CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Description
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85
CVEs mapped to this weakness (24,712)
page 1222 of 1,236| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-5588 | 0.00 | — | 0.01 | Oct 19, 2007 | Cross-site scripting (XSS) vulnerability in mnoGoSearch before 3.2.43 allows remote attackers to inject arbitrary web script or HTML via the t parameter in search.cgi, as reachable from search.htm-dist. | |||
| CVE-2007-5577 | 0.00 | — | 0.02 | Oct 18, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.13 (aka Sunglow) allow remote attackers to inject arbitrary web script or HTML via the (1) Title or (2) Section Name form fields in the Section Manager component, or (3) multiple unspecified fields in New… | |||
| CVE-2007-5547 | 0.00 | — | 0.01 | Oct 18, 2007 | Cross-site scripting (XSS) vulnerability in Cisco IOS allows remote attackers to inject arbitrary web script or HTML, and execute IOS commands, via unspecified vectors, aka PSIRT-2022590358. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable… | |||
| CVE-2007-5564 | 0.00 | — | 0.01 | Oct 18, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in NSSboard (formerly Simple PHP Forum) 6.1 allow remote attackers to inject arbitrary web script or HTML via (1) HTML tags when BBcode is disabled; or the (2) user, (3) email, or (4) Real Name fields in a profile. | |||
| CVE-2007-5477 | 0.00 | — | 0.01 | Oct 16, 2007 | Cross-site scripting (XSS) vulnerability in auth.w in djeyl.net WebMod 0.48 Half-Life Dedicated Server plugin allows remote attackers to inject arbitrary web script or HTML via the redir parameter. | |||
| CVE-2007-5479 | 0.00 | — | 0.01 | Oct 16, 2007 | Cross-site scripting (XSS) vulnerability in Search.asp in Xcomputer allows remote attackers to inject arbitrary web script or HTML via the EXPS parameter. | |||
| CVE-2007-5459 | 0.00 | — | 0.01 | Oct 14, 2007 | Cross-site scripting (XSS) vulnerability in the sidebar HTML page in the MouseoverDictionary before 0.6.2 extension for Mozilla Firefox allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2007-5443 | 0.00 | — | 0.01 | Oct 14, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple 1.1.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) the anchor tag and (2) listtags. | |||
| CVE-2007-5433 | 0.00 | — | 0.01 | Oct 12, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in Site-Up 2.64 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) search or (2) search mask field. | |||
| CVE-2007-5434 | 0.00 | — | 0.01 | Oct 12, 2007 | Cross-site scripting (XSS) vulnerability in PRO-search 0.17.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter to the default URI. | |||
| CVE-2007-5415 | 0.00 | — | 0.01 | Oct 12, 2007 | Cross-site scripting (XSS) vulnerability in Mozilla Firefox 2.0, when UTF-7 document content is rendered directly in UTF-7, allows remote attackers to inject arbitrary web script or HTML via a gopher URI that uses '/' (slash) characters to delimit a literal string within an XSS… | |||
| CVE-2007-5414 | 0.00 | — | 0.01 | Oct 12, 2007 | Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0, when UTF-7 document content is rendered directly in UTF-7, allows remote attackers to inject arbitrary web script or HTML via a gopher URI that uses single quote characters to delimit a literal string within… | |||
| CVE-2007-5385 | 0.00 | — | 0.01 | Oct 12, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in the Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2007-5296 | 0.00 | — | 0.01 | Oct 9, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in dblisttest.asp in dbList 8.1 allow remote attackers to inject arbitrary web script or HTML via the (1) db, (2) pagesize, (3) sort, (4) strKeyWords, and (5) table parameters. NOTE: some of these details are obtained from… | |||
| CVE-2007-5303 | 0.00 | — | 0.01 | Oct 9, 2007 | Cross-site scripting (XSS) vulnerability in news_page.php in SnewsCMS Rus 2.1 allows remote attackers to inject arbitrary web script or HTML via the page_id parameter. | |||
| CVE-2007-5295 | 0.00 | — | 0.01 | Oct 9, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in index.php in (a) Wikepage Opus 13 2007.2 and (b) TipiWiki 2 allow remote attackers to inject arbitrary web script or HTML via the (1) PageContent and (2) PageName parameters. | |||
| CVE-2007-5292 | 0.00 | — | 0.01 | Oct 9, 2007 | Cross-site scripting (XSS) vulnerability in photos.cfm in Directory Image Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the backwardDirectory parameter. | |||
| CVE-2007-5297 | 0.00 | — | 0.01 | Oct 9, 2007 | Cross-site scripting (XSS) vulnerability in index.php in Minki 1.30 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||
| CVE-2007-5302 | 0.00 | — | 0.03 | Oct 9, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in HP System Management Homepage (SMH) in HP-UX B.11.11, B.11.23, and B.11.31, and SMH before 2.1.10 for Linux and Windows, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2007-5291 | 0.00 | — | 0.01 | Oct 9, 2007 | Cross-site scripting (XSS) vulnerability in Edit.asp in DB Manager 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. |
- CVE-2007-5588Oct 19, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in mnoGoSearch before 3.2.43 allows remote attackers to inject arbitrary web script or HTML via the t parameter in search.cgi, as reachable from search.htm-dist.
- CVE-2007-5577Oct 18, 2007risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.13 (aka Sunglow) allow remote attackers to inject arbitrary web script or HTML via the (1) Title or (2) Section Name form fields in the Section Manager component, or (3) multiple unspecified fields in New…
- CVE-2007-5547Oct 18, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Cisco IOS allows remote attackers to inject arbitrary web script or HTML, and execute IOS commands, via unspecified vectors, aka PSIRT-2022590358. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable…
- CVE-2007-5564Oct 18, 2007risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in NSSboard (formerly Simple PHP Forum) 6.1 allow remote attackers to inject arbitrary web script or HTML via (1) HTML tags when BBcode is disabled; or the (2) user, (3) email, or (4) Real Name fields in a profile.
- CVE-2007-5477Oct 16, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in auth.w in djeyl.net WebMod 0.48 Half-Life Dedicated Server plugin allows remote attackers to inject arbitrary web script or HTML via the redir parameter.
- CVE-2007-5479Oct 16, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Search.asp in Xcomputer allows remote attackers to inject arbitrary web script or HTML via the EXPS parameter.
- CVE-2007-5459Oct 14, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the sidebar HTML page in the MouseoverDictionary before 0.6.2 extension for Mozilla Firefox allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2007-5443Oct 14, 2007risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple 1.1.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) the anchor tag and (2) listtags.
- CVE-2007-5433Oct 12, 2007risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in Site-Up 2.64 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) search or (2) search mask field.
- CVE-2007-5434Oct 12, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in PRO-search 0.17.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter to the default URI.
- CVE-2007-5415Oct 12, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Mozilla Firefox 2.0, when UTF-7 document content is rendered directly in UTF-7, allows remote attackers to inject arbitrary web script or HTML via a gopher URI that uses '/' (slash) characters to delimit a literal string within an XSS…
- CVE-2007-5414Oct 12, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0, when UTF-7 document content is rendered directly in UTF-7, allows remote attackers to inject arbitrary web script or HTML via a gopher URI that uses single quote characters to delimit a literal string within…
- CVE-2007-5385Oct 12, 2007risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in the Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2007-5296Oct 9, 2007risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in dblisttest.asp in dbList 8.1 allow remote attackers to inject arbitrary web script or HTML via the (1) db, (2) pagesize, (3) sort, (4) strKeyWords, and (5) table parameters. NOTE: some of these details are obtained from…
- CVE-2007-5303Oct 9, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in news_page.php in SnewsCMS Rus 2.1 allows remote attackers to inject arbitrary web script or HTML via the page_id parameter.
- CVE-2007-5295Oct 9, 2007risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in index.php in (a) Wikepage Opus 13 2007.2 and (b) TipiWiki 2 allow remote attackers to inject arbitrary web script or HTML via the (1) PageContent and (2) PageName parameters.
- CVE-2007-5292Oct 9, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in photos.cfm in Directory Image Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the backwardDirectory parameter.
- CVE-2007-5297Oct 9, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in index.php in Minki 1.30 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
- CVE-2007-5302Oct 9, 2007risk 0.00cvss —epss 0.03
Multiple cross-site scripting (XSS) vulnerabilities in HP System Management Homepage (SMH) in HP-UX B.11.11, B.11.23, and B.11.31, and SMH before 2.1.10 for Linux and Windows, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2007-5291Oct 9, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Edit.asp in DB Manager 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.