CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Description
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85
CVEs mapped to this weakness (19,231)
page 757 of 962| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-0521 | 0.00 | — | 0.00 | Mar 12, 2015 | Cross-site scripting (XSS) vulnerability in EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA Registration Manager (RRM) before 6.9 build 558 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the CMP shared secret parameter. | ||
| CVE-2015-1026 | 0.00 | — | 0.00 | Mar 11, 2015 | Multiple cross-site scripting (XSS) vulnerabilities in ZOHO ManageEngine ADManager Plus before 6.2 Build 6270 allow remote attackers to inject arbitrary web script or HTML via the (1) technicianSearchText parameter to the Help Desk Technician page or (2) rolesSearchText parameter to the Help Desk Roles. | ||
| CVE-2014-9017 | 0.00 | — | 0.00 | Mar 11, 2015 | Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 (build 23338) allows remote authenticated users to inject arbitrary web script or HTML via the Subject field in a Task to frontend/index.jsp. | ||
| CVE-2015-2217 | 0.00 | — | 0.00 | Mar 10, 2015 | Multiple cross-site scripting (XSS) vulnerabilities in Ultimate PHP Board (aka myUPB) before 2.2.8 allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to search.php or (2) avatar parameter to profile.php. | ||
| CVE-2015-2244 | 0.00 | — | 0.00 | Mar 9, 2015 | Multiple cross-site scripting (XSS) vulnerabilities in Webshop hun 1.062S allow remote attackers to inject arbitrary web script or HTML via the (1) param, (2) center, (3) lap, (4) termid, or (5) nyelv_id parameter to index.php. | ||
| CVE-2015-2220 | 0.00 | — | 0.00 | Mar 5, 2015 | Multiple cross-site scripting (XSS) vulnerabilities in the Ninja Forms plugin before 2.8.9 for WordPress allow (1) remote attackers to inject arbitrary web script or HTML via the ninja_forms_field_1 parameter in a ninja_forms_ajax_submit action to wp-admin/admin-ajax.php or (2) remote administrators to inject arbitrary web script or HTML via the fields[1] parameter to wp-admin/post.php. | ||
| CVE-2015-0893 | 0.00 | — | 0.00 | Mar 5, 2015 | Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka Relay Novel allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||
| CVE-2015-0892 | 0.00 | — | 0.00 | Mar 5, 2015 | Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka Image Album allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||
| CVE-2015-0891 | 0.00 | — | 0.00 | Mar 5, 2015 | Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka Simple Board allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||
| CVE-2014-8617 | 0.00 | — | 0.00 | Mar 4, 2015 | Cross-site scripting (XSS) vulnerability in the Web Action Quarantine Release feature in the WebGUI in Fortinet FortiMail before 4.3.9, 5.0.x before 5.0.8, 5.1.x before 5.1.5, and 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via the release parameter to module/releasecontrol. | ||
| CVE-2015-0656 | 0.00 | — | 0.00 | Mar 4, 2015 | Cross-site scripting (XSS) vulnerability in the login page in Cisco Network Analysis Module (NAM) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCum81269. | ||
| CVE-2015-2197 | 0.00 | — | 0.00 | Mar 3, 2015 | Cross-site scripting (XSS) vulnerability in the Entity API module before 7.x-1.6 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a field label in the Token API. | ||
| CVE-2015-2195 | 0.00 | — | 0.00 | Mar 3, 2015 | Multiple cross-site scripting (XSS) vulnerabilities in the WP Media Cleaner plugin 2.2.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) view, (2) paged, or (3) s parameter in the wp-media-cleaner page to wp-admin/upload.php. | ||
| CVE-2014-7896 | 0.00 | — | 0.01 | Mar 3, 2015 | Multiple cross-site scripting (XSS) vulnerabilities in HP XP P9000 Command View Advanced Edition Software Online Help, as used in HP Device Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Tiered Storage Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Replication Manager 6.x and 7.x before 7.6.1-06, and HP XP7 Global Link Manager Software (aka HGLM) 6.x through 8.x before 8.1.2-00, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||
| CVE-2015-0655 | 0.00 | — | 0.00 | Feb 28, 2015 | Cross-site scripting (XSS) vulnerability in Unified Web Interaction Manager in Cisco Unified Web and E-Mail Interaction Manager allows remote attackers to inject arbitrary web script or HTML via vectors related to a POST request, aka Bug ID CSCus74184. | ||
| CVE-2015-2103 | 0.00 | — | 0.00 | Feb 27, 2015 | Cross-site scripting (XSS) vulnerability in the admin-login panel (admin/index.cgi) in Cosmoshop allows remote attackers to inject arbitrary web script or HTML via the username field (u_name parameter). | ||
| CVE-2015-2101 | 0.00 | — | 0.00 | Feb 27, 2015 | Cross-site scripting (XSS) vulnerability in the Navigate bar in the Navigate module before 6.x-1.1 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||
| CVE-2015-2072 | 0.00 | — | 0.00 | Feb 27, 2015 | Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA 73 (1.00.73.00.389160) and HANA Developer Edition 80 (1.00.80.00.391861) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) ide/core/plugins/editor/templates/trace/hanaTraceDetailService.xsjs or (2) xs/ide/editor/templates/trace/hanaTraceDetailService.xsjs, aka SAP Note 2069676. | ||
| CVE-2015-0882 | 0.00 | — | 0.00 | Feb 27, 2015 | Multiple cross-site scripting (XSS) vulnerabilities in zencart-ja (aka Zen Cart Japanese edition) 1.3 jp through 1.3.0.2 jp8 and 1.5 ja through 1.5.1 ja allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, related to admin/includes/init_includes/init_sanitize.php and includes/init_includes/init_sanitize.php. | ||
| CVE-2015-0594 | 0.00 | — | 0.00 | Feb 27, 2015 | Multiple cross-site scripting (XSS) vulnerabilities in the help pages in Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS) and Cisco Security Manager, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCuq54654 and CSCun18263. |
- CVE-2015-0521Mar 12, 2015risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA Registration Manager (RRM) before 6.9 build 558 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the CMP shared secret parameter.
- CVE-2015-1026Mar 11, 2015risk 0.00cvss —epss 0.00
Multiple cross-site scripting (XSS) vulnerabilities in ZOHO ManageEngine ADManager Plus before 6.2 Build 6270 allow remote attackers to inject arbitrary web script or HTML via the (1) technicianSearchText parameter to the Help Desk Technician page or (2) rolesSearchText parameter to the Help Desk Roles.
- CVE-2014-9017Mar 11, 2015risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 (build 23338) allows remote authenticated users to inject arbitrary web script or HTML via the Subject field in a Task to frontend/index.jsp.
- CVE-2015-2217Mar 10, 2015risk 0.00cvss —epss 0.00
Multiple cross-site scripting (XSS) vulnerabilities in Ultimate PHP Board (aka myUPB) before 2.2.8 allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to search.php or (2) avatar parameter to profile.php.
- CVE-2015-2244Mar 9, 2015risk 0.00cvss —epss 0.00
Multiple cross-site scripting (XSS) vulnerabilities in Webshop hun 1.062S allow remote attackers to inject arbitrary web script or HTML via the (1) param, (2) center, (3) lap, (4) termid, or (5) nyelv_id parameter to index.php.
- CVE-2015-2220Mar 5, 2015risk 0.00cvss —epss 0.00
Multiple cross-site scripting (XSS) vulnerabilities in the Ninja Forms plugin before 2.8.9 for WordPress allow (1) remote attackers to inject arbitrary web script or HTML via the ninja_forms_field_1 parameter in a ninja_forms_ajax_submit action to wp-admin/admin-ajax.php or (2) remote administrators to inject arbitrary web script or HTML via the fields[1] parameter to wp-admin/post.php.
- CVE-2015-0893Mar 5, 2015risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka Relay Novel allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2015-0892Mar 5, 2015risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka Image Album allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2015-0891Mar 5, 2015risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka Simple Board allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2014-8617Mar 4, 2015risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in the Web Action Quarantine Release feature in the WebGUI in Fortinet FortiMail before 4.3.9, 5.0.x before 5.0.8, 5.1.x before 5.1.5, and 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via the release parameter to module/releasecontrol.
- CVE-2015-0656Mar 4, 2015risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in the login page in Cisco Network Analysis Module (NAM) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCum81269.
- CVE-2015-2197Mar 3, 2015risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in the Entity API module before 7.x-1.6 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a field label in the Token API.
- CVE-2015-2195Mar 3, 2015risk 0.00cvss —epss 0.00
Multiple cross-site scripting (XSS) vulnerabilities in the WP Media Cleaner plugin 2.2.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) view, (2) paged, or (3) s parameter in the wp-media-cleaner page to wp-admin/upload.php.
- CVE-2014-7896Mar 3, 2015risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in HP XP P9000 Command View Advanced Edition Software Online Help, as used in HP Device Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Tiered Storage Manager 6.x through 8.x before 8.1.2-00, HP XP P9000 Replication Manager 6.x and 7.x before 7.6.1-06, and HP XP7 Global Link Manager Software (aka HGLM) 6.x through 8.x before 8.1.2-00, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2015-0655Feb 28, 2015risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in Unified Web Interaction Manager in Cisco Unified Web and E-Mail Interaction Manager allows remote attackers to inject arbitrary web script or HTML via vectors related to a POST request, aka Bug ID CSCus74184.
- CVE-2015-2103Feb 27, 2015risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in the admin-login panel (admin/index.cgi) in Cosmoshop allows remote attackers to inject arbitrary web script or HTML via the username field (u_name parameter).
- CVE-2015-2101Feb 27, 2015risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in the Navigate bar in the Navigate module before 6.x-1.1 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2015-2072Feb 27, 2015risk 0.00cvss —epss 0.00
Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA 73 (1.00.73.00.389160) and HANA Developer Edition 80 (1.00.80.00.391861) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) ide/core/plugins/editor/templates/trace/hanaTraceDetailService.xsjs or (2) xs/ide/editor/templates/trace/hanaTraceDetailService.xsjs, aka SAP Note 2069676.
- CVE-2015-0882Feb 27, 2015risk 0.00cvss —epss 0.00
Multiple cross-site scripting (XSS) vulnerabilities in zencart-ja (aka Zen Cart Japanese edition) 1.3 jp through 1.3.0.2 jp8 and 1.5 ja through 1.5.1 ja allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, related to admin/includes/init_includes/init_sanitize.php and includes/init_includes/init_sanitize.php.
- CVE-2015-0594Feb 27, 2015risk 0.00cvss —epss 0.00
Multiple cross-site scripting (XSS) vulnerabilities in the help pages in Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS) and Cisco Security Manager, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCuq54654 and CSCun18263.