VYPR

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BaseStableLikelihood: High

Description

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Hierarchy (View 1000)

Parents

Related attack patterns (CAPEC)

CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85

CVEs mapped to this weakness (22,695)

page 1105 of 1,135
  • CVE-2008-2764Jun 18, 2008
    Xigla
    Absolute Live Support Xe
    risk 0.00cvss epss 0.00

    Cross-site scripting (XSS) vulnerability in admin/search.asp in Xigla Absolute Live Support XE 5.1 allows remote authenticated administrators to inject arbitrary web script or HTML via unspecified vectors ("all fields").

  • CVE-2008-2761Jun 18, 2008
    Xigla
    Absolute Banner Manager
    risk 0.00cvss epss 0.00

    Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute Banner Manager XE 2.0 allow remote authenticated administrators to inject arbitrary web script or HTML via the text parameter in (1) searchbanners.asp and (2) listadvertisers.asp, and other unspecified fields.…

  • CVE-2008-2759Jun 18, 2008
    Xigla
    Absolute Form Processor Xe
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute Form Processor XE 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) showfields, (2) text, and (3) submissions parameters to search.asp and the (4) name parameter to users.asp. NOTE:…

  • CVE-2008-2758Jun 18, 2008
    Xigla
    Absolute News Manager Xe
    risk 0.00cvss epss 0.00

    Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute News Manager XE 3.2 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) pblname and (2) text parameters to (a) admin/search.asp, (3) name parameter to (b)…

  • CVE-2008-2640Jun 18, 2008
    Adobe Inc.
    Flex
    risk 0.00cvss epss 0.03

    Multiple cross-site scripting (XSS) vulnerabilities in the Flex 3 History Management feature in Adobe Flex 3.0.1 SDK and Flex Builder 3, and generated applications, allow remote attackers to inject arbitrary web script or HTML via the anchor identifier to (1)…

  • CVE-2008-0925Jun 18, 2008
    Novell
    Edirectory
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in the iMonitor interface in Novell eDirectory 8.7.3.x before 8.7.3 sp10, and 8.8.x before 8.8.2 ftf2, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters that are used within "error messages of the…

  • CVE-2008-2743Jun 17, 2008
    Xerox
    Xerox 4110
    risk 0.00cvss epss 0.00

    Cross-site scripting (XSS) vulnerability in the embedded web server in Xerox 4110, 4590, and 4595 Copier/Printers allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.

  • CVE-2008-2720Jun 16, 2008
    Menalto
    Gallery
    risk 0.00cvss epss 0.00

    Cross-site scripting (XSS) vulnerability in Menalto Gallery before 2.2.5 allows remote attackers to inject arbitrary web script or HTML via the (1) host and (2) path components of a URL.

  • CVE-2008-2718Jun 16, 2008
    TYPO3
    Typo3
    risk 0.00cvss epss 0.00

    Cross-site scripting (XSS) vulnerability in fe_adminlib.inc in TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, as used in extensions such as (1) direct_mail_subscription, (2) feuser_admin, and (3) kb_md5fepw, allows remote attackers to inject arbitrary web…

  • CVE-2008-2698Jun 13, 2008
    Web Album
    Webalbum
    risk 0.00cvss epss 0.00

    Multiple cross-site scripting (XSS) vulnerabilities in photo_add-c.php (aka the "add comment" section) in WEBalbum 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) id, or (3) category parameter.

  • CVE-2008-2675Jun 12, 2008
    Softcomplex
    PHP Image Gallery
    risk 0.00cvss epss 0.00

    Cross-site scripting (XSS) vulnerability in index.php in PHP Image Gallery allows remote attackers to inject arbitrary web script or HTML via the action parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

  • CVE-2008-2563Jun 6, 2008
    Samtodo
    Samtodo
    risk 0.00cvss epss 0.00

    Multiple cross-site scripting (XSS) vulnerabilities in (1) dsp_main.php and (2) dsp_task_editor.php in SamTodo 1.1 allow remote attackers to inject arbitrary web script or HTML via the (a) tid parameter in a main.taskeditor edit action, and the (b) completed parameter in a…

  • CVE-2008-2567Jun 6, 2008
    Fenrir Inc
    Portable Sleipnir
    risk 0.00cvss epss 0.00

    Cross-site scripting (XSS) vulnerability in Fenriru Sleipnir 2.7.1 Release2 and earlier, Portable Sleipnir 2.7.1 Release2 and earlier, and Grani 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a history mechanism…

  • CVE-2008-2571Jun 6, 2008
    Limesurvey
    Limesurvey
    risk 0.00cvss epss 0.00

    Cross-site request forgery (CSRF) vulnerability in LimeSurvey (formerly PHPSurveyor) before 1.71 allows remote attackers to change arbitrary quotas as administrators via a "modify quota" action.

  • CVE-2008-2557Jun 5, 2008
    Cre Loaded
    Cre Loaded
    risk 0.00cvss epss 0.00

    Cross-site scripting (XSS) vulnerability in CRE Loaded 6.2.13.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) Links and (2) Links Submit pages.

  • CVE-2008-2553Jun 5, 2008
    Slashcode.com
    Slash
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Slashdot Like Automated Storytelling Homepage (Slash) (aka Slashcode) R_2_5_0_94 and earlier allows remote attackers to inject arbitrary web script or HTML via the userfield parameter.

  • CVE-2008-1947Jun 4, 2008
    Apache
    Tomcat
    risk 0.00cvss epss 0.59

    Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 through 5.5.26 and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via the name parameter (aka the hostname attribute) to host-manager/html/add.

  • CVE-2008-2525Jun 3, 2008
    TYPO3
    Rlmp Eventdb
    risk 0.00cvss epss 0.00

    Cross-site scripting (XSS) vulnerability in the Event Database (aka rlmp_eventdb) extension before 1.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2008-2526Jun 3, 2008
    TYPO3
    Wt Gallery
    risk 0.00cvss epss 0.00

    Cross-site scripting (XSS) vulnerability in the WT Gallery (aka wt_gallery) extension 2.6.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2008-2527Jun 3, 2008
    Actualscripts
    Actualanalyzer
    risk 0.00cvss epss 0.00

    Cross-site scripting (XSS) vulnerability in view.php in ActualScripts ActualAnalyzer Server 8.37 and earlier, ActualAnalyzer Gold 7.74 and earlier, ActualAnalyzer Pro 6.95 and earlier, and ActualAnalyzer Lite 2.78 and earlier allows remote attackers to inject arbitrary web…