CWE-79 CVEs and Security Vulnerabilities

Filtered by CWE-79

Search

Switch to Advanced Search (Beta)

Total 34410 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2009-3171	1 Anantasoft	1 Gazelle Cms	2024-11-21	N/A
Multiple cross-site scripting (XSS) vulnerabilities in Anantasoft Gazelle CMS 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user parameter to user.php or (2) lookup parameter to search.php.
CVE-2009-3162	1 Multi-website	1 Multi Website	2024-11-21	N/A
Cross-site scripting (XSS) vulnerability in Multi Website 1.5 allows remote attackers to inject arbitrary web script or HTML via the search parameter in a search action to the default URI.
CVE-2009-3157	2 Drupal, Karen Stevenson	2 Drupal, Calendar	2024-11-21	N/A
Cross-site scripting (XSS) vulnerability in the Calendar module 6.x before 6.x-2.2 for Drupal allows remote authenticated users, with "create new content types" privileges, to inject arbitrary web script or HTML via the title of a content type.
CVE-2009-3156	2 Drupal, Karen Stevenson	2 Drupal, Date	2024-11-21	N/A
Cross-site scripting (XSS) vulnerability in the Date Tools sub-module in the Date module 6.x before 6.x-2.3 for Drupal allows remote authenticated users, with "use date tools" or "administer content types" privileges, to inject arbitrary web script or HTML via a "Content type label" field.
CVE-2009-3155	2 Almondsoft, Joomla	2 Com Aclassf, Joomla	2024-11-21	N/A
Cross-site scripting (XSS) vulnerability in gmap.php in the Almond Classifieds (com_aclassf) component 7.5 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the addr parameter.
CVE-2009-3153	1 X10media	1 Mp3 Search Engine	2024-11-21	N/A
Multiple cross-site scripting (XSS) vulnerabilities in x10 MP3 Search engine 1.6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) pic_id parameter to includes/video_ad.php, (2) category parameter to linkvideos_listing.php, id parameter to (3) templates/header1.php and (4) mp3/lyrics.php, key parameter to (5) video_listing.php and (6) adult/video_listing.php, and name parameter to (7) mp3/embed.php and (8) mp3/info.php.
CVE-2009-3152	1 Nt	1 Bbs E-market	2024-11-21	N/A
Multiple cross-site scripting (XSS) vulnerabilities in becommunity/community/index.php in NTSOFT BBS E-Market Professional allow remote attackers to inject arbitrary web script or HTML via the (1) page, (2) bt_code, and (3) b_no parameters in a board view action.
CVE-2009-3147	1 Allenthusiast	1 Reviewpost Php Pro	2024-11-21	N/A
Cross-site scripting (XSS) vulnerability in showproduct.php in ReviewPost Pro vB3 allows remote attackers to inject arbitrary web script or HTML via the date parameter.
CVE-2009-3146	1 Articlefriend	1 Articlefriend Script	2024-11-21	N/A
Cross-site scripting (XSS) vulnerability in search_advance.php in ArticleFriend Script allows remote attackers to inject arbitrary web script or HTML via the SearchWd parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-3121	2 Chris Shattuck, Drupal	2 Ajaxtable, Drupal	2024-11-21	N/A
Cross-site scripting (XSS) vulnerability in the Ajax Table module 5.x for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-3120	1 Bigace	1 Bigace	2024-11-21	N/A
Cross-site scripting (XSS) vulnerability in public/index.php in BIGACE Web CMS 2.6 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: some of these details are obtained from third party information.
CVE-2009-3105	1 Ibm	1 Domino Web Access	2024-11-21	N/A
Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 211.241 for Domino 8.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR EZEL7UURYC.
CVE-2009-3067	1 Webformatique	1 Reservation Manager	2024-11-21	N/A
Cross-site scripting (XSS) vulnerability in index.php in Reservation Manager allows remote attackers to inject arbitrary web script or HTML via the resman_startdate parameter.
CVE-2009-3066	1 Propertywatchscript	1 Property Watch	2024-11-21	N/A
Multiple cross-site scripting (XSS) vulnerabilities in PropertyWatchScript.com Property Watch 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) videoid parameter to tools/email.php and (2) redirect parameter to tools/login.php.
CVE-2009-3060	1 Allpublication	1 Jboard	2024-11-21	N/A
Multiple cross-site scripting (XSS) vulnerabilities in Joker Board (aka JBoard) 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the notice parameter to editform.php, (2) the edit_user_message parameter to core/edit_user_message.php, or (3) the user_title parameter to inc/head.inc.php, reachable through any PHP script.
CVE-2009-3057	1 Aom-software	1 Beex	2024-11-21	N/A
Multiple cross-site scripting (XSS) vulnerabilities in AOM Software Beex 3 allow remote attackers to inject arbitrary web script or HTML via the navaction parameter to (1) news.php and (2) partneralle.php.
CVE-2009-3036	1 Symantec	1 Im Manager	2024-11-21	N/A
Cross-site scripting (XSS) vulnerability in the console in Symantec IM Manager 8.3 and 8.4 before 8.4.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-3030	1 Symantec	1 Securityexpressions Audit And Compliance Server	2024-11-21	N/A
Cross-site scripting (XSS) vulnerability in Symantec SecurityExpressions Audit and Compliance Server 4.1.1, 4.1, and earlier allows remote attackers to inject arbitrary web script or HTML via vectors that trigger an error message in a response, related to an "HTML Injection issue."
CVE-2009-3029	1 Symantec	1 Securityexpressions Audit And Compliance Server	2024-11-21	N/A
Cross-site scripting (XSS) vulnerability in the console in Symantec SecurityExpressions Audit and Compliance Server 4.1.1, 4.1, and earlier allows remote authenticated users to inject arbitrary web script or HTML via "external client input" that triggers crafted error messages.
CVE-2009-3021	2 Geeklog, Yoshinori Tahara	2 Geeklog, Mycaljp	2024-11-21	N/A
Cross-site scripting (XSS) vulnerability in Site Calendar 'mycaljp' plugin 2.0.0 through 2.0.6, as used in the Japanese extended package of Geeklog 1.5.0 through 1.5.2 and when distributed 20090629 or earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

« first previous Page 1524 of 1721. next last »