CWE-79 CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (45687 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2009-4662	1 Novell	1 Groupwise	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 7.0 before 7.03 HP4 and 8.0 before 8.0 SP1 allows remote attackers to inject arbitrary web script or HTML via the User.Theme.index parameter.
CVE-2009-4678	1 Winn	1 Winn Guestbook	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in index.php in Winn Guestbook 2.4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVE-2009-4681	1 Phpdirectorysource	1 Phpdirectorysource	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in search.php in phpDirectorySource 1.x allows remote attackers to inject arbitrary web script or HTML via the st parameter.
CVE-2009-4682	1 Scriptsez	1 Good\/bad Vote	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in vote.php in Good/Bad Vote allows remote attackers to inject arbitrary web script or HTML via the id parameter in a vote action.
CVE-2009-4684	1 Edgephp	1 Ezodiak	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in index.php in EZodiak allows remote attackers to inject arbitrary web script or HTML via the sign parameter.
CVE-2009-4685	1 Phpscriptsnow	1 Astrology	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in celebrities.php in PHP Scripts Now Astrology allows remote attackers to inject arbitrary web script or HTML via the day parameter.
CVE-2009-4690	1 Yourfreeworld	1 Programs Rating Script	2025-04-11	N/A
Multiple cross-site scripting (XSS) vulnerabilities in YourFreeWorld Programs Rating Script allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) rate.php and (2) postcomments.php.
CVE-2009-4692	1 Radscripts	1 Radlance	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in index.php in RadScripts RadLance Gold 7.5 allows remote attackers to inject arbitrary web script or HTML via the pr parameter in a ulist action.
CVE-2009-4688	1 Resalecode	1 Php Shopping Cart Selling Website Script	2025-04-11	N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php in PHP Shopping Cart Selling Website Script allow remote attackers to inject arbitrary web script or HTML via the (1) txtkeywords and (2) cid parameters.
CVE-2009-4705	2 Thomas Loeffler, Typo3	2 Twittersearch, Typo3	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in the Twitter Search (twittersearch) extension before 0.1.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4699	1 Skadate	1 Skadate Online Dating Software	2025-04-11	N/A
Multiple cross-site scripting (XSS) vulnerabilities in SkaDate Dating allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin/auth.php and (2) file_uploader.php.
CVE-2009-4707	2 Maximo Cuadros, Typo3	2 Gb Fenewssubmit, Typo3	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in the [Gobernalia] Front End News Submitter (gb_fenewssubmit) extension 0.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4713	1 Alexandre Amaral	1 Xoops Celepar	2025-04-11	N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Qas (aka Quas) module for XOOPS Celepar allow remote attackers to inject arbitrary web script or HTML via (1) the cod_categoria parameter to categoria.php, (2) the opcao parameter to index.php, and the PATH_INFO to (3) categoria.php and (4) index.php.
CVE-2009-4715	1 Phpscriptsnow	1 Real Time Currency Exchange	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in rates.php in Real Time Currency Exchange allows remote attackers to inject arbitrary web script or HTML via the Amount parameter.
CVE-2009-4716	1 Edgephp	1 Ezwebsearch	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in results.php in EDGEPHP EZWebSearch allows remote attackers to inject arbitrary web script or HTML via the language parameter.
CVE-2009-4743	1 Afterlogic	1 Webmail Pro	2025-04-11	N/A
Multiple cross-site scripting (XSS) vulnerabilities in history-storage.aspx in AfterLogic WebMail Pro 4.7.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) HistoryStorageObjectName and (2) HistoryKey parameters.
CVE-2009-4744	1 Oicgroup	1 Exponent Cms	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in the Contact module in Exponent CMS 0.97-GA20090213 allows remote attackers to inject arbitrary web script or HTML via the email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-4746	1 Dreamlevels	1 Dreampoll	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in index.php in Dreamlevels DreamPoll 3.1 allows remote attackers to inject arbitrary web script or HTML via the recordsPerPage parameter in a poll_default login action.
CVE-2009-4767	1 Plohni	1 Shoutbox	2025-04-11	N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Plohni Shoutbox 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) input_name and (2) input_text parameters. NOTE: some of these details are obtained from third party information.
CVE-2009-4786	1 Pligg	1 Pligg Cms	2025-04-11	N/A
Multiple cross-site scripting (XSS) vulnerabilities in Pligg before 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to (1) admin/admin_config.php, (2) admin/admin_modules.php, (3) delete.php, (4) editlink.php, (5) submit.php, (6) submit_groups.php, (7) user_add_remove_links.php, and (8) user_settings.php.

« first previous Page 1339 of 2285. next last »