CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Description
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85
CVEs mapped to this weakness (22,695)
page 1084 of 1,135| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-6850 | 0.00 | — | 0.00 | Jul 7, 2009 | Cross-site scripting (XSS) vulnerability in messages.php in PHP-Fusion 6.01.17 and 7.00.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2009-2324 | 0.00 | — | 0.00 | Jul 5, 2009 | Multiple cross-site scripting (XSS) vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to inject arbitrary web script or HTML via components in the samples (aka _samples) directory. | |||
| CVE-2009-2322 | 0.00 | — | 0.00 | Jul 5, 2009 | Cross-site scripting (XSS) vulnerability in cgi-bin/sysconf.cgi on the Axesstel MV 410R allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2009-2316 | 0.00 | — | 0.01 | Jul 5, 2009 | Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Identity Manager (ITIM) 5.0 allow remote attackers to inject arbitrary web script or HTML by entering an unspecified URL in (1) the self-service UI interface or (2) the console interface. NOTE: it was later… | |||
| CVE-2007-6728 | 0.00 | — | 0.00 | Jul 5, 2009 | Cross-site scripting (XSS) vulnerability in XMB 1.5 allows remote attackers to inject arbitrary web script or HTML via the MSN field during user registration. | |||
| CVE-2009-2292 | 0.00 | — | 0.01 | Jul 1, 2009 | Cross-site scripting (XSS) vulnerability in Appleple a-News 2.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2009-2284 | 0.00 | — | 0.01 | Jul 1, 2009 | Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted SQL bookmark. | |||
| CVE-2009-2283 | 0.00 | — | 0.00 | Jul 1, 2009 | Multiple cross-site scripting (XSS) vulnerabilities in the help jsp scripts in Sun Java Web Console 3.0.2 through 3.0.5, and Sun Java Web Console in Solaris 10, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2009-2268 | 0.00 | — | 0.00 | Jul 1, 2009 | Cross-site scripting (XSS) vulnerability in the Cross-Domain Controller (CDC) servlet in Sun Java System Access Manager 6 2005Q1, 7 2005Q4, and 7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2009-2240 | — | 0.00 | — | 0.00 | Jun 27, 2009 | Cross-site scripting (XSS) vulnerability in AD2000 free-sw leger (aka Web Conference Room Free) 1.6.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||
| CVE-2008-6835 | 0.00 | — | 0.00 | Jun 27, 2009 | Cross-site scripting (XSS) vulnerability in OpenID 5.x before 5.x-1.2, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2009-2226 | 0.00 | — | 0.00 | Jun 26, 2009 | Cross-site scripting (XSS) vulnerability in Let's PHP! Tree BBS 2004/11/23 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2009-2221 | 0.00 | — | 0.00 | Jun 26, 2009 | Cross-site scripting (XSS) vulnerability in PHP-I-BOARD 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2009-2217 | 0.00 | — | 0.00 | Jun 25, 2009 | Cross-site scripting (XSS) vulnerability in NBBC before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via an invalid URL in a BBCode img tag. | |||
| CVE-2009-2215 | 0.00 | — | 0.00 | Jun 25, 2009 | Multiple cross-site scripting (XSS) vulnerabilities in URD before 0.6.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to the fatal_error page and unspecified other components. | |||
| CVE-2009-2211 | 0.00 | — | 0.00 | Jun 25, 2009 | Cross-site scripting (XSS) vulnerability in the CQWeb server in IBM Rational ClearQuest 7.0.0 before 7.0.0.6 and 7.0.1 before 7.0.1.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2009-1202 | 0.00 | — | 0.00 | Jun 25, 2009 | WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass certain protection mechanisms involving URL rewriting and HTML rewriting, and conduct cross-site scripting (XSS) attacks, by modifying the first… | |||
| CVE-2009-2170 | 0.00 | — | 0.00 | Jun 23, 2009 | Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 before 1.0.12 and 1.1 before 1.1.5 allow remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||
| CVE-2009-2162 | 0.00 | — | 0.01 | Jun 22, 2009 | Cross-site scripting (XSS) vulnerability in the XOOPS MANIAC PukiWikiMod module 1.6.6.2 and earlier for XOOPS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2009-2155 | 0.00 | — | 0.01 | Jun 22, 2009 | Cross-site scripting (XSS) vulnerability in report/ReportViewAction.do in WebNMS Free Edition 5 allows remote attackers to inject arbitrary web script or HTML via the type parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third… |
- CVE-2008-6850Jul 7, 2009risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in messages.php in PHP-Fusion 6.01.17 and 7.00.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2009-2324Jul 5, 2009risk 0.00cvss —epss 0.00
Multiple cross-site scripting (XSS) vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to inject arbitrary web script or HTML via components in the samples (aka _samples) directory.
- CVE-2009-2322Jul 5, 2009risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in cgi-bin/sysconf.cgi on the Axesstel MV 410R allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2009-2316Jul 5, 2009risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Identity Manager (ITIM) 5.0 allow remote attackers to inject arbitrary web script or HTML by entering an unspecified URL in (1) the self-service UI interface or (2) the console interface. NOTE: it was later…
- CVE-2007-6728Jul 5, 2009risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in XMB 1.5 allows remote attackers to inject arbitrary web script or HTML via the MSN field during user registration.
- CVE-2009-2292Jul 1, 2009risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Appleple a-News 2.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2009-2284Jul 1, 2009risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted SQL bookmark.
- CVE-2009-2283Jul 1, 2009risk 0.00cvss —epss 0.00
Multiple cross-site scripting (XSS) vulnerabilities in the help jsp scripts in Sun Java Web Console 3.0.2 through 3.0.5, and Sun Java Web Console in Solaris 10, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2009-2268Jul 1, 2009risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in the Cross-Domain Controller (CDC) servlet in Sun Java System Access Manager 6 2005Q1, 7 2005Q4, and 7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2009-2240Jun 27, 2009risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in AD2000 free-sw leger (aka Web Conference Room Free) 1.6.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2008-6835Jun 27, 2009risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in OpenID 5.x before 5.x-1.2, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2009-2226Jun 26, 2009risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in Let's PHP! Tree BBS 2004/11/23 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2009-2221Jun 26, 2009risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in PHP-I-BOARD 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2009-2217Jun 25, 2009risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in NBBC before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via an invalid URL in a BBCode img tag.
- CVE-2009-2215Jun 25, 2009risk 0.00cvss —epss 0.00
Multiple cross-site scripting (XSS) vulnerabilities in URD before 0.6.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to the fatal_error page and unspecified other components.
- CVE-2009-2211Jun 25, 2009risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in the CQWeb server in IBM Rational ClearQuest 7.0.0 before 7.0.0.6 and 7.0.1 before 7.0.1.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2009-1202Jun 25, 2009risk 0.00cvss —epss 0.00
WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass certain protection mechanisms involving URL rewriting and HTML rewriting, and conduct cross-site scripting (XSS) attacks, by modifying the first…
- CVE-2009-2170Jun 23, 2009risk 0.00cvss —epss 0.00
Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 before 1.0.12 and 1.1 before 1.1.5 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.
- CVE-2009-2162Jun 22, 2009risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the XOOPS MANIAC PukiWikiMod module 1.6.6.2 and earlier for XOOPS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2009-2155Jun 22, 2009risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in report/ReportViewAction.do in WebNMS Free Edition 5 allows remote attackers to inject arbitrary web script or HTML via the type parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third…