VYPR

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

BaseStableLikelihood: High

Description

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Hierarchy (View 1000)

Parents

Related attack patterns (CAPEC)

CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85

CVEs mapped to this weakness (19,297)

page 710 of 965
  • CVE-2008-6087Feb 6, 2009
    Camera Life
    Camera Life
    risk 0.03cvss epss 0.04

    Cross-site scripting (XSS) vulnerability in topic.php in Camera Life 2.6.2b4 allows remote attackers to inject arbitrary web script or HTML via the name parameter.

  • CVE-2008-6061Feb 5, 2009
    Techsmith
    Camtasia Studio
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary Shockwave Flash (SWF) controller files created by Techsmith Camtasia Studio before 5 allows remote attackers to inject arbitrary additional SWF content via a URL in the csPreloader parameter.

  • CVE-2008-6060Feb 5, 2009
    Infosoftglobal
    Fusion Charts
    risk 0.03cvss epss 0.04

    Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary Shockwave Flash (SWF) files created by InfoSoft FusionCharts allows remote attackers to inject arbitrary additional SWF content via a URL in the SRC attribute of an IMG element in the dataURL parameter.

  • CVE-2009-0430Feb 5, 2009
    Activewebsoftwares
    Active Bids
    risk 0.03cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Active Bids allow remote attackers to inject arbitrary web script or HTML via the (1) search parameter to search.asp and the (2) URL parameter to tellafriend.asp.

  • CVE-2008-6044Feb 3, 2009
    Xt Commerce
    Xt Commerce
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in advanced_search_result.php in xt:Commerce 3.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter.

  • CVE-2008-6034Feb 3, 2009
    Achievo
    Achievo
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in dispatch.php in Achievo 1.3.2 allows remote attackers to inject arbitrary web script or HTML via the atkaction parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

  • CVE-2009-0393Feb 3, 2009
    Motorola
    Cpei300
    risk 0.03cvss epss 0.00

    Cross-site scripting (XSS) vulnerability in sysconf.cgi in Motorola Wimax modem CPEi300 allows remote authenticated users to inject arbitrary web script or HTML via the page parameter.

  • CVE-2009-0378Feb 2, 2009
    Joomla
    Com Beamospetition
    risk 0.03cvss epss 0.00

    Cross-site scripting (XSS) vulnerability in index.php in the beamospetition (com_beamospetition) 1.0.12 component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the pet parameter in a sign action.

  • CVE-2009-0338Jan 29, 2009
    Dmxready
    Blog Manager
    risk 0.03cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in inc_webblogmanager.asp in DMXReady Blog Manager allows remote attackers to inject arbitrary web script or HTML via the CategoryID parameter in a refer action.

  • CVE-2009-0335Jan 29, 2009
    Katywhitton
    Blogit\!
    risk 0.03cvss epss 0.04

    Cross-site scripting (XSS) vulnerability in index.asp in Katy Whitton BlogIt! allows remote attackers to inject arbitrary web script or HTML via the view parameter.

  • CVE-2008-6004Jan 28, 2009
    Aj Square
    Ajauction
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in search.php in AJ Auction Pro Platinum 2 allows remote attackers to inject arbitrary web script or HTML via the product parameter.

  • CVE-2009-0285Jan 27, 2009
    Bbsxp
    Bbsxp
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in error.asp in BBSXP 5.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter.

  • CVE-2009-0283Jan 27, 2009
    Aobosoft
    Oblog
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in err.asp in Oblog allows remote attackers to inject arbitrary web script or HTML via the message parameter.

  • CVE-2008-5979Jan 27, 2009
    Ocean12 Technologies
    Mailing List Manager
    risk 0.03cvss epss 0.04

    Cross-site scripting (XSS) vulnerability in default.asp in Ocean12 Mailing List Manager Gold allows remote attackers to inject arbitrary web script or HTML via the Email parameter.

  • CVE-2008-5976Jan 27, 2009
    Preprojects
    PHP Jobwebsite Pro
    risk 0.03cvss epss 0.03

    Multiple cross-site scripting (XSS) vulnerabilities in siteadmin/forgot.php in PHP JOBWEBSITE PRO allow remote attackers to inject arbitrary web script or HTML via (1) the adname parameter in a Submit action or (2) the UserName field.

  • CVE-2008-5971Jan 27, 2009
    I Netsolution
    Orkut Clone
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in profile_social.php in i-Net Solution Orkut Clone allows remote authenticated users to inject arbitrary web script or HTML via the id parameter.

  • CVE-2009-0260Jan 23, 2009
    Moinmo
    Moinmoin
    risk 0.03cvss epss 0.03

    Multiple cross-site scripting (XSS) vulnerabilities in action/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers to inject arbitrary web script or HTML via an AttachFile action to the WikiSandBox component with (1) the rename parameter or (2) the drawing parameter (aka the basename variable).

  • CVE-2009-0248Jan 22, 2009
    Katywhitton
    Rankem
    risk 0.03cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in rankup.asp in Katy Whitton RankEm allows remote attackers to inject arbitrary web script or HTML via the siteID parameter.

  • CVE-2008-5944Jan 22, 2009
    Navboard
    Navboard
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in modules.php in NavBoard 16 (2.6.0) allows remote attackers to inject arbitrary web script or HTML via the module parameter.

  • CVE-2008-5939Jan 22, 2009
    Modxcms
    Modxcms
    risk 0.03cvss epss 0.06

    Cross-site scripting (XSS) vulnerability in index.php in MODx CMS 0.9.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in the username field, possibly related to snippet.ditto.php. NOTE: some sources list the id parameter as being affected, but this is probably incorrect based on the original disclosure.