CWE-79 CVEs and Security Vulnerabilities

Export limit exceeded: 349498 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 45824 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (45824 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2014-7811	2 Redhat, Suse	3 Network Satellite, Spacewalk, Manager	2025-04-12	N/A
Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allow remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the REST API.
CVE-2014-9434	1 Absolutengine	1 Absolut Engine	2025-04-12	N/A
Cross-site scripting (XSS) vulnerability in admin/managerrelated.php in the administrative backend in Absolut Engine 1.73 allows remote authenticated users to inject arbitrary web script or HTML via the title parameter.
CVE-2016-1447	1 Cisco	1 Webex Meetings Server	2025-04-12	N/A
Cross-site scripting (XSS) vulnerability in the administrator interface in Cisco WebEx Meetings Server 2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuy83194.
CVE-2014-7812	2 Redhat, Suse	4 Network Satellite, Satellite, Spacewalk and 1 more	2025-04-12	N/A
Cross-site scripting (XSS) vulnerability in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allows remote authenticated users to inject arbitrary web script or HTML via the System Groups field.
CVE-2014-9443	1 Relevanssi	1 Relevanssi	2025-04-12	N/A
Cross-site scripting (XSS) vulnerability in the Relevanssi plugin before 3.3.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-9446	1 Koha	1 Koha	2025-04-12	N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Staff client in Koha before 3.16.6 and 3.18.x before 3.18.2 allow remote attackers to inject arbitrary web script or HTML via the sort_by parameter to the (1) opac parameter in opac-search.pl or (2) intranet parameter in catalogue/search.pl.
CVE-2016-1439	1 Cisco	1 Unified Contact Center Enterprise	2025-04-12	N/A
Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Contact Center Enterprise through 10.5(2) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux59650.
CVE-2014-9453	1 Simple Visitor Stat Project	1 Simple Visitor Stat	2025-04-12	N/A
Multiple cross-site scripting (XSS) vulnerabilities in simple-visitor-stat.php in the Simple visitor stat plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP User-Agent or (2) HTTP Referer header.
CVE-2014-9468	1 Instantasp	1 Instantforum	2025-04-12	N/A
Multiple cross-site scripting (XSS) vulnerabilities in InstantASP InstantForum.NET 4.1.3, 4.1.2, 4.1.1, 4.0.0, 4.1.0, and 3.4.0 allow remote attackers to inject arbitrary web script or HTML via the SessionID parameter to (1) Join.aspx or (2) Logon.aspx.
CVE-2015-7676	1 Ipswitch	1 Moveit Dmz	2025-04-12	N/A
Ipswitch MOVEit File Transfer (formerly DMZ) 8.1 and earlier, when configured to support file view on download, allows remote authenticated users to conduct cross-site scripting (XSS) attacks by uploading HTML files.
CVE-2015-6514	1 Splunk	1 Splunk	2025-04-12	N/A
Cross-site scripting (XSS) vulnerability in the Dashboard in Splunk Enterprise 6.2.x before 6.2.4 and Splunk Light 6.2.x before 6.2.4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-9477	1 Mediawiki	1 Mediawiki	2025-04-12	N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Listings extension for MediaWiki allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) url parameter.
CVE-2014-9478	1 Mediawiki	1 Mediawiki	2025-04-12	N/A
Cross-site scripting (XSS) vulnerability in the preview in the ExpandTemplates extension for MediaWiki, when $wgRawHTML is set to true, allows remote attackers to inject arbitrary web script or HTML via the wpInput parameter to the Special:ExpandTemplates page.
CVE-2014-9479	1 Mediawiki	1 Mediawiki	2025-04-12	N/A
Cross-site scripting (XSS) vulnerability in the preview in the TemplateSandbox extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via the text parameter to Special:TemplateSandbox.
CVE-2014-9480	1 Mediawiki	1 Mediawiki	2025-04-12	N/A
Cross-site scripting (XSS) vulnerability in the Hovercards extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via vectors related to text extracts.
CVE-2014-9498	1 Webform Invitation Project	1 Webform Invitation	2025-04-12	N/A
Cross-site scripting (XSS) vulnerability in the Webform Invitation module 7.x-1.x before 7.x-1.3 and 7.x-2.x before 7.x-2.4 for Drupal allows remote authenticated users with the Webform: Create new content, Webform: Edit own content, or Webform: Edit any content permission to inject arbitrary web script or HTML via a node title.
CVE-2015-0522	1 Emc	2 Rsa Certificate Manager, Rsa Registration Manager	2025-04-12	N/A
Cross-site scripting (XSS) vulnerability in EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA Registration Manager (RRM) before 6.9 build 558 allows remote attackers to inject arbitrary web script or HTML via vectors related to the email address parameter.
CVE-2015-0526	1 Emc	1 Rsa Validation Manager	2025-04-12	N/A
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Validation Manager (RVM) 3.2 before build 201 allow remote attackers to inject arbitrary web script or HTML via the (1) displayMode or (2) wrapPreDisplayMode parameter.
CVE-2015-0549	1 Emc	1 Documentum D2	2025-04-12	N/A
Cross-site scripting (XSS) vulnerability in EMC Documentum D2 before 4.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-0553	1 Websitebaker	1 Websitebaker	2025-04-12	N/A
Cross-site scripting (XSS) vulnerability in admin/pages/modify.php in WebsiteBaker 2.8.3 SP3 allows remote attackers to inject arbitrary web script or HTML via the page_id parameter.

« first previous Page 1195 of 2292. next last »