remote attackers to inject arbitrary web script or HTML via a parameter, as demonstrated by the project_id parameter to search.php.
- CVE-2011-2937Sep 21, 2011risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the UI messages functionality in Roundcube Webmail before 0.5.4 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter to the default URI.
- CVE-2011-2672Sep 20, 2011risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in SemanticScuttle before 0.98 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2011-1510Sep 20, 2011risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine ServiceDesk Plus (SDP) before 8012 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter.