Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2008-4918

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-04 Nov, 2008 | 20:00
Updated At-07 Aug, 2024 | 10:31
Rejected At-
Credits

Cross-site scripting (XSS) vulnerability in SonicWALL SonicOS Enhanced before 4.0.1.1, as used in SonicWALL Pro 2040 and TZ 180 and 190, allows remote attackers to inject arbitrary web script or HTML into arbitrary web sites via a URL to a site that is blocked based on content filtering, which is not properly handled in the CFS block page, aka "universal website hijacking."

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:04 Nov, 2008 | 20:00
Updated At:07 Aug, 2024 | 10:31
Rejected At:
▼CVE Numbering Authority (CNA)

Cross-site scripting (XSS) vulnerability in SonicWALL SonicOS Enhanced before 4.0.1.1, as used in SonicWALL Pro 2040 and TZ 180 and 190, allows remote attackers to inject arbitrary web script or HTML into arbitrary web sites via a URL to a site that is blocked based on content filtering, which is not properly handled in the CFS block page, aka "universal website hijacking."

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/archive/1/498043/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/497958/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://www.vupen.com/english/advisories/2008/2970
vdb-entry
x_refsource_VUPEN
http://www.securityfocus.com/archive/1/497948/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://www.securityfocus.com/bid/31998
vdb-entry
x_refsource_BID
http://www.zerodayinitiative.com/advisories/ZDI-08-070/
x_refsource_MISC
http://secunia.com/advisories/32498
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/497968/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/498073/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://securityreason.com/securityalert/4556
third-party-advisory
x_refsource_SREASON
http://www.zerodayinitiative.com/advisories/ZDI-08-070
x_refsource_MISC
http://www.gnucitizen.org/blog/new-technique-to-perform-universal-website-hijacking/
x_refsource_MISC
http://www.sonicwall.com/downloads/SonicOS_Enhanced_4.0.1.1_Release_Notes.pdf
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/46232
vdb-entry
x_refsource_XF
http://www.securityfocus.com/archive/1/497989/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.securityfocus.com/archive/1/498043/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.securityfocus.com/archive/1/497958/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.vupen.com/english/advisories/2008/2970
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.securityfocus.com/archive/1/497948/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.securityfocus.com/bid/31998
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.zerodayinitiative.com/advisories/ZDI-08-070/
Resource:
x_refsource_MISC
Hyperlink: http://secunia.com/advisories/32498
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/archive/1/497968/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.securityfocus.com/archive/1/498073/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://securityreason.com/securityalert/4556
Resource:
third-party-advisory
x_refsource_SREASON
Hyperlink: http://www.zerodayinitiative.com/advisories/ZDI-08-070
Resource:
x_refsource_MISC
Hyperlink: http://www.gnucitizen.org/blog/new-technique-to-perform-universal-website-hijacking/
Resource:
x_refsource_MISC
Hyperlink: http://www.sonicwall.com/downloads/SonicOS_Enhanced_4.0.1.1_Release_Notes.pdf
Resource:
x_refsource_CONFIRM
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/46232
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.securityfocus.com/archive/1/497989/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/archive/1/498043/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://www.securityfocus.com/archive/1/497958/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://www.vupen.com/english/advisories/2008/2970
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.securityfocus.com/archive/1/497948/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://www.securityfocus.com/bid/31998
vdb-entry
x_refsource_BID
x_transferred
http://www.zerodayinitiative.com/advisories/ZDI-08-070/
x_refsource_MISC
x_transferred
http://secunia.com/advisories/32498
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/archive/1/497968/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://www.securityfocus.com/archive/1/498073/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://securityreason.com/securityalert/4556
third-party-advisory
x_refsource_SREASON
x_transferred
http://www.zerodayinitiative.com/advisories/ZDI-08-070
x_refsource_MISC
x_transferred
http://www.gnucitizen.org/blog/new-technique-to-perform-universal-website-hijacking/
x_refsource_MISC
x_transferred
http://www.sonicwall.com/downloads/SonicOS_Enhanced_4.0.1.1_Release_Notes.pdf
x_refsource_CONFIRM
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/46232
vdb-entry
x_refsource_XF
x_transferred
http://www.securityfocus.com/archive/1/497989/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/498043/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/497958/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2008/2970
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/497948/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.securityfocus.com/bid/31998
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.zerodayinitiative.com/advisories/ZDI-08-070/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://secunia.com/advisories/32498
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/497968/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/498073/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://securityreason.com/securityalert/4556
Resource:
third-party-advisory
x_refsource_SREASON
x_transferred
Hyperlink: http://www.zerodayinitiative.com/advisories/ZDI-08-070
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.gnucitizen.org/blog/new-technique-to-perform-universal-website-hijacking/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.sonicwall.com/downloads/SonicOS_Enhanced_4.0.1.1_Release_Notes.pdf
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/46232
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/497989/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:04 Nov, 2008 | 21:00
Updated At:17 Jun, 2022 | 15:18

Cross-site scripting (XSS) vulnerability in SonicWALL SonicOS Enhanced before 4.0.1.1, as used in SonicWALL Pro 2040 and TZ 180 and 190, allows remote attackers to inject arbitrary web script or HTML into arbitrary web sites via a URL to a site that is blocked based on content filtering, which is not properly handled in the CFS block page, aka "universal website hijacking."

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CPE Matches
SonicWall Inc.
sonicwall
>>sonicos_enhanced>>Versions before 4.0.1.1(exclusive)
cpe:2.3:o:sonicwall:sonicos_enhanced:*:*:*:*:*:*:*:*
SonicWall Inc.
sonicwall
>>pro_2040>>-
cpe:2.3:h:sonicwall:pro_2040:-:*:*:*:*:*:*:*
SonicWall Inc.
sonicwall
>>tz_180>>-
cpe:2.3:h:sonicwall:tz_180:-:*:*:*:*:*:*:*
SonicWall Inc.
sonicwall
>>tz_190>>-
cpe:2.3:h:sonicwall:tz_190:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-79Primarynvd@nist.gov
CWE ID: CWE-79
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://secunia.com/advisories/32498cve@mitre.org
Not Applicable
http://securityreason.com/securityalert/4556cve@mitre.org
Third Party Advisory
http://www.gnucitizen.org/blog/new-technique-to-perform-universal-website-hijacking/cve@mitre.org
Third Party Advisory
http://www.securityfocus.com/archive/1/497948/100/0/threadedcve@mitre.org
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/497958/100/0/threadedcve@mitre.org
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/497968/100/0/threadedcve@mitre.org
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/497989/100/0/threadedcve@mitre.org
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/498043/100/0/threadedcve@mitre.org
Third Party Advisory
VDB Entry
http://www.securityfocus.com/archive/1/498073/100/0/threadedcve@mitre.org
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/31998cve@mitre.org
Third Party Advisory
VDB Entry
http://www.sonicwall.com/downloads/SonicOS_Enhanced_4.0.1.1_Release_Notes.pdfcve@mitre.org
Broken Link
http://www.vupen.com/english/advisories/2008/2970cve@mitre.org
Permissions Required
http://www.zerodayinitiative.com/advisories/ZDI-08-070cve@mitre.org
Third Party Advisory
VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-08-070/cve@mitre.org
Third Party Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/46232cve@mitre.org
Third Party Advisory
VDB Entry
Hyperlink: http://secunia.com/advisories/32498
Source: cve@mitre.org
Resource:
Not Applicable
Hyperlink: http://securityreason.com/securityalert/4556
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.gnucitizen.org/blog/new-technique-to-perform-universal-website-hijacking/
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: http://www.securityfocus.com/archive/1/497948/100/0/threaded
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securityfocus.com/archive/1/497958/100/0/threaded
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securityfocus.com/archive/1/497968/100/0/threaded
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securityfocus.com/archive/1/497989/100/0/threaded
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securityfocus.com/archive/1/498043/100/0/threaded
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securityfocus.com/archive/1/498073/100/0/threaded
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.securityfocus.com/bid/31998
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.sonicwall.com/downloads/SonicOS_Enhanced_4.0.1.1_Release_Notes.pdf
Source: cve@mitre.org
Resource:
Broken Link
Hyperlink: http://www.vupen.com/english/advisories/2008/2970
Source: cve@mitre.org
Resource:
Permissions Required
Hyperlink: http://www.zerodayinitiative.com/advisories/ZDI-08-070
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: http://www.zerodayinitiative.com/advisories/ZDI-08-070/
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/46232
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

12245Records found
CVE-2005-1006
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.60% / 81.36%
||
7 Day CHG~0.00%
Published-07 Apr, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) the user login name, which is not filtered when the administrator views the log file.

Action-Not Available
Vendor-n/aSonicWall Inc.
Product-sohosoho_firmwaren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2002-2341
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.43% / 61.99%
||
7 Day CHG~0.00%
Published-29 Oct, 2007 | 19:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in content blocking in SonicWALL SOHO3 6.3.0.0 allows remote attackers to inject arbitrary web script or HTML via a blocked URL.

Action-Not Available
Vendor-n/aSonicWall Inc.
Product-soho3n/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-2879
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-10.57% / 93.11%
||
7 Day CHG~0.00%
Published-17 Apr, 2014 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in Dell SonicWALL Email Security 7.4.5 and earlier allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the uploadPatch parameter to the System/Advanced page (settings_advanced.html) or (2) the uploadLicenses parameter in the License management (settings_upload_dlicense.html) page.

Action-Not Available
Vendor-n/aSonicWall Inc.
Product-email_security_appliancen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-5142
Matching Score-10
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-10
Assigner-SonicWall, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.14% / 33.27%
||
7 Day CHG~0.00%
Published-12 Oct, 2020 | 10:40
Updated-04 Aug, 2024 | 08:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stored cross-site scripting (XSS) vulnerability exists in the SonicOS SSLVPN web interface. A remote unauthenticated attacker is able to store and potentially execute arbitrary JavaScript code in the firewall SSLVPN portal. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.

Action-Not Available
Vendor-SonicWall Inc.
Product-sonicossonicosvSonicOS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-2589
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.04% / 77.07%
||
7 Day CHG+0.19%
Published-23 Mar, 2014 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Dashboard Backend service (stats/dashboard.jsp) in SonicWall Network Security Appliance (NSA) 2400 allows remote attackers to inject arbitrary web script or HTML via the sn parameter.

Action-Not Available
Vendor-n/aSonicWall Inc.
Product-nsa_2400n/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-0332
Matching Score-10
Assigner-CERT/CC
ShareView Details
Matching Score-10
Assigner-CERT/CC
CVSS Score-4.3||MEDIUM
EPSS-1.77% / 82.33%
||
7 Day CHG~0.00%
Published-14 Feb, 2014 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in mainPage in Dell SonicWALL GMS before 7.1 SP2, SonicWALL Analyzer before 7.1 SP2, and SonicWALL UMA E5000 before 7.1 SP2 might allow remote attackers to inject arbitrary web script or HTML via the node_id parameter in a ScreenDisplayManager genNetwork action.

Action-Not Available
Vendor-n/aSonicWall Inc.
Product-uma_e5000global_management_systemanalyzern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2012-3848
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.57% / 67.94%
||
7 Day CHG~0.00%
Published-31 Jul, 2012 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to d4d/exporters.php, (2) the HTTP Referer header to d4d/exporters.php, or (3) unspecified input to d4d/contextMenu.php.

Action-Not Available
Vendor-n/aSonicWall Inc.
Product-scrutinizern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-5024
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.36% / 79.89%
||
7 Day CHG~0.00%
Published-24 Jul, 2014 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in sgms/panelManager in Dell SonicWALL GMS, Analyzer, and UMA before 7.2 SP1 allows remote attackers to inject arbitrary web script or HTML via the node_id parameter.

Action-Not Available
Vendor-n/aSonicWall Inc.
Product-global_management_systemanalyzeruma_em5000n/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2008-2162
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 44.38%
||
7 Day CHG~0.00%
Published-12 May, 2008 | 22:00
Updated-07 Aug, 2024 | 08:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in SonicWall Email Security 6.1.1 allows remote attackers to inject arbitrary web script or HTML via the Host header in a request to a non-existent web page, which is not properly sanitized in an error page.

Action-Not Available
Vendor-n/aSonicWall Inc.
Product-e-mail_securityn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-3447
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.74% / 72.41%
||
7 Day CHG~0.00%
Published-29 Apr, 2015 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in macIpSpoofView.html in Dell SonicWall SonicOS 7.5.0.12 and 6.x allow remote attackers to inject arbitrary web script or HTML via the (1) searchSpoof or (2) searchSpoofIpDet parameter.

Action-Not Available
Vendor-n/aSonicWall Inc.
Product-sonicosn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-5691
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.36% / 57.59%
||
7 Day CHG~0.00%
Published-14 Jan, 2018 | 04:00
Updated-05 Aug, 2024 | 05:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SonicWall Global Management System (GMS) 8.1 has XSS via the `newName` and `Name` values of the `/sgms/TreeControl` module.

Action-Not Available
Vendor-n/aSonicWall Inc.
Product-global_management_systemanalyzern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-5281
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.34% / 56.24%
||
7 Day CHG~0.00%
Published-08 Jan, 2018 | 09:00
Updated-05 Aug, 2024 | 05:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SonicWall SonicOS on Network Security Appliance (NSA) 2017 Q4 devices has XSS via the CFS Custom Category and Cloud AV DB Exclusion Settings screens.

Action-Not Available
Vendor-n/aSonicWall Inc.
Product-nsa_6600nsa_2650nsa_5600sonicosnsa_2600nsa_250mnsa_3600nsa_4600n/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-5280
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.30% / 53.07%
||
7 Day CHG~0.00%
Published-08 Jan, 2018 | 09:00
Updated-05 Aug, 2024 | 05:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SonicWall SonicOS on Network Security Appliance (NSA) 2016 Q4 devices has XSS via the Configure SSO screens.

Action-Not Available
Vendor-n/aSonicWall Inc.
Product-nsa_6600nsa_2650nsa_5600sonicosnsa_2600nsa_250mnsa_3600nsa_4600n/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-7025
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-2.52% / 85.09%
||
7 Day CHG~0.00%
Published-09 Dec, 2013 | 11:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before Hotfix 134235 allow remote authenticated users to inject arbitrary web script or HTML via the (1) valfield_1 or (2) value_1 parameter to createNewThreshold.jsp.

Action-Not Available
Vendor-n/aSonicWall Inc.
Product-uma_e5000_firmwareuma_e5000global_management_systemanalyzern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-40598
Matching Score-6
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-6
Assigner-SonicWall, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.09% / 25.09%
||
7 Day CHG+0.01%
Published-23 Jul, 2025 | 14:49
Updated-07 Aug, 2025 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Reflected cross-site scripting (XSS) vulnerability exists in the SMA100 series web interface, allowing a remote unauthenticated attacker to potentially execute arbitrary JavaScript code.

Action-Not Available
Vendor-SonicWall Inc.
Product-sma_210sma_500v_firmwaresma_500vsma_410_firmwaresma_210_firmwaresma_410SMA 100 Series
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-2644
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.31% / 53.33%
||
7 Day CHG~0.00%
Published-26 Mar, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Moodle 3.x, XSS can occur via evidence of prior learning.

Action-Not Available
Vendor-n/aMoodle Pty Ltd
Product-moodleMoodle 3.x
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-3155
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-6.1||MEDIUM
EPSS-1.94% / 83.12%
||
7 Day CHG~0.00%
Published-29 Aug, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to cross frame scripting.

Action-Not Available
Vendor-The Apache Software Foundation
Product-atlasApache Atlas
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2009-2041
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.25% / 48.44%
||
7 Day CHG~0.00%
Published-12 Jun, 2009 | 20:07
Updated-07 Aug, 2024 | 05:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in A51 D.O.O. activeCollab 0.7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-1772.

Action-Not Available
Vendor-activecollabn/a
Product-activecollabn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2009-2937
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-2.62% / 85.34%
||
7 Day CHG~0.00%
Published-18 Sep, 2009 | 10:00
Updated-17 Sep, 2024 | 04:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Planet 2.0 and Planet Venus allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IMG element in a feed.

Action-Not Available
Vendor-intertwinglyn/a
Product-planetplanet_venusn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2009-3016
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.28% / 50.63%
||
7 Day CHG~0.00%
Published-31 Aug, 2009 | 16:00
Updated-07 Aug, 2024 | 06:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apple Safari 4.0.3 does not properly block javascript: and data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains a javascript: URI, (2) entering a javascript: URI when specifying the content of a Refresh header, (3) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI, or (4) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header.

Action-Not Available
Vendor-n/aApple Inc.
Product-safarin/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-2645
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.31% / 53.33%
||
7 Day CHG~0.00%
Published-26 Mar, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Moodle 3.x, XSS can occur via attachments to evidence of prior learning.

Action-Not Available
Vendor-n/aMoodle Pty Ltd
Product-moodleMoodle 3.x
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2009-2472
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.70% / 71.58%
||
7 Day CHG~0.00%
Published-22 Jul, 2009 | 18:00
Updated-07 Aug, 2024 | 05:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox before 3.0.12 does not always use XPCCrossOriginWrapper when required during object construction, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted document, related to a "cross origin wrapper bypass."

Action-Not Available
Vendor-n/aMozilla CorporationFedora ProjectopenSUSESUSE
Product-linux_enterprise_serverfirefoxopensusefedoralinux_enterprise_debuginfolinux_enterprise_desktopn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-10509
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 46.95%
||
7 Day CHG~0.00%
Published-27 Mar, 2020 | 07:35
Updated-16 Sep, 2024 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sunnet eHRD - Cross-Site Scripting

Sunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting (XSS), attackers can inject arbitrary command into the system and launch XSS attack.

Action-Not Available
Vendor-SunnetSun Microsystems (Oracle Corporation)
Product-ehrdeHRD
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-3104
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-6.1||MEDIUM
EPSS-1.28% / 79.24%
||
7 Day CHG~0.00%
Published-01 Dec, 2017 | 08:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe RoboHelp has a cross-site scripting (XSS) vulnerability. This affects versions before RH12.0.4.460 and RH2017 before RH2017.0.2.

Action-Not Available
Vendor-n/aAdobe Inc.Microsoft Corporation
Product-robohelpwindowsAdobe RoboHelp RH2017.0.1 and earlier versions
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-3133
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-6.1||MEDIUM
EPSS-8.69% / 92.28%
||
7 Day CHG~0.00%
Published-12 Sep, 2017 | 02:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiosFortinet FortiOS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-10242
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.26% / 79.07%
||
7 Day CHG~0.00%
Published-16 Mar, 2020 | 15:48
Updated-04 Aug, 2024 | 10:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Joomla! before 3.9.16. Inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript allows XSS attacks.

Action-Not Available
Vendor-n/aJoomla!
Product-joomla\!n/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2009-2814
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.50% / 65.39%
||
7 Day CHG~0.00%
Published-14 Sep, 2009 | 16:00
Updated-07 Aug, 2024 | 06:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Wiki Server in Apple Mac OS X 10.5.8 allows remote attackers to inject arbitrary web script or HTML via a search request containing data that does not use UTF-8 encoding.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_x_servern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2009-2586
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.35% / 79.76%
||
7 Day CHG~0.00%
Published-24 Jul, 2009 | 16:00
Updated-07 Aug, 2024 | 05:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in articles.php in EDGEPHP EZArticles allows remote attackers to inject arbitrary web script or HTML via the title parameter.

Action-Not Available
Vendor-edgephpn/a
Product-ezarticlesn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-2187
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.1||MEDIUM
EPSS-0.29% / 51.63%
||
7 Day CHG~0.00%
Published-09 Jun, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting vulnerability in WP Live Chat Support prior to version 7.0.07 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-3cxCODECABIN_
Product-live_chatWP Live Chat Support
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-2164
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.1||MEDIUM
EPSS-0.20% / 41.47%
||
7 Day CHG~0.00%
Published-12 May, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting vulnerability in SOY CMS with installer 1.8.12 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n-i-agroinformaticsNippon Institute of Agroinformatics Ltd.
Product-soy_cmsSOY CMS with installer
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-2683
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-8.2||HIGH
EPSS-0.30% / 52.68%
||
7 Day CHG~0.00%
Published-27 Feb, 2017 | 11:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A non-privileged user of the Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and 8081/TCP could perform a persistent Cross-Site Scripting (XSS) attack, potentially resulting in obtaining administrative permissions.

Action-Not Available
Vendor-n/aSiemens AG
Product-ruggedcom_network_management_softwareRUGGEDCOM NMS All versions < V2.1 (Windows and Linux)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-2174
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.1||MEDIUM
EPSS-0.32% / 54.92%
||
7 Day CHG~0.00%
Published-22 May, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting vulnerability in Empirical Project Monitor - eXtended all versions allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-ipaINFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)
Product-empirical_project_monitor_-_extendedEmpirical Project Monitor - eXtended
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-3161
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-6.1||MEDIUM
EPSS-5.03% / 89.51%
||
7 Day CHG~0.00%
Published-26 Apr, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HDFS web UI in Apache Hadoop before 2.7.0 is vulnerable to a cross-site scripting (XSS) attack through an unescaped query parameter.

Action-Not Available
Vendor-The Apache Software Foundation
Product-hadoopApache Hadoop
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-3127
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.31% / 54.03%
||
7 Day CHG~0.00%
Published-01 Jun, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross-Site Scripting vulnerability in Fortinet FortiGate 5.2.0 through 5.2.10 allows attacker to execute unauthorized code or commands via the srcintf parameter during Firewall Policy Creation.

Action-Not Available
Vendor-n/aFortinet, Inc.
Product-fortiosn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2009-2350
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-13.29% / 93.99%
||
7 Day CHG~0.00%
Published-07 Jul, 2009 | 23:00
Updated-07 Aug, 2024 | 05:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 6.0.2900.2180 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header, a related issue to CVE-2009-1312.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-1050
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.03% / 76.88%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 15:13
Updated-04 Aug, 2024 | 06:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. This CVE ID is unique from CVE-2020-1049.

Action-Not Available
Vendor-Microsoft Corporation
Product-dynamics_365_serverDynamics 365 Server, version 9.0 (on-premises)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-16009
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-6.1||MEDIUM
EPSS-0.49% / 65.19%
||
7 Day CHG~0.00%
Published-04 Jun, 2018 | 19:00
Updated-17 Sep, 2024 | 02:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ag-grid is an advanced data grid that is library agnostic. ag-grid is vulnerable to Cross-site Scripting (XSS) via Angular Expressions, if AngularJS is used in combination with ag-grid.

Action-Not Available
Vendor-AG Grid Ltd.HackerOneAngularJS
Product-ag-gridangularjsag-grid node module
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2009-2370
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.40% / 60.38%
||
7 Day CHG~0.00%
Published-08 Jul, 2009 | 15:00
Updated-16 Sep, 2024 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Advanced Forum 5.x before 5.x-1.1 and 6.x before 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-michelle_coxn/aThe Drupal Association
Product-advanced_forumdrupaln/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2009-2145
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-2.65% / 85.42%
||
7 Day CHG~0.00%
Published-22 Jun, 2009 | 14:00
Updated-07 Aug, 2024 | 05:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in transLucid 1.75 allow remote attackers to inject arbitrary web script or HTML via the (a) NodeID and (b) action parameters to the default URI, and the (c) NodeID parameter to the default URI for the admin section; and allow remote authenticated users to inject arbitrary web script or HTML via the (d) Title (aka page name) and (e) Url fields in a (1) new or (2) modified page.

Action-Not Available
Vendor-panthan/a
Product-translucidn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-2135
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.1||MEDIUM
EPSS-0.32% / 54.92%
||
7 Day CHG~0.00%
Published-28 Apr, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting vulnerability in WP Statistics version 12.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-wp-statisticsWP Statistics
Product-wp_statisticsWP Statistics
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-2743
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.40% / 60.13%
||
7 Day CHG~0.00%
Published-23 Jan, 2018 | 16:00
Updated-17 Sep, 2024 | 03:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP has identified a potential security vulnerability with HP Enterprise LaserJet Printers and MFPs, HP OfficeJet Enterprise Color Printers and MFP, HP PageWide Color Printers and MPS before 2308214_000901, 2308214_000900, and other firmware versions. The vulnerability could be exploited to perform a cross site scripting (XSS) attack.

Action-Not Available
Vendor-HP Inc.
Product-cf068ace708acf081acf235a_firmwarece504ab5l25a_firmwareb5l25af2a77aj7x28acc524acz245a_firmwarece709ab5l26a_firmwaree6b68acc522acc419ad3l10ac2s11ae6b71a_firmwareg1w47v_firmwarece993al2717a_firmwarecf069a_firmwaree6b73a_firmwaref2a81a_firmwarecf235ad7p70a2a69a_firmwarece504a_firmwarel3u44a_firmwarece996a_firmwarec2s12a_firmwarecf238a_firmwareb5l24a_firmwarece707acf118acd646a_firmwarecf236a_firmwarecf067a_firmwaree6b67a_firmwareb5l07ag1w47vg1w46v_firmwared3l08a_firmwareg1w41acf367al3u43a_firmwarece991ab5l07a_firmwarecd645a_firmwareg1w39acf082ae6b68a_firmwareb5l05ag1w39a_firmwarecc421acz244ab3g85a_firmwarecf067acc523a_firmwared7p70a_firmware2a71a_firmwarecc421a_firmwarecf066a_firmwareb5l04ae6b69ace709a_firmwareb5l23a_firmwaree6b69a_firmwaref2a76ad3l10a_firmwarea2w75a_firmwareg1w46vcf117a_firmwarel3u42a_firmwarecf116ace995a_firmwarecf117acf118a_firmwaree6b70ae6b72ace738a_firmwarece995al3u44acf066ae6b72a_firmwarece996aa2w79a_firmwarea2w76a_firmwareb5l04a_firmwarea2w77a_firmwareb5l46a_firmwarece990ace994ae6b73aa2w77ab5l47a2a69ab5l48af2a81ag1w40ace991a_firmwarece993a_firmwarea2w75ab3g85acd644a_firmwarecz244a_firmwarec2s12acd644al3u42acz245acf238acf083a_firmwareb5l46ae6b70a_firmwareg1w47a_firmwared3l08ace989a_firmware2a68ag1w40a_firmwareg1w46a_firmwarec2s11a_firmwaree6b71af2a76a_firmwarece707a_firmwarece503a_firmwareb5l05a_firmwarecf083ad7p71a_firmwarej7x28a_firmware2a70af2a77a_firmwarecf082a_firmware2a71ace708a_firmwarecd646acf069aa2w78a_firmwarecc419a_firmwareb5l24acf116a_firmwared3l09a_firmwarecc420a_firmwaree6b67ace989ace990a_firmwareg1w41a_firmwarece992a_firmwarel3u43ace992ab5l23ad3l09ace738acf367a_firmware2a70a_firmwarecf068a_firmwarecc522a_firmwarecc524a_firmwarea2w78ace503ad7p71ab5l48a_firmwarecc523acc420acf081a_firmwarea2w79a2a68a_firmwareg1w46ag1w47ace994a_firmwareb5l26al2717aa2w76ab5l47a_firmwarecf236aHP Enterprise LaserJet Printers and MFPs; HP OfficeJet Enterprise Color Printers and MFP; HP PageWide Color Printers and MPS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-15687
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.83% / 74.08%
||
7 Day CHG~0.00%
Published-23 Oct, 2017 | 08:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DOM Based Cross Site Scripting (XSS) exists in Logitech Media Server 7.7.1, 7.7.2, 7.7.3, 7.7.5, 7.7.6, 7.9.0, and 7.9.1 via a crafted URI.

Action-Not Available
Vendor-logitechn/a
Product-media_servern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-3103
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-6.1||MEDIUM
EPSS-1.07% / 77.31%
||
7 Day CHG~0.00%
Published-14 Jul, 2017 | 05:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Connect versions 9.6.1 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to a stored cross-site scripting attack.

Action-Not Available
Vendor-n/aAdobe Inc.
Product-connectAdobe Connect 9.6.1 and earlier.
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-12353
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 46.95%
||
7 Day CHG~0.00%
Published-13 Jun, 2018 | 23:00
Updated-05 Aug, 2024 | 08:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name field to the "Business Model's Catalogue" catalogue.

Action-Not Available
Vendor-knowage-suiten/a
Product-knowagen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-2274
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.1||MEDIUM
EPSS-0.23% / 45.35%
||
7 Day CHG~0.00%
Published-22 Jul, 2017 | 00:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting vulnerability in WMR-433 firmware Ver.1.02 and earlier, WMR-433W firmware Ver.1.40 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-BUFFALO INC.
Product-wmr-433_firmwarewmr-433w_firmwarewmr-433wwmr-433WMR-433WWMR-433
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-3151
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-6.1||MEDIUM
EPSS-1.02% / 76.82%
||
7 Day CHG~0.00%
Published-29 Aug, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Stored Cross-Site Scripting in the edit-tag functionality.

Action-Not Available
Vendor-The Apache Software Foundation
Product-atlasApache Atlas
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-2285
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.1||MEDIUM
EPSS-0.53% / 66.88%
||
7 Day CHG~0.00%
Published-02 Aug, 2017 | 16:00
Updated-06 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting vulnerability in Simple Custom CSS and JS prior to version 3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-silkypressSilkyPress
Product-simple_custom_css_and_jsSimple Custom CSS and JS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2009-2783
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-7.27% / 91.46%
||
7 Day CHG~0.00%
Published-17 Aug, 2009 | 16:00
Updated-16 Sep, 2024 | 19:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.3.3 allow remote attackers to inject arbitrary web script or HTML via the (1) op parameter to modules/pm/viewpmsg.php and (2) query string to modules/profile/user.php.

Action-Not Available
Vendor-xoopsn/a
Product-xoopsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2009-2802
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.45% / 63.15%
||
7 Day CHG~0.00%
Published-09 Nov, 2019 | 02:12
Updated-07 Aug, 2024 | 06:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MantisBT 1.2.x before 1.2.2 insecurely handles attachments and MIME types. Arbitrary inline attachment rendering could lead to cross-domain scripting or other browser attacks.

Action-Not Available
Vendor-n/aMantis Bug Tracker (MantisBT)
Product-mantisbtn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-10091
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.10% / 27.90%
||
7 Day CHG~0.00%
Published-13 Mar, 2020 | 16:18
Updated-04 Aug, 2024 | 10:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GitLab 9.3 through 12.8.1 allows XSS. A cross-site scripting vulnerability was found when viewing particular file types.

Action-Not Available
Vendor-n/aGitLab Inc.
Product-gitlabn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 244
  • 245
  • Next
Details not found