Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2008-6565

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-31 Mar, 2009 | 17:00
Updated At-07 Aug, 2024 | 11:34
Rejected At-
Credits

Cross-site scripting (XSS) vulnerability in Invision Power Board 2.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via an IFRAME tag in the signature.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:31 Mar, 2009 | 17:00
Updated At:07 Aug, 2024 | 11:34
Rejected At:
▼CVE Numbering Authority (CNA)

Cross-site scripting (XSS) vulnerability in Invision Power Board 2.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via an IFRAME tag in the signature.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/28466
vdb-entry
x_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/41502
vdb-entry
x_refsource_XF
http://www.securityfocus.com/archive/1/490115/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.securityfocus.com/bid/28466
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/41502
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.securityfocus.com/archive/1/490115/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/28466
vdb-entry
x_refsource_BID
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/41502
vdb-entry
x_refsource_XF
x_transferred
http://www.securityfocus.com/archive/1/490115/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.securityfocus.com/bid/28466
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/41502
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/490115/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:31 Mar, 2009 | 17:30
Updated At:11 Oct, 2018 | 20:57

Cross-site scripting (XSS) vulnerability in Invision Power Board 2.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via an IFRAME tag in the signature.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CPE Matches
invision_power_services
invision_power_services
>>invision_power_board>>Versions up to 2.3.1(inclusive)
cpe:2.3:a:invision_power_services:invision_power_board:*:*:*:*:*:*:*:*
invision_power_services
invision_power_services
>>invision_power_board>>1.0
cpe:2.3:a:invision_power_services:invision_power_board:1.0:*:*:*:*:*:*:*
invision_power_services
invision_power_services
>>invision_power_board>>1.0.1
cpe:2.3:a:invision_power_services:invision_power_board:1.0.1:*:*:*:*:*:*:*
invision_power_services
invision_power_services
>>invision_power_board>>1.0.3
cpe:2.3:a:invision_power_services:invision_power_board:1.0.3:*:*:*:*:*:*:*
invision_power_services
invision_power_services
>>invision_power_board>>1.1.1
cpe:2.3:a:invision_power_services:invision_power_board:1.1.1:*:*:*:*:*:*:*
invision_power_services
invision_power_services
>>invision_power_board>>1.1.2
cpe:2.3:a:invision_power_services:invision_power_board:1.1.2:*:*:*:*:*:*:*
invision_power_services
invision_power_services
>>invision_power_board>>1.2
cpe:2.3:a:invision_power_services:invision_power_board:1.2:*:*:*:*:*:*:*
invision_power_services
invision_power_services
>>invision_power_board>>1.3
cpe:2.3:a:invision_power_services:invision_power_board:1.3:*:*:*:*:*:*:*
invision_power_services
invision_power_services
>>invision_power_board>>1.3.1_final
cpe:2.3:a:invision_power_services:invision_power_board:1.3.1_final:*:*:*:*:*:*:*
invision_power_services
invision_power_services
>>invision_power_board>>1.3_final
cpe:2.3:a:invision_power_services:invision_power_board:1.3_final:*:*:*:*:*:*:*
invision_power_services
invision_power_services
>>invision_power_board>>2.0
cpe:2.3:a:invision_power_services:invision_power_board:2.0:*:*:*:*:*:*:*
invision_power_services
invision_power_services
>>invision_power_board>>2.0.0
cpe:2.3:a:invision_power_services:invision_power_board:2.0.0:*:*:*:*:*:*:*
invision_power_services
invision_power_services
>>invision_power_board>>2.0.1
cpe:2.3:a:invision_power_services:invision_power_board:2.0.1:*:*:*:*:*:*:*
invision_power_services
invision_power_services
>>invision_power_board>>2.0.2
cpe:2.3:a:invision_power_services:invision_power_board:2.0.2:*:*:*:*:*:*:*
invision_power_services
invision_power_services
>>invision_power_board>>2.0.3
cpe:2.3:a:invision_power_services:invision_power_board:2.0.3:*:*:*:*:*:*:*
invision_power_services
invision_power_services
>>invision_power_board>>2.0.4
cpe:2.3:a:invision_power_services:invision_power_board:2.0.4:*:*:*:*:*:*:*
invision_power_services
invision_power_services
>>invision_power_board>>2.0.x
cpe:2.3:a:invision_power_services:invision_power_board:2.0.x:*:*:*:*:*:*:*
invision_power_services
invision_power_services
>>invision_power_board>>2.0_alpha3
cpe:2.3:a:invision_power_services:invision_power_board:2.0_alpha3:*:*:*:*:*:*:*
invision_power_services
invision_power_services
>>invision_power_board>>2.0_pdr3
cpe:2.3:a:invision_power_services:invision_power_board:2.0_pdr3:*:*:*:*:*:*:*
invision_power_services
invision_power_services
>>invision_power_board>>2.0_pf1
cpe:2.3:a:invision_power_services:invision_power_board:2.0_pf1:*:*:*:*:*:*:*
invision_power_services
invision_power_services
>>invision_power_board>>2.0_pf2
cpe:2.3:a:invision_power_services:invision_power_board:2.0_pf2:*:*:*:*:*:*:*
invision_power_services
invision_power_services
>>invision_power_board>>2.1
cpe:2.3:a:invision_power_services:invision_power_board:2.1:*:*:*:*:*:*:*
invision_power_services
invision_power_services
>>invision_power_board>>2.1.0
cpe:2.3:a:invision_power_services:invision_power_board:2.1.0:*:*:*:*:*:*:*
invision_power_services
invision_power_services
>>invision_power_board>>2.1.1
cpe:2.3:a:invision_power_services:invision_power_board:2.1.1:*:*:*:*:*:*:*
invision_power_services
invision_power_services
>>invision_power_board>>2.1.2
cpe:2.3:a:invision_power_services:invision_power_board:2.1.2:*:*:*:*:*:*:*
invision_power_services
invision_power_services
>>invision_power_board>>2.1.3
cpe:2.3:a:invision_power_services:invision_power_board:2.1.3:*:*:*:*:*:*:*
invision_power_services
invision_power_services
>>invision_power_board>>2.1.4
cpe:2.3:a:invision_power_services:invision_power_board:2.1.4:*:*:*:*:*:*:*
invision_power_services
invision_power_services
>>invision_power_board>>2.1.5
cpe:2.3:a:invision_power_services:invision_power_board:2.1.5:*:*:*:*:*:*:*
invision_power_services
invision_power_services
>>invision_power_board>>2.1.5_2006-03-08
cpe:2.3:a:invision_power_services:invision_power_board:2.1.5_2006-03-08:*:*:*:*:*:*:*
invision_power_services
invision_power_services
>>invision_power_board>>2.1.5_2006-04-25
cpe:2.3:a:invision_power_services:invision_power_board:2.1.5_2006-04-25:*:*:*:*:*:*:*
invision_power_services
invision_power_services
>>invision_power_board>>2.1.6
cpe:2.3:a:invision_power_services:invision_power_board:2.1.6:*:*:*:*:*:*:*
invision_power_services
invision_power_services
>>invision_power_board>>2.1.7
cpe:2.3:a:invision_power_services:invision_power_board:2.1.7:*:*:*:*:*:*:*
invision_power_services
invision_power_services
>>invision_power_board>>2.1.x
cpe:2.3:a:invision_power_services:invision_power_board:2.1.x:*:*:*:*:*:*:*
invision_power_services
invision_power_services
>>invision_power_board>>2.1_alpha2
cpe:2.3:a:invision_power_services:invision_power_board:2.1_alpha2:*:*:*:*:*:*:*
invision_power_services
invision_power_services
>>invision_power_board>>2.1_beta2
cpe:2.3:a:invision_power_services:invision_power_board:2.1_beta2:*:*:*:*:*:*:*
invision_power_services
invision_power_services
>>invision_power_board>>2.1_beta3
cpe:2.3:a:invision_power_services:invision_power_board:2.1_beta3:*:*:*:*:*:*:*
invision_power_services
invision_power_services
>>invision_power_board>>2.1_beta4
cpe:2.3:a:invision_power_services:invision_power_board:2.1_beta4:*:*:*:*:*:*:*
invision_power_services
invision_power_services
>>invision_power_board>>2.1_beta5
cpe:2.3:a:invision_power_services:invision_power_board:2.1_beta5:*:*:*:*:*:*:*
invision_power_services
invision_power_services
>>invision_power_board>>2.1_rc1
cpe:2.3:a:invision_power_services:invision_power_board:2.1_rc1:*:*:*:*:*:*:*
invision_power_services
invision_power_services
>>invision_power_board>>2.2
cpe:2.3:a:invision_power_services:invision_power_board:2.2:*:*:*:*:*:*:*
invision_power_services
invision_power_services
>>invision_power_board>>2.2.1
cpe:2.3:a:invision_power_services:invision_power_board:2.2.1:*:*:*:*:*:*:*
invision_power_services
invision_power_services
>>invision_power_board>>2.2.2
cpe:2.3:a:invision_power_services:invision_power_board:2.2.2:*:*:*:*:*:*:*
invision_power_services
invision_power_services
>>invision_power_board>>2.3
cpe:2.3:a:invision_power_services:invision_power_board:2.3:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-79Primarynvd@nist.gov
CWE ID: CWE-79
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.securityfocus.com/archive/1/490115/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/bid/28466cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/41502cve@mitre.org
N/A
Hyperlink: http://www.securityfocus.com/archive/1/490115/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/28466
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/41502
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

12250Records found
CVE-2015-5535
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.27% / 50.09%
||
7 Day CHG~0.00%
Published-13 Aug, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the qTranslate plugin 2.5.39 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the edit parameter in the qtranslate page to wp-admin/options-general.php.

Action-Not Available
Vendor-qtranslate_projectn/a
Product-qtranslaten/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-5520
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-12.28% / 93.69%
||
7 Day CHG~0.00%
Published-14 Jul, 2015 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Users module in Orchard 1.7.3 through 1.8.2 and 1.9.x before 1.9.1 allows remote attackers to inject arbitrary web script or HTML via the username when creating a new user account, which is not properly handled when deleting an account.

Action-Not Available
Vendor-orchardprojectn/a
Product-orchardn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-5381
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.18% / 78.44%
||
7 Day CHG~0.00%
Published-23 May, 2017 | 03:56
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter to the default URI.

Action-Not Available
Vendor-n/aRoundcube Webmail Project
Product-roundcube_webmailwebmailn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-5528
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.50% / 65.36%
||
7 Day CHG~0.00%
Published-16 Jul, 2015 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the save_order function in class-floating-social-bar.php in the Floating Social Bar plugin before 1.1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the items[] parameter in an fsb_save_order action to wp-admin/admin-ajax.php.

Action-Not Available
Vendor-n/aWPBeginner LLC
Product-floating_social_barn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-6058
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-14.67% / 94.33%
||
7 Day CHG~0.00%
Published-14 Oct, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Edge mishandles HTML attributes in HTTP responses, which allows remote attackers to bypass a cross-site scripting (XSS) protection mechanism via unspecified vectors, aka "Microsoft Edge XSS Filter Bypass."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-edgen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-5282
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.43% / 62.27%
||
7 Day CHG~0.00%
Published-25 Sep, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Foreman 1.7.0 and after.

Action-Not Available
Vendor-n/aThe Foreman
Product-foremann/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-5670
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-4.3||MEDIUM
EPSS-0.32% / 54.80%
||
7 Day CHG~0.00%
Published-29 Oct, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-techno_project_japann/a
Product-enisys_gwn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-5444
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.62% / 69.70%
||
7 Day CHG~0.00%
Published-18 Oct, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in HP Smart Profile Server Data Analytics Layer (SPS DAL) 2.3 before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-smart_profile_server_data_analytics_layern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-5454
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.51% / 65.75%
||
7 Day CHG~0.00%
Published-08 Jul, 2015 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Nucleus CMS allows remote attackers to inject arbitrary web script or HTML via the title parameter when adding a new item.

Action-Not Available
Vendor-nucleuscmsn/a
Product-nucleus_cmsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-6144
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-24.12% / 95.94%
||
7 Day CHG~0.00%
Published-09 Dec, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 8 through 11 and Microsoft Edge mishandle HTML attributes in HTTP responses, which allows remote attackers to bypass a cross-site scripting (XSS) protection mechanism via unspecified vectors, aka "Microsoft Browser XSS Filter Bypass Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2009-0026
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-40.10% / 97.24%
||
7 Day CHG~0.00%
Published-21 Jan, 2009 | 20:00
Updated-07 Aug, 2024 | 04:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-jackrabbitn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-6356
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.40% / 60.30%
||
7 Day CHG~0.00%
Published-04 Nov, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the WeChat page in Cisco Social Miner 10.0(1) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuw60212.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-socialminern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-5481
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.23% / 45.82%
||
7 Day CHG~0.00%
Published-18 Aug, 2015 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in forms/panels.php in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tab parameter in the gdbbpress_attachments page to wp-admin/edit.php.

Action-Not Available
Vendor-dev4pressn/a
Product-gd_bbpress_attachmentsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-5532
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.29% / 79.31%
||
7 Day CHG~0.00%
Published-23 Oct, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in the Paid Memberships Pro (PMPro) plugin before 1.8.4.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) s parameter to membershiplevels.php, (2) memberslist.php, or (3) orders.php in adminpages/ or the (4) edit parameter to adminpages/membershiplevels.php.

Action-Not Available
Vendor-strangerstudiosn/a
Product-paid_memberships_pron/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-5456
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.42% / 61.52%
||
7 Day CHG~0.00%
Published-08 Jul, 2015 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the form method in modules/formclass.php in PivotX before 2.3.11 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO, related to the "PHP_SELF" variable and form actions.

Action-Not Available
Vendor-pivotxn/a
Product-pivotxn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2009-0153
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-11.64% / 93.50%
||
7 Day CHG~0.00%
Published-13 May, 2009 | 15:14
Updated-07 Aug, 2024 | 04:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

International Components for Unicode (ICU) 4.0, 3.6, and other 3.x versions, as used in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Fedora 9 and 10, and possibly other operating systems, does not properly handle invalid byte sequences during Unicode conversion, which might allow remote attackers to conduct cross-site scripting (XSS) attacks.

Action-Not Available
Vendor-n/aApple Inc.
Product-mac_os_x_servermac_os_xn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-6337
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.25% / 48.06%
||
7 Day CHG~0.00%
Published-26 Jan, 2016 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0.10 allows remote attackers to inject arbitrary web script or HTML via a crafted hostname in an SNMP response, aka Bug ID CSCuw47238.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-application_policy_infrastructure_controller_enterprise_modulen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-5529
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-7.13% / 91.36%
||
7 Day CHG~0.00%
Published-16 Jul, 2015 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in Free Reprintables ArticleFR 3.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to dashboard/settings/categories/, (2) title or (3) rel parameter to dashboard/settings/links/, or (4) url parameter to dashboard/tools/pingservers/.

Action-Not Available
Vendor-freereprintablesn/a
Product-articlefrn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-6416
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.30% / 52.63%
||
7 Day CHG~0.00%
Published-14 Dec, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Cisco Unified Email Interaction Manager and Unified Web Interaction Manager 11.0(1) allows remote attackers to inject arbitrary web script or HTML a crafted URL, aka Bug ID CSCuw24479.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_web_and_e-mail_interaction_managern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-10779
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-6.1||MEDIUM
EPSS-0.29% / 52.24%
||
7 Day CHG~0.00%
Published-28 Jan, 2020 | 00:17
Updated-04 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

All versions of stroom:stroom-app before 5.5.12 and all versions of the 6.0.0 branch before 6.0.25 are affected by Cross-site Scripting. An attacker website is able to load the Stroom UI into a hidden iframe. Using that iframe, the attacker site can issue commands to the Stroom UI via an XSS vulnerability to take full control of the Stroom UI on behalf of the logged-in user.

Action-Not Available
Vendor-gchqn/a
Product-stroomstroom:stroom-app
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-6027
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-6.1||MEDIUM
EPSS-0.30% / 52.78%
||
7 Day CHG~0.00%
Published-10 Apr, 2017 | 03:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Castle Rock Computing SNMPc before 2015-12-17 has XSS via SNMP.

Action-Not Available
Vendor-castlerockn/a
Product-snmpcCastle Rock Computing SNMPc before 2015-12-17
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-5492
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.26% / 49.36%
||
7 Day CHG~0.00%
Published-18 Aug, 2015 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Video Consultation module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-video_consultation_projectn/a
Product-video_consultationn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-6035
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-6.1||MEDIUM
EPSS-0.30% / 52.78%
||
7 Day CHG~0.00%
Published-10 Apr, 2017 | 03:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Opsview before 2015-11-06 has XSS via SNMP.

Action-Not Available
Vendor-opsviewn/a
Product-opsviewOpsview before 2015-11-06
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-5487
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.33% / 55.42%
||
7 Day CHG~0.00%
Published-18 Aug, 2015 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Camtasia Relay module 6.x-2.x before 6.x-3.2 and 7.x-2.x before 7.x-1.3 for Drupal allows remote authenticated users with the "view meta information" permission to inject arbitrary web script or HTML via unspecified vectors related to the meta access tab.

Action-Not Available
Vendor-techsmithn/a
Product-camtasia_relayn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-5733
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.50% / 80.86%
||
7 Day CHG~0.00%
Published-09 Nov, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the refreshAdvancedAccessibilityOfItem function in wp-admin/js/nav-menu.js in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via an accessibility-helper title.

Action-Not Available
Vendor-n/aWordPress.org
Product-wordpressn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2008-7250
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.32% / 54.80%
||
7 Day CHG~0.00%
Published-30 Dec, 2009 | 22:00
Updated-16 Sep, 2024 | 22:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Squid Analysis Report Generator (Sarg) 2.2.4 allows remote attackers to inject arbitrary web script or HTML via a JavaScript onload event in the User-Agent header, which is not properly handled when displaying the Squid proxy log. NOTE: this issue exists because of an incomplete fix for CVE-2008-1168.

Action-Not Available
Vendor-pedro_lineu_orson/a
Product-sargn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-6099
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-28.55% / 96.42%
||
7 Day CHG-3.64%
Published-11 Nov, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in ASP.NET in Microsoft .NET Framework 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka ".NET Elevation of Privilege Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-.net_frameworkn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2008-6681
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.29% / 51.57%
||
7 Day CHG~0.00%
Published-09 Apr, 2009 | 15:00
Updated-07 Aug, 2024 | 11:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in dijit.Editor in Dojo before 1.1 allows remote attackers to inject arbitrary web script or HTML via XML entities in a TEXTAREA element.

Action-Not Available
Vendor-n/aDojo (OpenJS Foundation)
Product-dojon/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-5475
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.44% / 62.81%
||
7 Day CHG~0.00%
Published-14 Aug, 2015 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in Request Tracker (RT) 4.x before 4.2.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) user and (2) group rights management pages.

Action-Not Available
Vendor-n/aBest Practical Solutions, LLC
Product-request_trackern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-5664
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.1||MEDIUM
EPSS-0.31% / 53.68%
||
7 Day CHG~0.00%
Published-03 Jul, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in File Station in QNAP QTS before 4.2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aQNAP Systems, Inc.
Product-qtsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-6372
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.30% / 52.51%
||
7 Day CHG~0.00%
Published-18 Nov, 2015 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCux10614.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-firepower_extensible_operating_systemn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-5732
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.69% / 81.90%
||
7 Day CHG~0.00%
Published-09 Nov, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the form function in the WP_Nav_Menu_Widget class in wp-includes/default-widgets.php in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via a widget title.

Action-Not Available
Vendor-n/aWordPress.org
Product-wordpressn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-5691
Matching Score-4
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-4
Assigner-Symantec - A Division of Broadcom
CVSS Score-4.3||MEDIUM
EPSS-0.53% / 66.52%
||
7 Day CHG~0.00%
Published-20 Sep, 2015 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in PHP scripts in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, as demonstrated an attack against admin_messages.php.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-web_gatewayn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-6176
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-4.30% / 88.63%
||
7 Day CHG~0.00%
Published-09 Dec, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Edge mishandles HTML attributes in HTTP responses, which allows remote attackers to bypass a cross-site scripting (XSS) protection mechanism via unspecified vectors, aka "Microsoft Edge XSS Filter Bypass Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-edgen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-6255
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.45% / 63.30%
||
7 Day CHG~0.00%
Published-19 Aug, 2015 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Cisco Unified Web and E-Mail Interaction Manager 9.0(2) allows remote attackers to inject arbitrary web script or HTML via a crafted chat message, aka Bug ID CSCuo89051.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_web_and_e-mail_interaction_managern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-5968
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
ShareView Details
Matching Score-4
Assigner-OpenText (formerly Micro Focus)
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 47.06%
||
7 Day CHG~0.00%
Published-18 Mar, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Novell Filr 1.2 before Hot Patch 4 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

Action-Not Available
Vendor-n/aNovell
Product-filrn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2008-6988
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-5.89% / 90.39%
||
7 Day CHG~0.00%
Published-18 Aug, 2009 | 10:00
Updated-07 Aug, 2024 | 11:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in Easy Photo Gallery (aka Ezphotogallery) 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) galleryid parameter to gallery.php, and the (2) size or (3) imageid parameters to show.php.

Action-Not Available
Vendor-ezphotogalleryn/a
Product-ezphotogalleryn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2008-6838
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.33% / 79.68%
||
7 Day CHG~0.00%
Published-27 Jun, 2009 | 18:00
Updated-07 Aug, 2024 | 11:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in search.php in Zoph 0.7.2.1 allows remote attackers to inject arbitrary web script or HTML via the _off parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Action-Not Available
Vendor-zophn/a
Product-zophn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2008-7150
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.23% / 45.60%
||
7 Day CHG~0.00%
Published-01 Sep, 2009 | 16:00
Updated-07 Aug, 2024 | 11:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Refine by Taxonomy 5.x before 5.x-0.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a taxonomy term, which is not properly handled by refine_by_taxo when displaying tags.

Action-Not Available
Vendor-ber_kesselsn/aThe Drupal Association
Product-refine_by_taxodrupaln/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2008-7202
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.25% / 48.48%
||
7 Day CHG~0.00%
Published-10 Sep, 2009 | 10:00
Updated-17 Sep, 2024 | 04:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in OpenWebMail before 2.53 (Stable) allow remote attackers to inject arbitrary web script or HTML via unknown vectors.

Action-Not Available
Vendor-openwebmail.acatysmoofn/a
Product-openwebmailn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-5593
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.37% / 58.55%
||
7 Day CHG~0.00%
Published-31 Dec, 2019 | 20:42
Updated-06 Aug, 2024 | 06:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The sanitize_string function in Zenphoto before 1.4.9 does not properly sanitize HTML tags, which allows remote attackers to perform a cross-site scripting (XSS) attack by wrapping a payload in "<<script></script>script>payload<script></script></script>", or in an image tag, with the payload as the onerror event.

Action-Not Available
Vendor-zenphoton/a
Product-zenphoton/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-5460
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.81% / 73.88%
||
7 Day CHG~0.00%
Published-08 Jul, 2015 | 16:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in app/views/events/_menu.html.erb in Snorby 2.6.2 allows remote attackers to inject arbitrary web script or HTML via the title (cls.name variable) when creating a classification.

Action-Not Available
Vendor-snorby_projectn/a
Product-snorbyn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-5485
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.47% / 64.21%
||
7 Day CHG~0.00%
Published-18 Aug, 2015 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Event Import page (import-eventbrite-events.php) in the Modern Tribe Eventbrite Tickets plugin before 3.10.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "error" parameter to wp-admin/edit.php.

Action-Not Available
Vendor-n/aThe Events Calendar (StellarWP)
Product-eventbrite_ticketsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-6400
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.26% / 49.36%
||
7 Day CHG~0.00%
Published-13 Dec, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Emergency Responder 10.5(1a) allow remote attackers to inject arbitrary web script or HTML via unspecified fields, aka Bug ID CSCuv25547.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-emergency_respondern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-6402
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-34.27% / 96.88%
||
7 Day CHG~0.00%
Published-14 Dec, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the management interface on Cisco EPC3928 devices with EDVA 5.5.10, 5.5.11, and 5.7.1 allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCux24935.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-epc3928_docsis_3.0_8x4_wireless_residential_gateway_with_embedded_digital_voice_adaptern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2008-7089
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-4.91% / 89.39%
||
7 Day CHG~0.00%
Published-26 Aug, 2009 | 14:00
Updated-07 Aug, 2024 | 11:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Pligg 9.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a search action to user.php and other unspecified vectors.

Action-Not Available
Vendor-pliggn/a
Product-pligg_cmsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-6387
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.40% / 60.30%
||
7 Day CHG~0.00%
Published-05 Dec, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Cisco Unified Computing System (UCS) Central Software 1.3(0.1) allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCux33573.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unified_computing_system_central_softwaren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2008-6879
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-2.02% / 83.47%
||
7 Day CHG+0.29%
Published-30 Jul, 2009 | 19:00
Updated-17 Sep, 2024 | 04:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, 3.1, and 4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search action.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-rollern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2008-7017
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.55% / 67.46%
||
7 Day CHG~0.00%
Published-21 Aug, 2009 | 14:00
Updated-07 Aug, 2024 | 11:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in analyse.php in CAcert 20080921, and possibly other versions before 20080928, allows remote attackers to inject arbitrary web script or HTML via the CN (CommonName) field in the subject of an X.509 certificate.

Action-Not Available
Vendor-cacertn/a
Product-cacertn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-5507
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.36% / 57.60%
||
7 Day CHG~0.00%
Published-18 Aug, 2015 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Inline Entity Form module 7.x-1.x before 7.x-1.6 for Drupal allows remote authenticated users with permission to create or edit fields to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-inline_entity_form_projectn/a
Product-inline_entity_formn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 244
  • 245
  • Next
Details not found