VYPR

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BaseStableLikelihood: High

Description

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Hierarchy (View 1000)

Parents

Related attack patterns (CAPEC)

CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85

CVEs mapped to this weakness (22,700)

page 1047 of 1,135
  • CVE-2011-1948Jun 6, 2011
    Plone (software)
    Plone
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Plone 4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

  • CVE-2011-0767Jun 6, 2011
    Imperva
    Securesphere Web Application Firewall
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall 6.2, 7.x, and 8.x allows remote attackers to inject arbitrary web script or HTML via an HTTP request to a firewalled server, aka Bug ID…

  • CVE-2011-1077Jun 2, 2011
    Apache
    Archiva
    risk 0.00cvss epss 0.03

    Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva 1.0 through 1.2.2, and 1.3.x before 1.3.5, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2011-1937May 31, 2011
    Webmin
    Webmin
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Webmin 1.540 and earlier allows local users to inject arbitrary web script or HTML via a chfn command that changes the real (aka Full Name) field, related to useradmin/index.cgi and useradmin/user-lib.pl.

  • CVE-2011-2172May 26, 2011
    IBM
    Websphere Portal
    risk 0.00cvss epss 0.00

    Cross-site scripting (XSS) vulnerability in the search center in IBM WebSphere Portal 7.0.0.1 before CF004 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2011-1765May 23, 2011
    MediaWiki
    Mediawiki
    risk 0.00cvss epss 0.00

    Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.5, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .shtml at the end of the query…

  • CVE-2011-2020May 20, 2011
    TIBCO Software
    Iprocess Engine
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in TIBCO iProcess Engine before 11.1.3 and iProcess Workspace before 11.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2011-1856May 16, 2011
    Microfocus
    Business Availability Center
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 8.06 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2011-1899May 16, 2011
    Ca
    Ehealth
    risk 0.00cvss epss 0.00

    Multiple cross-site scripting (XSS) vulnerabilities in CA eHealth 6.0.x, 6.1.x, 6.2.1, and 6.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.

  • CVE-2011-0613May 16, 2011
    Adobe Inc.
    Robohelp
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in RoboHelp 7 and 8, and RoboHelp Server 7 and 8, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to (1) wf_status.htm and (2) wf_topicfs.htm in RoboHTML/WildFireExt/TemplateStock/.

  • CVE-2011-1405May 13, 2011
    Mahara (software)
    Mahara
    risk 0.00cvss epss 0.00

    Cross-site scripting (XSS) vulnerability in Mahara before 1.3.6 allows remote authenticated users to inject arbitrary web script or HTML via vectors associated with HTML e-mail messages, related to artefact/comment/lib.php and interaction/forum/lib.php.

  • CVE-2011-2087May 13, 2011
    Apache
    Struts
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related…

  • CVE-2011-1737May 13, 2011
    Microfocus
    Palm Webos
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in the Email application in HP Palm webOS 1.4.5 and 1.4.5.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2011-2078May 10, 2011
    Inventivetec
    Mediacast
    risk 0.00cvss epss 0.00

    Multiple cross-site scripting (XSS) vulnerabilities in the New Atlanta BlueDragon administrative interface in MediaCAST 8 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2011-1570May 7, 2011
    Liferay
    Portal
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.

  • CVE-2011-1504May 7, 2011
    Liferay
    Portal
    risk 0.00cvss epss 0.00

    Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA allows remote authenticated users to inject arbitrary web script or HTML via a blog title.

  • CVE-2011-1825May 5, 2011
    Ca
    Arcot Webfort Versatile Authentication Server
    risk 0.00cvss epss 0.00

    Multiple cross-site scripting (XSS) vulnerabilities in the Administrative Console in CA Arcot WebFort Versatile Authentication Server (VAS) before 6.2.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2011-1423May 5, 2011
    EMC Corporation
    Data Loss Prevention Enterprise Manager
    risk 0.00cvss epss 0.00

    Cross-site scripting (XSS) vulnerability in RSA Data Loss Prevention (DLP) Enterprise Manager 8.x before 8.5 SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2011-1727May 3, 2011
    Microfocus
    Sitescope
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in HP SiteScope 9.54, 10.13, 11.01, and 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to an "HTML injection" issue.

  • CVE-2011-1726May 3, 2011
    Microfocus
    Sitescope
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in HP SiteScope 9.54, 10.13, 11.01, and 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.