ByteOS Network

Vulnerability Details :

CVE-2008-6240

Assigner-mitre

Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At-23 Feb, 2009 | 15:00

Updated At-07 Aug, 2024 | 11:20

Cross-site scripting (XSS) vulnerability in data/views/index.html in OpenEdit Digital Asset Management (DAM) before 5.2014 allows remote attackers to inject arbitrary web script or HTML via the catalogid parameter.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:mitre

Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At:23 Feb, 2009 | 15:00

Updated At:07 Aug, 2024 | 11:20

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
http://secunia.com/advisories/33296	third-party-advisory x_refsource_SECUNIA
http://www.securityfocus.com/bid/33063	vdb-entry x_refsource_BID
http://holisticinfosec.org/content/view/95/45/	x_refsource_MISC
http://www.osvdb.org/51028	vdb-entry x_refsource_OSVDB
https://exchange.xforce.ibmcloud.com/vulnerabilities/47692	vdb-entry x_refsource_XF

Hyperlink: http://secunia.com/advisories/33296

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://www.securityfocus.com/bid/33063

Resource:

vdb-entry

x_refsource_BID

Hyperlink: http://holisticinfosec.org/content/view/95/45/

Resource:

x_refsource_MISC

Hyperlink: http://www.osvdb.org/51028

Resource:

vdb-entry

x_refsource_OSVDB

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/47692

Resource:

vdb-entry

x_refsource_XF

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
http://secunia.com/advisories/33296	third-party-advisory x_refsource_SECUNIA x_transferred
http://www.securityfocus.com/bid/33063	vdb-entry x_refsource_BID x_transferred
http://holisticinfosec.org/content/view/95/45/	x_refsource_MISC x_transferred
http://www.osvdb.org/51028	vdb-entry x_refsource_OSVDB x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/47692	vdb-entry x_refsource_XF x_transferred

Hyperlink: http://secunia.com/advisories/33296

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://www.securityfocus.com/bid/33063

Resource:

vdb-entry

x_refsource_BID

x_transferred

Hyperlink: http://holisticinfosec.org/content/view/95/45/

Resource:

x_refsource_MISC

x_transferred

Hyperlink: http://www.osvdb.org/51028

Resource:

vdb-entry

x_refsource_OSVDB

x_transferred

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/47692

Resource:

vdb-entry

x_refsource_XF

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cve@mitre.org

Published At:23 Feb, 2009 | 15:30

Updated At:23 Apr, 2026 | 00:35

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N

Type: Primary

Version: 2.0

Base score: 4.3

Base severity: MEDIUM

Vector:

AV:N/AC:M/Au:N/C:N/I:P/A:N

CPE Matches

openedit>>openedit_digital_asset_management>>Versions up to 5.0(inclusive)

cpe:2.3:a:openedit:openedit_digital_asset_management:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-79	Primary	nvd@nist.gov

CWE ID: CWE-79

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://holisticinfosec.org/content/view/95/45/	cve@mitre.org	N/A
http://secunia.com/advisories/33296	cve@mitre.org	Vendor Advisory
http://www.osvdb.org/51028	cve@mitre.org	N/A
http://www.securityfocus.com/bid/33063	cve@mitre.org	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/47692	cve@mitre.org	N/A
http://holisticinfosec.org/content/view/95/45/	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/33296	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://www.osvdb.org/51028	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/bid/33063	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/47692	af854a3a-2127-422b-91ae-364da2661108	N/A

Hyperlink: http://holisticinfosec.org/content/view/95/45/

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://secunia.com/advisories/33296

Source: cve@mitre.org

Resource:

Vendor Advisory

Hyperlink: http://www.osvdb.org/51028

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.securityfocus.com/bid/33063

Source: cve@mitre.org

Resource:

Vendor Advisory

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/47692

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://holisticinfosec.org/content/view/95/45/

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Hyperlink: http://secunia.com/advisories/33296

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Vendor Advisory

Hyperlink: http://www.osvdb.org/51028

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Hyperlink: http://www.securityfocus.com/bid/33063

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Vendor Advisory

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/47692

Source: af854a3a-2127-422b-91ae-364da2661108

Resource: N/A

Similar CVEs

12242Records found

CVE-2013-1157

Matching Score-4

Assigner-Cisco Systems, Inc.

View Details

Matching Score-4

Assigner-Cisco Systems, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.23% / 46.01%

7 Day CHG~0.00%

Published-01 May, 2013 | 10:00

Updated-29 Apr, 2026 | 01:13

Cross-site scripting (XSS) vulnerability in the IBM Tivoli Monitoring (ITM) Java servlet container in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud51068.

Vendor-n/a Cisco Systems, Inc.

Product-prime_central_for_hosted_collaboration_solution n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2020-36502

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-6.1||MEDIUM

EPSS-0.24% / 47.28%

7 Day CHG~0.00%

Published-22 Oct, 2021 | 19:19

Updated-04 Aug, 2024 | 17:30

Swift File Transfer Mobile v1.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the devicename parameter which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered as the device name itself.

Vendor-swiftfiletransfer n/a

Product-swift_file_transfer n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2015-0876

Matching Score-4

Assigner-JPCERT/CC

View Details

Matching Score-4

Assigner-JPCERT/CC

CVSS Score-4.3||MEDIUM

EPSS-0.32% / 55.31%

7 Day CHG~0.00%

Published-07 Apr, 2015 | 01:00

Updated-06 May, 2026 | 22:30

Multiple cross-site scripting (XSS) vulnerabilities in the print_language_selectbox function in classes/adminpage.inc.php in Saurus CMS Community Edition before 4.7 2015-02-04 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-saurus n/a

Product-saurus_cms n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2015-0634

Matching Score-4

Assigner-Cisco Systems, Inc.

View Details

Matching Score-4

Assigner-Cisco Systems, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.42% / 61.84%

7 Day CHG~0.00%

Published-15 May, 2015 | 01:00

Updated-06 May, 2026 | 22:30

Cross-site scripting (XSS) vulnerability in the administrative interface in Cisco WebEx Meetings Server 2.5 and 2.5.0.997 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuq86310.

Vendor-n/a Cisco Systems, Inc.

Product-webex_meetings_server n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2015-0871

Matching Score-4

Assigner-JPCERT/CC

View Details

Matching Score-4

Assigner-JPCERT/CC

CVSS Score-4.3||MEDIUM

EPSS-0.25% / 48.10%

7 Day CHG~0.00%

Published-07 Feb, 2015 | 15:00

Updated-06 May, 2026 | 22:30

Cross-site scripting (XSS) vulnerability in Mrs. Shiromuku Perl CGI shiromuku(u1)GUESTBOOK 1.62 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-shiromuku n/a

Product-guestbook n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2009-2851

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-4.3||MEDIUM

EPSS-2.99% / 86.69%

7 Day CHG~0.00%

Published-18 Aug, 2009 | 20:41

Updated-23 Apr, 2026 | 00:35

Cross-site scripting (XSS) vulnerability in the administrator interface in WordPress before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via a comment author URL.

Vendor-n/a WordPress.org

Product-wordpress n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2015-0526

Matching Score-4

Assigner-Dell

View Details

Matching Score-4

Assigner-Dell

CVSS Score-4.3||MEDIUM

EPSS-0.22% / 45.20%

7 Day CHG~0.00%

Published-22 Jun, 2015 | 15:00

Updated-06 May, 2026 | 22:30

Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Validation Manager (RVM) 3.2 before build 201 allow remote attackers to inject arbitrary web script or HTML via the (1) displayMode or (2) wrapPreDisplayMode parameter.

Vendor-n/a ELAN Microelectronics Corporation

Product-rsa_validation_manager n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2014-9917

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-6.1||MEDIUM

EPSS-0.21% / 43.46%

7 Day CHG~0.00%

Published-15 May, 2019 | 13:23

Updated-06 Aug, 2024 | 14:02

An issue was discovered in Bilboplanet 2.0. There is a stored XSS vulnerability when adding a tag via the user/?page=tribes tags parameter.

Vendor-bilboplanet n/a

Product-bilboplanet n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2009-2947

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-4.3||MEDIUM

EPSS-0.44% / 63.43%

7 Day CHG~0.00%

Published-14 Sep, 2009 | 16:00

Updated-23 Apr, 2026 | 00:35

Cross-site scripting (XSS) vulnerability in Xapian Omega before 1.0.16 allows remote attackers to inject arbitrary web script or HTML via unspecified CGI parameter values, which are sometimes included in exception messages.

Vendor-xapian n/a

Product-omega n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2009-3057

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-4.3||MEDIUM

EPSS-0.45% / 63.97%

7 Day CHG~0.00%

Published-03 Sep, 2009 | 17:00

Updated-23 Apr, 2026 | 00:35

Multiple cross-site scripting (XSS) vulnerabilities in AOM Software Beex 3 allow remote attackers to inject arbitrary web script or HTML via the navaction parameter to (1) news.php and (2) partneralle.php.

Vendor-aom-software n/a

Product-beex n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2015-0195

Matching Score-4

Assigner-IBM Corporation

View Details

Matching Score-4

Assigner-IBM Corporation

CVSS Score-4.3||MEDIUM

EPSS-0.24% / 46.53%

7 Day CHG~0.00%

Published-03 Oct, 2015 | 22:00

Updated-06 May, 2026 | 22:30

Cross-site scripting (XSS) vulnerability in IBM Content Template Catalog 4.x before 4.1.4 for WebSphere Portal 8.0.x and 4.x before 4.3.1 for WebSphere Portal 8.5.x allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

Vendor-n/a IBM Corporation

Product-content_template_catalog websphere_portal n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2009-3066

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-4.3||MEDIUM

EPSS-0.17% / 38.29%

7 Day CHG~0.00%

Published-03 Sep, 2009 | 17:00

Updated-23 Apr, 2026 | 00:35

Multiple cross-site scripting (XSS) vulnerabilities in PropertyWatchScript.com Property Watch 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) videoid parameter to tools/email.php and (2) redirect parameter to tools/login.php.

Vendor-propertywatchscript n/a

Product-property_watch n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2015-0522

Matching Score-4

Assigner-Dell

View Details

Matching Score-4

Assigner-Dell

CVSS Score-4.3||MEDIUM

EPSS-0.14% / 33.21%

7 Day CHG~0.00%

Published-12 Mar, 2015 | 10:00

Updated-06 May, 2026 | 22:30

Cross-site scripting (XSS) vulnerability in EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA Registration Manager (RRM) before 6.9 build 558 allows remote attackers to inject arbitrary web script or HTML via vectors related to the email address parameter.

Vendor-n/a ELAN Microelectronics Corporation

Product-rsa_registration_manager rsa_certificate_manager n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2009-2785

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-4.3||MEDIUM

EPSS-0.52% / 66.81%

7 Day CHG~0.00%

Published-17 Aug, 2009 | 16:00

Updated-23 Apr, 2026 | 00:35

Multiple cross-site scripting (XSS) vulnerabilities in PHP Open Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to buy.php and the id parameter to (2) contact.php and (3) tellafriend.php.

Vendor-classifiedphpscript n/a

Product-php_open_classifieds_script n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2009-3435

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-4.3||MEDIUM

EPSS-0.32% / 55.03%

7 Day CHG~0.00%

Published-28 Sep, 2009 | 22:00

Updated-23 Apr, 2026 | 00:35

Cross-site scripting (XSS) vulnerability in the variable editor in the Devel module 5.x before 5.x-1.2 and 6.x before 6.x-1.18, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a variable name.

Vendor-moshe_weitzman n/a The Drupal Association

Product-devel drupal n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2009-3204

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-4.3||MEDIUM

EPSS-0.33% / 55.94%

7 Day CHG~0.00%

Published-16 Sep, 2009 | 17:00

Updated-23 Apr, 2026 | 00:35

Multiple cross-site scripting (XSS) vulnerabilities in Stiva Forum 1.0 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) demo.php and (2) forum.php, and the PATH_INFO to (3) include_forum.php.

Vendor-stivaforum n/a

Product-stiva_forum n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2009-3493

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-4.3||MEDIUM

EPSS-1.42% / 80.78%

7 Day CHG~0.00%

Published-30 Sep, 2009 | 15:00

Updated-23 Apr, 2026 | 00:35

Multiple cross-site scripting (XSS) vulnerabilities in Zenas PaoBacheca Guestbook 2.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) scrivi.php and (2) index.php.

Vendor-zenas n/a

Product-paobacheca_guestbook n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2009-3469

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-4.3||MEDIUM

EPSS-2.56% / 85.69%

7 Day CHG~0.00%

Published-29 Sep, 2009 | 19:00

Updated-23 Apr, 2026 | 00:35

Cross-site scripting (XSS) vulnerability in profiles/html/simpleSearch.do in IBM Lotus Connections 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter.

Vendor-n/a IBM Corporation

Product-lotus_connections n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2009-3363

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-4.3||MEDIUM

EPSS-0.32% / 55.03%

7 Day CHG~0.00%

Published-24 Sep, 2009 | 16:00

Updated-23 Apr, 2026 | 00:35

Cross-site scripting (XSS) vulnerability in the BUEditor module 5.x before 5.x-1.2 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via input to the "plain textarea editor."

Vendor-ufku_bayburt n/a The Drupal Association

Product-bueditor drupal n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2015-0967

Matching Score-4

Assigner-CERT/CC

View Details

Matching Score-4

Assigner-CERT/CC

CVSS Score-4.3||MEDIUM

EPSS-1.07% / 77.92%

7 Day CHG~0.00%

Published-18 Apr, 2015 | 01:00

Updated-06 May, 2026 | 22:30

Multiple cross-site scripting (XSS) vulnerabilities in SearchBlox before 8.2 allow remote attackers to inject arbitrary web script or HTML via (1) the search field in plugin/index.html or (2) the title field in the Create Featured Result form in admin/main.jsp.

Vendor-searchblox n/a

Product-searchblox n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2015-0893

Matching Score-4

Assigner-JPCERT/CC

View Details

Matching Score-4

Assigner-JPCERT/CC

CVSS Score-4.3||MEDIUM

EPSS-0.32% / 55.31%

7 Day CHG~0.00%

Published-05 Mar, 2015 | 01:00

Updated-06 May, 2026 | 22:30

Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka Relay Novel allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-maroyaka_relay_novel_project n/a

Product-maroyaka_relay_novel n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2015-0698

Matching Score-4

Assigner-Cisco Systems, Inc.

View Details

Matching Score-4

Assigner-Cisco Systems, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.35% / 57.57%

7 Day CHG~0.00%

Published-15 Apr, 2015 | 10:00

Updated-06 May, 2026 | 22:30

Multiple cross-site scripting (XSS) vulnerabilities in filter search forms in admin web pages on Cisco Web Security Appliance (WSA) devices with software 8.5.0-497 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCut39213.

Vendor-n/a Cisco Systems, Inc.

Product-web_security_appliance n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2015-0737

Matching Score-4

Assigner-Cisco Systems, Inc.

View Details

Matching Score-4

Assigner-Cisco Systems, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.26% / 49.72%

7 Day CHG~0.00%

Published-12 Jun, 2015 | 10:00

Updated-06 May, 2026 | 22:30

Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSIGHT System Software 5.3.1.1 allow remote attackers to inject arbitrary web script or HTML via a crafted (1) GET or (2) POST parameter, aka Bug ID CSCuu11099.

Vendor-n/a Cisco Systems, Inc.

Product-firesight_system_software n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2015-0749

Matching Score-4

Assigner-Cisco Systems, Inc.

View Details

Matching Score-4

Assigner-Cisco Systems, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.23% / 46.33%

7 Day CHG~0.00%

Published-19 Feb, 2020 | 02:55

Updated-15 Nov, 2024 | 17:41

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability

A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on the affected software. The vulnerabilities is due to improper input validation of certain parameters passed to the affected software. An attacker could exploit this vulnerability by convincing a user to follow a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information.

Vendor-Cisco Systems, Inc.

Product-unified_communications_manager Cisco Unified Communications Manager

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2015-0752

Matching Score-4

Assigner-Cisco Systems, Inc.

View Details

Matching Score-4

Assigner-Cisco Systems, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.26% / 49.72%

7 Day CHG~0.00%

Published-29 May, 2015 | 15:00

Updated-06 May, 2026 | 22:30

Cross-site scripting (XSS) vulnerability in Cisco TelePresence Video Communication Server (VCS) X8.5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCut27635.

Vendor-n/a Cisco Systems, Inc.

Product-telepresence_video_communication_server n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2015-0937

Matching Score-4

Assigner-CERT/CC

View Details

Matching Score-4

Assigner-CERT/CC

CVSS Score-4.3||MEDIUM

EPSS-0.91% / 75.99%

7 Day CHG~0.00%

Published-17 Apr, 2015 | 01:00

Updated-06 May, 2026 | 22:30

Cross-site scripting (XSS) vulnerability in search.php on the Blue Coat Malware Analysis appliance with software before 4.2.4.20150312-RELEASE allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-blue_coat n/a

Product-malware_analysis_appliance n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2015-0345

Matching Score-4

Assigner-Adobe Systems Incorporated

View Details

Matching Score-4

Assigner-Adobe Systems Incorporated

CVSS Score-4.3||MEDIUM

EPSS-3.16% / 87.07%

7 Day CHG~0.00%

Published-15 Apr, 2015 | 10:00

Updated-06 May, 2026 | 22:30

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 16 and 11 before Update 5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-n/a Adobe Inc.

Product-coldfusion n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2015-0167

Matching Score-4

Assigner-IBM Corporation

View Details

Matching Score-4

Assigner-IBM Corporation

CVSS Score-4.3||MEDIUM

EPSS-0.26% / 49.70%

7 Day CHG~0.00%

Published-20 Feb, 2015 | 16:00

Updated-06 May, 2026 | 22:30

Cross-site scripting (XSS) vulnerability in textAngular-sanitize.js in textAngular before 1.3.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to the editor.

Vendor-textangular n/a

Product-textangular n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2017-2661

Matching Score-4

Assigner-Red Hat, Inc.

View Details

Matching Score-4

Assigner-Red Hat, Inc.

CVSS Score-6.1||MEDIUM

EPSS-0.28% / 51.46%

7 Day CHG~0.00%

Published-12 Mar, 2018 | 15:00

Updated-16 Sep, 2024 | 17:28

ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site scripting vulnerability due to improper validation of Node name field when creating new cluster or adding existing cluster.

Vendor-clusterlabs ClusterLabs

Product-pcs pcs

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2014-9905

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-6.1||MEDIUM

EPSS-0.60% / 69.65%

7 Day CHG~0.00%

Published-17 Feb, 2017 | 17:00

Updated-13 May, 2026 | 00:24

Multiple cross-site scripting (XSS) vulnerabilities in the Web Calendar in SOGo before 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title of an appointment or (2) contact fields.

Vendor-n/a Alinto

Product-sogo n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2009-3195

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-4.3||MEDIUM

EPSS-2.08% / 84.17%

7 Day CHG~0.00%

Published-15 Sep, 2009 | 21:00

Updated-23 Apr, 2026 | 00:35

Multiple cross-site scripting (XSS) vulnerabilities in JCE-Tech Auction RSS Content Script 3.0 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) rss.php and (2) search.php.

Vendor-jce-tech n/a

Product-auction_rss_content_script n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2015-0728

Matching Score-4

Assigner-Cisco Systems, Inc.

View Details

Matching Score-4

Assigner-Cisco Systems, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.26% / 49.72%

7 Day CHG~0.00%

Published-15 May, 2015 | 01:00

Updated-06 May, 2026 | 22:30

Cross-site scripting (XSS) vulnerability in Cisco Access Control Server (ACS) 5.5(0.1) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuu11002.

Vendor-n/a Cisco Systems, Inc.

Product-secure_access_control_system n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2015-0900

Matching Score-4

Assigner-JPCERT/CC

View Details

Matching Score-4

Assigner-JPCERT/CC

CVSS Score-4.3||MEDIUM

EPSS-0.31% / 54.20%

7 Day CHG~0.00%

Published-31 Mar, 2015 | 10:00

Updated-06 May, 2026 | 22:30

Cross-site scripting (XSS) vulnerability in schedule.cgi in Nishishi Factory Fumy Teacher's Schedule Board 1.10 through 2.21 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

Vendor-nishishi n/a

Product-fumy_teachers_schedule_board n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2009-3355

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-4.3||MEDIUM

EPSS-2.65% / 85.90%

7 Day CHG+1.30%

Published-24 Sep, 2009 | 16:00

Updated-23 Apr, 2026 | 00:35

Cross-site scripting (XSS) vulnerability in profile.php in Datetopia Buy Dating Site 1.0 allows remote attackers to inject arbitrary web script or HTML via the s_r parameter.

Vendor-datetopia n/a

Product-buy_dating_site n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2015-0655

Matching Score-4

Assigner-Cisco Systems, Inc.

View Details

Matching Score-4

Assigner-Cisco Systems, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.30% / 53.10%

7 Day CHG~0.00%

Published-28 Feb, 2015 | 02:00

Updated-06 May, 2026 | 22:30

Cross-site scripting (XSS) vulnerability in Unified Web Interaction Manager in Cisco Unified Web and E-Mail Interaction Manager allows remote attackers to inject arbitrary web script or HTML via vectors related to a POST request, aka Bug ID CSCus74184.

Vendor-n/a Cisco Systems, Inc.

Product-unified_web_and_e-mail_interaction_manager n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2009-3367

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-4.3||MEDIUM

EPSS-0.33% / 55.73%

7 Day CHG~0.00%

Published-24 Sep, 2009 | 16:00

Updated-23 Apr, 2026 | 00:35

Multiple cross-site scripting (XSS) vulnerabilities in An image gallery 1.0 allow remote attackers to inject arbitrary web script or HTML via the path parameter to (1) index.php and (2) main.php, and the (3) show parameter to main.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Vendor-plohni n/a

Product-an_image_gallery n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2015-0732

Matching Score-4

Assigner-Cisco Systems, Inc.

View Details

Matching Score-4

Assigner-Cisco Systems, Inc.

CVSS Score-4.3||MEDIUM

EPSS-0.30% / 53.10%

7 Day CHG~0.00%

Published-29 Jul, 2015 | 01:00

Updated-06 May, 2026 | 22:30

Cross-site scripting (XSS) vulnerability in Cisco AsyncOS on the Web Security Appliance (WSA) 9.0.0-193; Email Security Appliance (ESA) 8.5.6-113, 9.1.0-032, 9.1.1-000, and 9.6.0-000; and Content Security Management Appliance (SMA) 9.1.0-033 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuu37430, CSCuu37420, CSCut71981, and CSCuv50167.

Vendor-n/a Cisco Systems, Inc.

Product-content_security_management_virtual_appliance web_security_appliance email_security_appliance_firmware n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2009-3222

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-4.3||MEDIUM

EPSS-1.55% / 81.60%

7 Day CHG~0.00%

Published-16 Sep, 2009 | 19:00

Updated-23 Apr, 2026 | 00:35

Cross-site scripting (XSS) vulnerability in index.php in FreeWebScriptz Honest Traffic (FWSHT) 1.x allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

Vendor-freewebscriptz n/a

Product-honest_traffic n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2009-3467

Matching Score-4

Assigner-Adobe Systems Incorporated

View Details

Matching Score-4

Assigner-Adobe Systems Incorporated

CVSS Score-4.3||MEDIUM

EPSS-0.82% / 74.48%

7 Day CHG~0.00%

Published-13 May, 2010 | 17:00

Updated-29 Apr, 2026 | 01:13

Cross-site scripting (XSS) vulnerability in an unspecified method in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

Vendor-n/a Adobe Inc.

Product-coldfusion n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2009-3256

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-4.3||MEDIUM

EPSS-0.14% / 33.97%

7 Day CHG~0.00%

Published-18 Sep, 2009 | 20:00

Updated-23 Apr, 2026 | 00:35

Cross-site scripting (XSS) vulnerability in include/ajax/blogInfo.php in LiveStreet 0.2 allows remote attackers to inject arbitrary web script or HTML via the URI, as demonstrated by a SCRIPT element in an arbitrary parameter such as the asd parameter.

Vendor-livestreet n/a

Product-livestreet n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2009-3479

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-4.3||MEDIUM

EPSS-0.24% / 47.38%

7 Day CHG~0.00%

Published-30 Sep, 2009 | 15:00

Updated-23 Apr, 2026 | 00:35

Cross-site scripting (XSS) vulnerability in Bibliography (Biblio) 5.x before 5.x-1.17 and 6.x before 6.x-1.6, a module for Drupal, allows remote attackers, with "create content displayed by the Bibliography module" permissions, to inject arbitrary web script or HTML via a title.

Vendor-ron_jerome n/a The Drupal Association

Product-bibliography drupal n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2015-0176

Matching Score-4

Assigner-IBM Corporation

View Details

Matching Score-4

Assigner-IBM Corporation

CVSS Score-4.3||MEDIUM

EPSS-0.22% / 44.50%

7 Day CHG~0.00%

Published-27 Apr, 2015 | 01:00

Updated-06 May, 2026 | 22:30

Cross-site scripting (XSS) vulnerability in MQ XR WebSockets Listener in WMQ Telemetry in IBM WebSphere MQ 8.0 before 8.0.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URI that is included in an error response.

Vendor-n/a IBM Corporation

Product-websphere_mq n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2009-3227

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-4.3||MEDIUM

EPSS-0.30% / 53.10%

7 Day CHG~0.00%

Published-16 Sep, 2009 | 19:00

Updated-23 Apr, 2026 | 00:35

Cross-site scripting (XSS) vulnerability in index.php in AlmondSoft Almond Classifieds Ads Enterprise and Almond Affiliate Network Classifieds allows remote attackers to inject arbitrary web script or HTML via the city parameter in a search action. NOTE: some of these details are obtained from third party information.

Vendor-almondsoft n/a

Product-affiliate_network_classifieds almond_classifieds n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2009-3299

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-4.3||MEDIUM

EPSS-0.73% / 72.91%

7 Day CHG+0.13%

Published-03 Nov, 2009 | 16:00

Updated-23 Apr, 2026 | 00:35

Cross-site scripting (XSS) vulnerability in the resume blocktype in Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-n/a Mahara

Product-mahara n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2009-3359

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-4.3||MEDIUM

EPSS-1.05% / 77.75%

7 Day CHG~0.00%

Published-24 Sep, 2009 | 16:00

Updated-23 Apr, 2026 | 00:35

Multiple cross-site scripting (XSS) vulnerabilities in Match Agency BiZ 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) important parameter to edit_profile.php and (2) pid parameter to report.php.

Vendor-datetopia n/a

Product-match_agency_biz n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2009-3186

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-4.3||MEDIUM

EPSS-0.41% / 61.20%

7 Day CHG~0.00%

Published-15 Sep, 2009 | 21:00

Updated-23 Apr, 2026 | 00:35

Multiple cross-site scripting (XSS) vulnerabilities in VideoGirls BiZ allow remote attackers to inject arbitrary web script or HTML via the (1) t parameter to forum.php, (2) profile_name parameter to profile.php, and (3) p parameter to view.php.

Vendor-videogirls n/a

Product-videogirls_biz n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2020-36324

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-6.1||MEDIUM

EPSS-0.24% / 47.28%

7 Day CHG~0.00%

Published-21 Apr, 2021 | 19:43

Updated-04 Aug, 2024 | 17:23

Wikimedia Quarry analytics-quarry-web before 2020-12-15 allows Reflected XSS because app.py does not explicitly set the application/json content type.

Vendor-n/a Wikimedia Foundation

Product-analytics-quarry-web n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2009-3153

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-4.3||MEDIUM

EPSS-0.36% / 58.10%

7 Day CHG~0.00%

Published-10 Sep, 2009 | 18:00

Updated-23 Apr, 2026 | 00:35

Multiple cross-site scripting (XSS) vulnerabilities in x10 MP3 Search engine 1.6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) pic_id parameter to includes/video_ad.php, (2) category parameter to linkvideos_listing.php, id parameter to (3) templates/header1.php and (4) mp3/lyrics.php, key parameter to (5) video_listing.php and (6) adult/video_listing.php, and name parameter to (7) mp3/embed.php and (8) mp3/info.php.

Vendor-x10media n/a

Product-mp3_search_engine n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2009-3196

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-4.3||MEDIUM

EPSS-1.19% / 79.00%

7 Day CHG~0.00%

Published-15 Sep, 2009 | 21:00

Updated-23 Apr, 2026 | 00:35

Cross-site scripting (XSS) vulnerability in index.php in JCE-Tech PHP Video Script allows remote attackers to inject arbitrary web script or HTML via the key parameter.

Vendor-jce-tech n/a

Product-php_video_script n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2013-0548

Matching Score-4

Assigner-IBM Corporation

View Details

Matching Score-4

Assigner-IBM Corporation

CVSS Score-4.3||MEDIUM

EPSS-0.43% / 62.55%

7 Day CHG~0.00%

Published-21 Jun, 2013 | 17:00

Updated-29 Apr, 2026 | 01:13

Multiple cross-site scripting (XSS) vulnerabilities in the Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as used in IBM Application Manager for Smart Business (formerly Tivoli Foundations Application Manager) 1.2.1 before 1.2.1.0-TIV-IAMSB-FP0004 and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vendor-n/a IBM Corporation

Product-tivoli_monitoring application_manager_for_smart_business n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2008-6240

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs