CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
BaseStableLikelihood: High
Description
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-209 · CAPEC-588 · CAPEC-591 · CAPEC-592 · CAPEC-63 · CAPEC-85
CVEs mapped to this weakness (19,212)
page 960 of 961| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2003-1384 | 0.00 | — | 0.01 | Dec 31, 2003 | Cross-site scripting (XSS) vulnerability in index.php in PY-Livredor 1.0 allows remote attackers to insert arbitrary web script or HTML via the (1) titre, (2) Votre pseudo, (3) Votre e-mail, or (4) Votre message fields. | ||
| CVE-2003-1549 | 0.00 | — | 0.01 | Dec 31, 2003 | Cross-site scripting (XSS) vulnerability in header.php in MyABraCaDaWeb 1.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the ma_kw parameter. | ||
| CVE-2003-1539 | 0.00 | — | 0.00 | Dec 31, 2003 | Cross-site scripting (XSS) vulnerability in ONEdotOH Simple File Manager (SFM) before 0.21 allows remote attackers to inject arbitrary web script or HTML via (1) file names and (2) directory names. | ||
| CVE-2003-1353 | 0.00 | — | 0.00 | Dec 31, 2003 | Multiple cross-site scripting (XSS) vulnerabilities in Outreach Project Tool (OPT) 0.946b allow remote attackers to inject arbitrary web script or HTML, as demonstrated using the news field. | ||
| CVE-2003-1420 | 0.00 | — | 0.00 | Dec 31, 2003 | Cross-site scripting (XSS) vulnerability in Opera 6.0 through 7.0 with automatic redirection disabled allows remote attackers to inject arbitrary web script or HTML via the HTTP Location header. | ||
| CVE-2003-1334 | 0.00 | — | 0.00 | Dec 31, 2003 | Cross-site scripting (XSS) vulnerability in Kai Blankenhorn Bitfolge simple and nice index file (aka snif) before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||
| CVE-2003-1543 | 0.00 | — | 0.00 | Dec 31, 2003 | Cross-site scripting (XSS) vulnerability in Bajie Http Web Server 0.95zxe, 0.95zxc, and possibly others, allows remote attackers to inject arbitrary web script or HTML via the query string, which is reflected in an error message. | ||
| CVE-2003-1546 | 0.00 | — | 0.00 | Dec 31, 2003 | Cross-site scripting (XSS) vulnerability in gbook.php in Filebased guestbook 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the comment section. | ||
| CVE-2003-1554 | 0.00 | — | 0.00 | Dec 31, 2003 | Cross-site scripting (XSS) vulnerability in scozbook/add.php in ScozNet ScozBook 1.1 BETA allows remote attackers to inject arbitrary web script or HTML via the (1) username, (2) useremail, (3) aim, (4) msn, (5) sitename and (6) siteaddy variables. | ||
| CVE-2003-1556 | 0.00 | — | 0.00 | Dec 31, 2003 | Cross-site scripting (XSS) vulnerability in cc_guestbook.pl in CGI City CC GuestBook allows remote attackers to inject arbitrary web script or HTML via the (1) name and (2) homepage_title (webpage title) parameters. | ||
| CVE-2003-1531 | 0.00 | — | 0.01 | Dec 31, 2003 | Cross-site scripting (XSS) vulnerability in testcgi.exe in Lilikoi Software Ceilidh 2.70 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string. | ||
| CVE-2003-1467 | 0.00 | — | 0.01 | Dec 31, 2003 | Multiple cross-site scripting (XSS) vulnerabilities in (1) login.php, (2) register.php, (3) post.php, and (4) common.php in Phorum before 3.4.3 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | ||
| CVE-2003-1479 | 0.00 | — | 0.00 | Dec 31, 2003 | Cross-site scripting (XSS) vulnerability in webcamXP 1.02.432 and 1.02.535 allows remote attackers to inject arbitrary web script or HTML via the message field. | ||
| CVE-2003-1370 | 0.00 | — | 0.00 | Dec 31, 2003 | Multiple cross-site scripting (XSS) vulnerabilities in Nuked-Klan 1.2b allow remote attackers to inject arbitrary HTML or web script via (1) the Author field in the Guestbook module, (2) the Titre or Pseudo fields in the Forum module, or (3) "La Tribune Libre" in the Shoutbox module. | ||
| CVE-2003-1547 | 0.00 | — | 0.00 | Dec 31, 2003 | Cross-site scripting (XSS) vulnerability in block-Forums.php in the Splatt Forum module for PHP-Nuke 6.x allows remote attackers to inject arbitrary web script or HTML via the subject parameter. | ||
| CVE-2002-2386 | 0.00 | — | 0.00 | Dec 31, 2002 | Cross-site scripting (XSS) vulnerability in the Quizz module for XOOPS 1.0, when allowing on-line question development, allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in the SRC attribute of an IMG tag. | ||
| CVE-2002-2231 | 0.00 | — | 0.00 | Dec 31, 2002 | Cross-site scripting (XSS) vulnerability in Ikonboard 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) a javascript: URL in a photo URL or (2) an X-Forwarded-For: header. | ||
| CVE-2002-2230 | 0.00 | — | 0.00 | Dec 31, 2002 | Cross-site scripting (XSS) vulnerability in Ikonboard 3.1.1 allows remote attackers to inject arbitrary web script or HTML via a private message with a javascript: URL in the IMG tag, in which the URL ends in a ".gif" or ".jpg" string, a variant of CVE-2002-0328. | ||
| CVE-2002-2278 | 0.00 | — | 0.00 | Dec 31, 2002 | Cross-site scripting (XSS) vulnerability in mod_search/index.php in PortailPHP 0.99 allows remote attackers to inject arbitrary web script or HTML via the (1) $App_Theme, (2) $Rub_Search, (3) $Rub_News, (4) $Rub_File, (5) $Rub_Liens, or (6) $Rub_Faq variables. | ||
| CVE-2002-2330 | 0.00 | — | 0.00 | Dec 31, 2002 | Cross-site scripting (XSS) vulnerability in stat.pl in StatsPlus 1.25 allows remote attackers to inject arbitrary web script or HTML via (1) HTTP_USER_AGENT or (2) HTTP_REFERER, which is written to stats.html and executed in client browsers. |