CWE-79 CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (45687 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2013-5495	1 Cisco	1 Unified Meetingplace	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in the web framework in the Application Server in Cisco Unified MeetingPlace allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui44681.
CVE-2013-5500	1 Cisco	1 Mediasense	2025-04-11	N/A
Multiple cross-site scripting (XSS) vulnerabilities in the oraadmin service page in Cisco MediaSense allow remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuj23320, CSCuj23324, CSCuj23333, and CSCuj23338.
CVE-2013-5501	1 Cisco	1 Mediasense	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in the oraservice page in Cisco MediaSense allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuj23328.
CVE-2013-5504	1 Cisco	1 Identity Services Engine Software	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in the Mobile Device Management (MDM) portal in Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui30266.
CVE-2013-5519	1 Cisco	1 Wireless Lan Controller	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in the management interface on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuf77810.
CVE-2013-5524	1 Cisco	1 Identity Services Engine Software	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in the troubleshooting page in Cisco Identity Services Engine (ISE) 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCug77655.
CVE-2013-6175	1 Emc	1 Document Sciences Xpression	2025-04-11	N/A
Multiple cross-site scripting (XSS) vulnerabilities in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allow remote attackers to inject arbitrary web script or HTML via unspecified input to a (1) xAdmin or (2) xDashboard form.
CVE-2013-6178	1 Emc	1 Rsa Archer Egrc	2025-04-11	N/A
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer GRC 5.x before 5.4 SP1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-6196	1 Hp	1 Autonomy Ultraseek	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in HP Autonomy Ultraseek 5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-6198	1 Hp	3 Service Manager, Service Manager Web Client, Service Manager Web Tier	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in HP Service Manager WebTier and Windows Client 9.20 and 9.21 before 9.21.661 p8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-6280	1 Linksalpha	1 Social Sharing Toolkit Plugin	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in Social Sharing Toolkit plugin before 2.1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-6289	2 Ingo Renner, Typo3	2 Apache Solr, Typo3	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in the Apache Solr for TYPO3 (solr) extension before 2.8.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-6327	1 Ibm	1 Sterling Connect Enterprise Http Option	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in the HTTP Option in IBM Sterling Connect:Enterprise 1.3 before 1.3.0.2 iFix 1 and 1.4 before 1.4.0.0 iFix 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "cross-frame scripting" issue.
CVE-2013-6342	1 Tweet-blender	1 Tweet-blender	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in the Tweet Blender plugin before 4.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tb_tab_index parameter to wp-admin/options-general.php.
CVE-2013-6344	1 Novell	1 Zenworks Configuration Management	2025-04-11	N/A
The ZCC page in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows attackers to conduct cross-frame scripting attacks via unknown vectors.
CVE-2013-6374	1 Jenkins-ci	1 Build Failure Analyzer	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.5.1 for Jenkins allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-6387	1 Drupal	1 Drupal	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in the Image module in Drupal 7.x before 7.24 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the description field.
CVE-2013-6388	1 Drupal	1 Drupal	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in the Color module in Drupal 7.x before 7.24 allows remote attackers to inject arbitrary web script or HTML via vectors related to CSS.
CVE-2013-6415	3 Redhat, Rhel Sam, Rubyonrails	5 Openstack, Rhel Software Collections, 1.4 and 2 more	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in the number_to_currency helper in actionpack/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the unit parameter.
CVE-2013-6416	1 Rubyonrails	1 Rails	2025-04-11	N/A
Cross-site scripting (XSS) vulnerability in the simple_format helper in actionpack/lib/action_view/helpers/text_helper.rb in Ruby on Rails 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML attribute.

« first previous Page 1345 of 2285. next last »