CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BaseStableLikelihood: High

Description

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Hierarchy (View 1000)

Parents

CWE-74

Children

Related attack patterns (CAPEC)

CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85

CVEs mapped to this weakness (22,699)

page 1055 of 1,135

CVE	Vendor / Product	CVSS	EPSS	Published	Description
CVE-2010-4155	Siteserver CMS	—	0.00	Nov 3, 2010	Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2.10 allow remote attackers to inject arbitrary web script or HTML via the (1) rssfeedURL parameter to manual/caferss/example.php and the sumb parameter to (2) modules/news/archive.php, (3) modules/news/topics.php,…
CVE-2010-4101	Microfocus Insight Recovery	—	0.01	Nov 2, 2010	Cross-site scripting (XSS) vulnerability in HP Insight Recovery before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-4030	Microfocus Insight Control Performance Management	—	0.01	Nov 2, 2010	Cross-site scripting (XSS) vulnerability in HP Insight Control Performance Management before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-4146	Attachmate Reflection For The Web	—	0.00	Nov 2, 2010	Cross-site scripting (XSS) vulnerability in Attachmate Reflection for the Web 2008 R2 (builds 10.1.569 and earlier), 2008 R1, and 9.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-4023	Microfocus Insight Control Power Management	—	0.01	Oct 28, 2010	Cross-site scripting (XSS) vulnerability in HP Insight Control Power Management before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-3994	Microfocus Version Control Repository Manager	—	0.01	Oct 28, 2010	Cross-site scripting (XSS) vulnerability in HP Version Control Repository Manager (VCRM) before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-3991	Microfocus Insight Control Server Migration	—	0.01	Oct 28, 2010	Cross-site scripting (XSS) vulnerability in HP Insight Control Server Migration before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-3987	Microfocus Insight Control Virtual Machine Management	—	0.01	Oct 28, 2010	Cross-site scripting (XSS) vulnerability in HP Insight Control Virtual Machine Management before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-3712	Joomla Joomla!	—	0.00	Oct 28, 2010	Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x before 1.5.21 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving "multiple encoded entities," as demonstrated by the query string to index.php in the com_weblinks…
CVE-2010-4097	Avatic Aardvark Topsites PHP	—	0.00	Oct 27, 2010	Multiple cross-site scripting (XSS) vulnerabilities in index.php in Aardvark Topsites PHP 5.2.0 and 5.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) mail, (2) title, (3) u, and (4) url parameters. NOTE: the q parameter is already covered by…
CVE-2010-3985	Microfocus Operations Orchestration	—	0.01	Oct 26, 2010	Cross-site scripting (XSS) vulnerability in HP Operations Orchestration before 9.0, when Internet Explorer 6.0 is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-2886	Adobe Inc. Robohelp	—	0.01	Oct 26, 2010	Multiple cross-site scripting (XSS) vulnerabilities in Adobe RoboHelp 7 and 8, and RoboHelp Server 7 and 8, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-2885	Adobe Inc. Robohelp	—	0.01	Oct 26, 2010	Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 7 and 8, and RoboHelp Server 7 and 8, allows remote attackers to inject arbitrary web script or HTML via vectors related to WebHelp generation with RoboHelp for Word.
CVE-2010-3715	TYPO3 Typo3	—	0.00	Oct 25, 2010	Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the RemoveXSS function, and allow remote authenticated users to…
CVE-2010-3289	Microfocus Systems Insight Manager	—	0.01	Oct 23, 2010	Cross-site scripting (XSS) vulnerability in HP Systems Insight Manager (SIM) before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-4047	Opera Opera Browser	—	0.01	Oct 21, 2010	Opera before 10.63 does not properly select the security context of JavaScript code associated with an error page, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site.
CVE-2010-3291	Microfocus Assetcenter	—	0.01	Oct 21, 2010	Cross-site scripting (XSS) vulnerability in HP AssetCenter 5.0x through AC_5.03, and AssetManager 5.1x through AM_5.12 and 5.2x through AM_5.22, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-3177	Mozilla Corporation Firefox	—	0.01	Oct 21, 2010	Multiple cross-site scripting (XSS) vulnerabilities in the Gopher parser in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, and SeaMonkey before 2.0.9, allow remote attackers to inject arbitrary web script or HTML via a crafted name of a (1) file or (2) directory on a…
CVE-2010-3981	SAP Businessobjects	—	0.00	Oct 18, 2010	Cross-site scripting (XSS) vulnerability in SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to inject arbitrary web script or HTML via the ServiceClass field to the Edit Service Parameters page.
CVE-2010-3882	Simple Cms Simple CMS	—	0.00	Oct 8, 2010	Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple 1.7.1 and earlier allow remote attackers to inject arbitrary web script or HTML via input to the (1) Add Pages, (2) Add Global Content, (3) Edit Global Content, (4) Add Article, (5) Add Category, (6) Add…

CVE-2010-4155Nov 3, 2010
Siteserver
CMS
risk 0.00cvss —epss 0.00
Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2.10 allow remote attackers to inject arbitrary web script or HTML via the (1) rssfeedURL parameter to manual/caferss/example.php and the sumb parameter to (2) modules/news/archive.php, (3) modules/news/topics.php,…
CVE-2010-4101Nov 2, 2010
Microfocus
Insight Recovery
risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in HP Insight Recovery before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-4030Nov 2, 2010
Microfocus
Insight Control Performance Management
risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in HP Insight Control Performance Management before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-4146Nov 2, 2010
Attachmate
Reflection For The Web
risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in Attachmate Reflection for the Web 2008 R2 (builds 10.1.569 and earlier), 2008 R1, and 9.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-4023Oct 28, 2010
Microfocus
Insight Control Power Management
risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in HP Insight Control Power Management before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-3994Oct 28, 2010
Microfocus
Version Control Repository Manager
risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in HP Version Control Repository Manager (VCRM) before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-3991Oct 28, 2010
Microfocus
Insight Control Server Migration
risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in HP Insight Control Server Migration before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-3987Oct 28, 2010
Microfocus
Insight Control Virtual Machine Management
risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in HP Insight Control Virtual Machine Management before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-3712Oct 28, 2010
Joomla
Joomla!
risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x before 1.5.21 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving "multiple encoded entities," as demonstrated by the query string to index.php in the com_weblinks…
CVE-2010-4097Oct 27, 2010
Avatic
Aardvark Topsites PHP
risk 0.00cvss —epss 0.00
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Aardvark Topsites PHP 5.2.0 and 5.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) mail, (2) title, (3) u, and (4) url parameters. NOTE: the q parameter is already covered by…
CVE-2010-3985Oct 26, 2010
Microfocus
Operations Orchestration
risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in HP Operations Orchestration before 9.0, when Internet Explorer 6.0 is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-2886Oct 26, 2010
Adobe Inc.
Robohelp
risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Adobe RoboHelp 7 and 8, and RoboHelp Server 7 and 8, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-2885Oct 26, 2010
Adobe Inc.
Robohelp
risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 7 and 8, and RoboHelp Server 7 and 8, allows remote attackers to inject arbitrary web script or HTML via vectors related to WebHelp generation with RoboHelp for Word.
CVE-2010-3715Oct 25, 2010
TYPO3
Typo3
risk 0.00cvss —epss 0.00
Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the RemoveXSS function, and allow remote authenticated users to…
CVE-2010-3289Oct 23, 2010
Microfocus
Systems Insight Manager
risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in HP Systems Insight Manager (SIM) before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-4047Oct 21, 2010
Opera
Opera Browser
risk 0.00cvss —epss 0.01
Opera before 10.63 does not properly select the security context of JavaScript code associated with an error page, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site.
CVE-2010-3291Oct 21, 2010
Microfocus
Assetcenter
risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in HP AssetCenter 5.0x through AC_5.03, and AssetManager 5.1x through AM_5.12 and 5.2x through AM_5.22, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-3177Oct 21, 2010
Mozilla Corporation
Firefox
risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in the Gopher parser in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, and SeaMonkey before 2.0.9, allow remote attackers to inject arbitrary web script or HTML via a crafted name of a (1) file or (2) directory on a…
CVE-2010-3981Oct 18, 2010
SAP
Businessobjects
risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to inject arbitrary web script or HTML via the ServiceClass field to the Edit Service Parameters page.
CVE-2010-3882Oct 8, 2010
Simple Cms
Simple CMS
risk 0.00cvss —epss 0.00
Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple 1.7.1 and earlier allow remote attackers to inject arbitrary web script or HTML via input to the (1) Add Pages, (2) Add Global Content, (3) Edit Global Content, (4) Add Article, (5) Add Category, (6) Add…