CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Description
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85
CVEs mapped to this weakness (22,695)
page 1117 of 1,135| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-6421 | 0.00 | — | 0.03 | Jan 8, 2008 | Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL. | |||
| CVE-2007-6674 | 0.00 | — | 0.00 | Jan 8, 2008 | Cross-site scripting (XSS) vulnerability in Default.asp in RapidShare Database allows remote attackers to inject arbitrary web script or HTML via the Arayalim parameter. | |||
| CVE-2008-0134 | 0.00 | — | 0.00 | Jan 8, 2008 | Cross-site scripting (XSS) vulnerability in Forums/setup.asp in Snitz Forums 2000 3.4.06 and earlier allows remote attackers to inject arbitrary web script or HTML via the MAIL parameter. | |||
| CVE-2008-0131 | 0.00 | — | 0.00 | Jan 8, 2008 | Cross-site scripting (XSS) vulnerability in login_form.asp in Instant Softwares Dating Site allows remote attackers to inject arbitrary web script or HTML via the msg parameter, a different product than CVE-2006-6022. NOTE: the provenance of this information is unknown; the… | |||
| CVE-2008-0093 | 0.00 | — | 0.00 | Jan 8, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in newticket.php in eTicket 1.5.5.2, and 1.5.6 RC2 and RC3, allow remote attackers to inject arbitrary web script or HTML via the (1) Name and (2) Subject parameters. | |||
| CVE-2007-6659 | 0.00 | — | 0.00 | Jan 4, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in 2z project 0.9.6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) contentshort or (2) contentfull parameter in an addnews action to the default URI; (3) the content parameter in a pm write action… | |||
| CVE-2007-6643 | 0.00 | — | 0.00 | Jan 4, 2008 | Cross-site scripting (XSS) vulnerability in the com_poll component in Joomla! before 1.5 RC4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2007-6616 | 0.00 | — | 0.00 | Jan 3, 2008 | Cross-site scripting (XSS) vulnerability in simpleforum.cgi in SimpleForum 4.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchkey parameter in a search action. NOTE: some of these details are obtained from third party information. | |||
| CVE-2007-6617 | 0.00 | — | 0.00 | Jan 3, 2008 | Cross-site scripting (XSS) vulnerability in 500page.jsp in JIRA Enterprise Edition before 3.12.1 allows remote attackers to inject arbitrary web script or HTML, which is not properly handled when generating error messages, as demonstrated by input originally sent in the URI to… | |||
| CVE-2007-6611 | 0.00 | — | 0.01 | Jan 3, 2008 | Cross-site scripting (XSS) vulnerability in view.php in Mantis before 1.1.0 allows remote attackers to inject arbitrary web script or HTML via a filename, related to bug_report.php. | |||
| CVE-2007-6588 | 0.00 | — | 0.00 | Dec 28, 2007 | Cross-site scripting (XSS) vulnerability in PHCDownload 1.10 allows remote attackers to inject arbitrary web script or HTML via the username field in an unspecified component. NOTE: the provenance of this information is unknown; the details are obtained solely from third party… | |||
| CVE-2007-6570 | 0.00 | — | 0.01 | Dec 28, 2007 | Cross-site scripting (XSS) vulnerability in the View URL Database functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 and 3.x before 3.6 SP11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566309. | |||
| CVE-2007-6589 | 0.00 | — | 0.01 | Dec 28, 2007 | The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 does not update the origin domain when retrieving the inner URL parameter yields an HTTP redirect, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI, a… | |||
| CVE-2007-6569 | 0.00 | — | 0.01 | Dec 28, 2007 | Cross-site scripting (XSS) vulnerability in the View Error Log functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566246. | |||
| CVE-2007-6572 | 0.00 | — | 0.00 | Dec 28, 2007 | Cross-site scripting (XSS) vulnerability in Sun Java System Web Server 6.1 before SP8 and 7.0 before Update 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566204. | |||
| CVE-2007-6571 | 0.00 | — | 0.00 | Dec 28, 2007 | Cross-site scripting (XSS) vulnerability in Sun Java System Web Proxy Server 3.6 before SP11 on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6611356. | |||
| CVE-2007-6541 | 0.00 | — | 0.00 | Dec 27, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in neuron news 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the topic parameter in a viewtopic action, or the (2) newsyear or (3) newsmonth parameter in a newsarchive action to the default URI in… | |||
| CVE-2007-6526 | 0.00 | — | 0.01 | Dec 27, 2007 | Cross-site scripting (XSS) vulnerability in tiki-special_chars.php in TikiWiki before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via the area_name parameter. | |||
| CVE-2007-6520 | 0.00 | — | 0.01 | Dec 24, 2007 | Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks via unknown vectors related to plug-ins. | |||
| CVE-2007-6522 | 0.00 | — | 0.01 | Dec 24, 2007 | The rich text editing functionality in Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks by using designMode to modify contents of pages in other domains. |
- CVE-2007-6421Jan 8, 2008risk 0.00cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in balancer-manager in mod_proxy_balancer in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) ss, (2) wr, or (3) rr parameters, or (4) the URL.
- CVE-2007-6674Jan 8, 2008risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in Default.asp in RapidShare Database allows remote attackers to inject arbitrary web script or HTML via the Arayalim parameter.
- CVE-2008-0134Jan 8, 2008risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in Forums/setup.asp in Snitz Forums 2000 3.4.06 and earlier allows remote attackers to inject arbitrary web script or HTML via the MAIL parameter.
- CVE-2008-0131Jan 8, 2008risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in login_form.asp in Instant Softwares Dating Site allows remote attackers to inject arbitrary web script or HTML via the msg parameter, a different product than CVE-2006-6022. NOTE: the provenance of this information is unknown; the…
- CVE-2008-0093Jan 8, 2008risk 0.00cvss —epss 0.00
Multiple cross-site scripting (XSS) vulnerabilities in newticket.php in eTicket 1.5.5.2, and 1.5.6 RC2 and RC3, allow remote attackers to inject arbitrary web script or HTML via the (1) Name and (2) Subject parameters.
- CVE-2007-6659Jan 4, 2008risk 0.00cvss —epss 0.00
Multiple cross-site scripting (XSS) vulnerabilities in 2z project 0.9.6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) contentshort or (2) contentfull parameter in an addnews action to the default URI; (3) the content parameter in a pm write action…
- CVE-2007-6643Jan 4, 2008risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in the com_poll component in Joomla! before 1.5 RC4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2007-6616Jan 3, 2008risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in simpleforum.cgi in SimpleForum 4.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchkey parameter in a search action. NOTE: some of these details are obtained from third party information.
- CVE-2007-6617Jan 3, 2008risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in 500page.jsp in JIRA Enterprise Edition before 3.12.1 allows remote attackers to inject arbitrary web script or HTML, which is not properly handled when generating error messages, as demonstrated by input originally sent in the URI to…
- CVE-2007-6611Jan 3, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in view.php in Mantis before 1.1.0 allows remote attackers to inject arbitrary web script or HTML via a filename, related to bug_report.php.
- CVE-2007-6588Dec 28, 2007risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in PHCDownload 1.10 allows remote attackers to inject arbitrary web script or HTML via the username field in an unspecified component. NOTE: the provenance of this information is unknown; the details are obtained solely from third party…
- CVE-2007-6570Dec 28, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the View URL Database functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 and 3.x before 3.6 SP11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566309.
- CVE-2007-6589Dec 28, 2007risk 0.00cvss —epss 0.01
The jar protocol handler in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 does not update the origin domain when retrieving the inner URL parameter yields an HTTP redirect, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a jar: URI, a…
- CVE-2007-6569Dec 28, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the View Error Log functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566246.
- CVE-2007-6572Dec 28, 2007risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in Sun Java System Web Server 6.1 before SP8 and 7.0 before Update 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566204.
- CVE-2007-6571Dec 28, 2007risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in Sun Java System Web Proxy Server 3.6 before SP11 on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6611356.
- CVE-2007-6541Dec 27, 2007risk 0.00cvss —epss 0.00
Multiple cross-site scripting (XSS) vulnerabilities in neuron news 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the topic parameter in a viewtopic action, or the (2) newsyear or (3) newsmonth parameter in a newsarchive action to the default URI in…
- CVE-2007-6526Dec 27, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in tiki-special_chars.php in TikiWiki before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via the area_name parameter.
- CVE-2007-6520Dec 24, 2007risk 0.00cvss —epss 0.01
Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks via unknown vectors related to plug-ins.
- CVE-2007-6522Dec 24, 2007risk 0.00cvss —epss 0.01
The rich text editing functionality in Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks by using designMode to modify contents of pages in other domains.