CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BaseStableLikelihood: High

Description

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Hierarchy (View 1000)

Parents

CWE-74

Children

Related attack patterns (CAPEC)

CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85

CVEs mapped to this weakness (22,699)

page 1069 of 1,135

CVE	Vendor / Product	CVSS	EPSS	Published	Description
CVE-2010-1025	Chris Wederka Tgm Newsletter	—	0.00	Mar 19, 2010	Cross-site scripting (XSS) vulnerability in the TGM-Newsletter (tgm_newsletter) extension 0.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-1023	Taskcenter Recent Project Taskcenter Recent	—	0.00	Mar 19, 2010	Cross-site scripting (XSS) vulnerability in the UserTask Center, Recent (taskcenter_recent) extension 0.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-1021	Mads Brunn T3quixplorer	—	0.00	Mar 19, 2010	Cross-site scripting (XSS) vulnerability in the Typo3 Quixplorer (t3quixplorer) extension before 1.7.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-1020	Sk Typo3 Sk Simplegallery	—	0.00	Mar 19, 2010	Cross-site scripting (XSS) vulnerability in the Simple Gallery (sk_simplegallery) extension 0.0.9 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-1014	Steffen Kamper Reports Logview	—	0.00	Mar 19, 2010	Cross-site scripting (XSS) vulnerability in the Reports Logfile View (reports_logview) extension 1.2.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-1011	Tim Lochmueller Mydashboard	—	0.00	Mar 19, 2010	Cross-site scripting (XSS) vulnerability in the myDashboard (mydashboard) extension 0.1.13 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-1008	Christian Hennecke Chsellector	—	0.00	Mar 19, 2010	Cross-site scripting (XSS) vulnerability in the Sellector.com Widget Integration (chsellector) extension before 0.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-1005	Mischa Heimann Yatse	—	0.00	Mar 19, 2010	Cross-site scripting (XSS) vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-0979	Obsession Design Image Gallery	—	0.00	Mar 16, 2010	Cross-site scripting (XSS) vulnerability in display.php in Obsession-Design Image-Gallery (ODIG) 1.1 allows remote attackers to inject arbitrary web script or HTML via the folder parameter.
CVE-2010-0963	Yuri D\'elia Dl	—	0.00	Mar 16, 2010	Cross-site scripting (XSS) vulnerability in index.php in dl Download Ticket Service before 0.7 allows remote attackers to inject arbitrary web script or HTML via the t parameter, related to an invalid ticket ID. NOTE: some of these details are obtained from third party…
CVE-2009-4716	Edgephp Ezwebsearch	—	0.00	Mar 15, 2010	Cross-site scripting (XSS) vulnerability in results.php in EDGEPHP EZWebSearch allows remote attackers to inject arbitrary web script or HTML via the language parameter.
CVE-2009-4715	Phpscriptsnow Real Time Currency Exchange	—	0.00	Mar 15, 2010	Cross-site scripting (XSS) vulnerability in rates.php in Real Time Currency Exchange allows remote attackers to inject arbitrary web script or HTML via the Amount parameter.
CVE-2009-4707	Maximo Cuadros Gb Fenewssubmit	—	0.00	Mar 15, 2010	Cross-site scripting (XSS) vulnerability in the [Gobernalia] Front End News Submitter (gb_fenewssubmit) extension 0.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4706	Ranson Johnson Mailform	—	0.00	Mar 15, 2010	Cross-site scripting (XSS) vulnerability in the Mailform (mailform) extension before 0.9.24 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4705	Thomas Loeffler Twittersearch	—	0.00	Mar 15, 2010	Cross-site scripting (XSS) vulnerability in the Twitter Search (twittersearch) extension before 0.1.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-0959	IBM Enovia Smarteam	—	0.00	Mar 10, 2010	Cross-site scripting (XSS) vulnerability in WebEditor/Authentication/LoginPage.aspx in IBM ENOVIA SmarTeam 5 allows remote attackers to inject arbitrary web script or HTML via the errMsg parameter.
CVE-2010-0949	Natychmiast Cms Natychmiast CMS	—	0.00	Mar 10, 2010	Multiple cross-site scripting (XSS) vulnerabilities in Natychmiast CMS allow remote attackers to inject arbitrary web script or HTML via the id_str parameter to (1) index.php and (2) a_index.php.
CVE-2010-0947	Bbsmax Bbsmax	—	0.00	Mar 10, 2010	Cross-site scripting (XSS) vulnerability in post.aspx in Max Network Technology BBSMAX 3.0, 4.1, and 4.2 allows remote attackers to inject arbitrary web script or HTML via the action parameter.
CVE-2010-0941	Web Site Development Etek Systems Hit Counter	—	0.01	Mar 8, 2010	Multiple cross-site scripting (XSS) vulnerabilities in eTek Systems Hit Counter 2.0 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) inc/login.php, (3) admin/index.php, and (4) admin/forgot.php.
CVE-2010-0940	Simple One File Guestbook Simple One File Guestbook	—	0.00	Mar 8, 2010	Cross-site scripting (XSS) vulnerability in guestbook.php in Simple PHP Guestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via the action parameter.

CVE-2010-1025Mar 19, 2010
Chris Wederka
Tgm Newsletter
risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in the TGM-Newsletter (tgm_newsletter) extension 0.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-1023Mar 19, 2010
Taskcenter Recent Project
Taskcenter Recent
risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in the UserTask Center, Recent (taskcenter_recent) extension 0.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-1021Mar 19, 2010
Mads Brunn
T3quixplorer
risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in the Typo3 Quixplorer (t3quixplorer) extension before 1.7.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-1020Mar 19, 2010
Sk Typo3
Sk Simplegallery
risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in the Simple Gallery (sk_simplegallery) extension 0.0.9 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-1014Mar 19, 2010
Steffen Kamper
Reports Logview
risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in the Reports Logfile View (reports_logview) extension 1.2.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-1011Mar 19, 2010
Tim Lochmueller
Mydashboard
risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in the myDashboard (mydashboard) extension 0.1.13 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-1008Mar 19, 2010
Christian Hennecke
Chsellector
risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in the Sellector.com Widget Integration (chsellector) extension before 0.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-1005Mar 19, 2010
Mischa Heimann
Yatse
risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-0979Mar 16, 2010
Obsession Design
Image Gallery
risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in display.php in Obsession-Design Image-Gallery (ODIG) 1.1 allows remote attackers to inject arbitrary web script or HTML via the folder parameter.
CVE-2010-0963Mar 16, 2010
Yuri D\'elia
Dl
risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in index.php in dl Download Ticket Service before 0.7 allows remote attackers to inject arbitrary web script or HTML via the t parameter, related to an invalid ticket ID. NOTE: some of these details are obtained from third party…
CVE-2009-4716Mar 15, 2010
Edgephp
Ezwebsearch
risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in results.php in EDGEPHP EZWebSearch allows remote attackers to inject arbitrary web script or HTML via the language parameter.
CVE-2009-4715Mar 15, 2010
Phpscriptsnow
Real Time Currency Exchange
risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in rates.php in Real Time Currency Exchange allows remote attackers to inject arbitrary web script or HTML via the Amount parameter.
CVE-2009-4707Mar 15, 2010
Maximo Cuadros
Gb Fenewssubmit
risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in the [Gobernalia] Front End News Submitter (gb_fenewssubmit) extension 0.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4706Mar 15, 2010
Ranson Johnson
Mailform
risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in the Mailform (mailform) extension before 0.9.24 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4705Mar 15, 2010
Thomas Loeffler
Twittersearch
risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in the Twitter Search (twittersearch) extension before 0.1.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-0959Mar 10, 2010
IBM
Enovia Smarteam
risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in WebEditor/Authentication/LoginPage.aspx in IBM ENOVIA SmarTeam 5 allows remote attackers to inject arbitrary web script or HTML via the errMsg parameter.
CVE-2010-0949Mar 10, 2010
Natychmiast Cms
Natychmiast CMS
risk 0.00cvss —epss 0.00
Multiple cross-site scripting (XSS) vulnerabilities in Natychmiast CMS allow remote attackers to inject arbitrary web script or HTML via the id_str parameter to (1) index.php and (2) a_index.php.
CVE-2010-0947Mar 10, 2010
Bbsmax
Bbsmax
risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in post.aspx in Max Network Technology BBSMAX 3.0, 4.1, and 4.2 allows remote attackers to inject arbitrary web script or HTML via the action parameter.
CVE-2010-0941Mar 8, 2010
Web Site Development
Etek Systems Hit Counter
risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in eTek Systems Hit Counter 2.0 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) inc/login.php, (3) admin/index.php, and (4) admin/forgot.php.
CVE-2010-0940Mar 8, 2010
Simple One File Guestbook
Simple One File Guestbook
risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in guestbook.php in Simple PHP Guestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via the action parameter.