Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2009-0781

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-09 Mar, 2009 | 21:00
Updated At-07 Aug, 2024 | 04:48
Rejected At-
Credits

Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:09 Mar, 2009 | 21:00
Updated At:07 Aug, 2024 | 04:48
Rejected At:
â–¼CVE Numbering Authority (CNA)

Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://tomcat.apache.org/security-4.html
x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=127420533226623&w=2
vendor-advisory
x_refsource_HP
http://www.mandriva.com/security/advisories?name=MDVSA-2009:138
vendor-advisory
x_refsource_MANDRIVA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6564
vdb-entry
signature
x_refsource_OVAL
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html
vendor-advisory
x_refsource_FEDORA
http://www.debian.org/security/2011/dsa-2207
vendor-advisory
x_refsource_DEBIAN
http://marc.info/?l=bugtraq&m=136485229118404&w=2
vendor-advisory
x_refsource_HP
https://exchange.xforce.ibmcloud.com/vulnerabilities/49213
vdb-entry
x_refsource_XF
http://secunia.com/advisories/37460
third-party-advisory
x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2010/3056
vdb-entry
x_refsource_VUPEN
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
x_refsource_CONFIRM
http://secunia.com/advisories/35788
third-party-advisory
x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=127420533226623&w=2
vendor-advisory
x_refsource_HP
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
vendor-advisory
x_refsource_APPLE
http://marc.info/?l=bugtraq&m=133469267822771&w=2
vendor-advisory
x_refsource_HP
http://www.vupen.com/english/advisories/2009/1856
vdb-entry
x_refsource_VUPEN
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11041
vdb-entry
signature
x_refsource_OVAL
http://www.securityfocus.com/archive/1/507985/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://secunia.com/advisories/42368
third-party-advisory
x_refsource_SECUNIA
http://tomcat.apache.org/security-6.html
x_refsource_CONFIRM
http://support.apple.com/kb/HT4077
x_refsource_CONFIRM
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html
vendor-advisory
x_refsource_FEDORA
http://secunia.com/advisories/35685
third-party-advisory
x_refsource_SECUNIA
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19345
vdb-entry
signature
x_refsource_OVAL
http://marc.info/?l=bugtraq&m=133469267822771&w=2
vendor-advisory
x_refsource_HP
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html
vendor-advisory
x_refsource_FEDORA
http://tomcat.apache.org/security-5.html
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
vendor-advisory
x_refsource_SUSE
http://marc.info/?l=bugtraq&m=129070310906557&w=2
vendor-advisory
x_refsource_HP
http://marc.info/?l=bugtraq&m=136485229118404&w=2
vendor-advisory
x_refsource_HP
http://www.mandriva.com/security/advisories?name=MDVSA-2009:136
vendor-advisory
x_refsource_MANDRIVA
http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1
vendor-advisory
x_refsource_SUNALERT
http://marc.info/?l=bugtraq&m=129070310906557&w=2
vendor-advisory
x_refsource_HP
http://www.vupen.com/english/advisories/2009/3316
vdb-entry
x_refsource_VUPEN
http://www.securityfocus.com/archive/1/501538/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
mailing-list
x_refsource_MLIST
Hyperlink: http://tomcat.apache.org/security-4.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://marc.info/?l=bugtraq&m=127420533226623&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:138
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6564
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.debian.org/security/2011/dsa-2207
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://marc.info/?l=bugtraq&m=136485229118404&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/49213
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://secunia.com/advisories/37460
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.vupen.com/english/advisories/2010/3056
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.vmware.com/security/advisories/VMSA-2009-0016.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/35788
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://marc.info/?l=bugtraq&m=127420533226623&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://marc.info/?l=bugtraq&m=133469267822771&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://www.vupen.com/english/advisories/2009/1856
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11041
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://www.securityfocus.com/archive/1/507985/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://secunia.com/advisories/42368
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://tomcat.apache.org/security-6.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://support.apple.com/kb/HT4077
Resource:
x_refsource_CONFIRM
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://secunia.com/advisories/35685
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19345
Resource:
vdb-entry
signature
x_refsource_OVAL
Hyperlink: http://marc.info/?l=bugtraq&m=133469267822771&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://tomcat.apache.org/security-5.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://marc.info/?l=bugtraq&m=129070310906557&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://marc.info/?l=bugtraq&m=136485229118404&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:136
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1
Resource:
vendor-advisory
x_refsource_SUNALERT
Hyperlink: http://marc.info/?l=bugtraq&m=129070310906557&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://www.vupen.com/english/advisories/2009/3316
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://www.securityfocus.com/archive/1/501538/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://tomcat.apache.org/security-4.html
x_refsource_CONFIRM
x_transferred
http://marc.info/?l=bugtraq&m=127420533226623&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2009:138
vendor-advisory
x_refsource_MANDRIVA
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6564
vdb-entry
signature
x_refsource_OVAL
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://www.debian.org/security/2011/dsa-2207
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://marc.info/?l=bugtraq&m=136485229118404&w=2
vendor-advisory
x_refsource_HP
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/49213
vdb-entry
x_refsource_XF
x_transferred
http://secunia.com/advisories/37460
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.vupen.com/english/advisories/2010/3056
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/35788
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://marc.info/?l=bugtraq&m=127420533226623&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://marc.info/?l=bugtraq&m=133469267822771&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://www.vupen.com/english/advisories/2009/1856
vdb-entry
x_refsource_VUPEN
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11041
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://www.securityfocus.com/archive/1/507985/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://secunia.com/advisories/42368
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://tomcat.apache.org/security-6.html
x_refsource_CONFIRM
x_transferred
http://support.apple.com/kb/HT4077
x_refsource_CONFIRM
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://secunia.com/advisories/35685
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19345
vdb-entry
signature
x_refsource_OVAL
x_transferred
http://marc.info/?l=bugtraq&m=133469267822771&w=2
vendor-advisory
x_refsource_HP
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://tomcat.apache.org/security-5.html
x_refsource_CONFIRM
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://marc.info/?l=bugtraq&m=129070310906557&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://marc.info/?l=bugtraq&m=136485229118404&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2009:136
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1
vendor-advisory
x_refsource_SUNALERT
x_transferred
http://marc.info/?l=bugtraq&m=129070310906557&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://www.vupen.com/english/advisories/2009/3316
vdb-entry
x_refsource_VUPEN
x_transferred
http://www.securityfocus.com/archive/1/501538/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://tomcat.apache.org/security-4.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=127420533226623&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:138
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6564
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.debian.org/security/2011/dsa-2207
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=136485229118404&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/49213
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://secunia.com/advisories/37460
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2010/3056
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.vmware.com/security/advisories/VMSA-2009-0016.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/35788
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=127420533226623&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=133469267822771&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2009/1856
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11041
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/507985/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://secunia.com/advisories/42368
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://tomcat.apache.org/security-6.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://support.apple.com/kb/HT4077
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://secunia.com/advisories/35685
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19345
Resource:
vdb-entry
signature
x_refsource_OVAL
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=133469267822771&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://tomcat.apache.org/security-5.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=129070310906557&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=136485229118404&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:136
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1
Resource:
vendor-advisory
x_refsource_SUNALERT
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=129070310906557&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2009/3316
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/501538/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:09 Mar, 2009 | 21:30
Updated At:23 Apr, 2026 | 00:35

Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML."

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CPE Matches
The Apache Software Foundation
apache
>>tomcat>>4.1.0
cpe:2.3:a:apache:tomcat:4.1.0:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>4.1.1
cpe:2.3:a:apache:tomcat:4.1.1:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>4.1.2
cpe:2.3:a:apache:tomcat:4.1.2:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>4.1.3
cpe:2.3:a:apache:tomcat:4.1.3:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>4.1.3
cpe:2.3:a:apache:tomcat:4.1.3:beta:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>4.1.4
cpe:2.3:a:apache:tomcat:4.1.4:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>4.1.5
cpe:2.3:a:apache:tomcat:4.1.5:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>4.1.6
cpe:2.3:a:apache:tomcat:4.1.6:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>4.1.7
cpe:2.3:a:apache:tomcat:4.1.7:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>4.1.8
cpe:2.3:a:apache:tomcat:4.1.8:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>4.1.9
cpe:2.3:a:apache:tomcat:4.1.9:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>4.1.9
cpe:2.3:a:apache:tomcat:4.1.9:beta:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>4.1.10
cpe:2.3:a:apache:tomcat:4.1.10:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>4.1.11
cpe:2.3:a:apache:tomcat:4.1.11:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>4.1.12
cpe:2.3:a:apache:tomcat:4.1.12:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>4.1.13
cpe:2.3:a:apache:tomcat:4.1.13:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>4.1.14
cpe:2.3:a:apache:tomcat:4.1.14:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>4.1.15
cpe:2.3:a:apache:tomcat:4.1.15:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>4.1.16
cpe:2.3:a:apache:tomcat:4.1.16:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>4.1.17
cpe:2.3:a:apache:tomcat:4.1.17:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>4.1.18
cpe:2.3:a:apache:tomcat:4.1.18:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>4.1.19
cpe:2.3:a:apache:tomcat:4.1.19:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>4.1.20
cpe:2.3:a:apache:tomcat:4.1.20:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>4.1.21
cpe:2.3:a:apache:tomcat:4.1.21:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>4.1.22
cpe:2.3:a:apache:tomcat:4.1.22:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>4.1.23
cpe:2.3:a:apache:tomcat:4.1.23:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>4.1.24
cpe:2.3:a:apache:tomcat:4.1.24:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>4.1.25
cpe:2.3:a:apache:tomcat:4.1.25:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>4.1.26
cpe:2.3:a:apache:tomcat:4.1.26:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>4.1.27
cpe:2.3:a:apache:tomcat:4.1.27:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>4.1.28
cpe:2.3:a:apache:tomcat:4.1.28:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>4.1.29
cpe:2.3:a:apache:tomcat:4.1.29:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>4.1.30
cpe:2.3:a:apache:tomcat:4.1.30:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>4.1.31
cpe:2.3:a:apache:tomcat:4.1.31:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>4.1.32
cpe:2.3:a:apache:tomcat:4.1.32:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>4.1.33
cpe:2.3:a:apache:tomcat:4.1.33:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>4.1.34
cpe:2.3:a:apache:tomcat:4.1.34:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>4.1.35
cpe:2.3:a:apache:tomcat:4.1.35:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>4.1.36
cpe:2.3:a:apache:tomcat:4.1.36:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>4.1.37
cpe:2.3:a:apache:tomcat:4.1.37:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>5.5.0
cpe:2.3:a:apache:tomcat:5.5.0:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>5.5.1
cpe:2.3:a:apache:tomcat:5.5.1:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>5.5.2
cpe:2.3:a:apache:tomcat:5.5.2:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>5.5.3
cpe:2.3:a:apache:tomcat:5.5.3:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>5.5.4
cpe:2.3:a:apache:tomcat:5.5.4:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>5.5.5
cpe:2.3:a:apache:tomcat:5.5.5:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>5.5.6
cpe:2.3:a:apache:tomcat:5.5.6:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>5.5.7
cpe:2.3:a:apache:tomcat:5.5.7:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>5.5.8
cpe:2.3:a:apache:tomcat:5.5.8:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>tomcat>>5.5.9
cpe:2.3:a:apache:tomcat:5.5.9:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-79Primarynvd@nist.gov
CWE ID: CWE-79
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
Organization : Red Hat
Last Modified : 2009-03-17T00:00:00

Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2009-0781 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/

References
HyperlinkSourceResource
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.htmlsecalert@redhat.com
N/A
http://marc.info/?l=bugtraq&m=127420533226623&w=2secalert@redhat.com
N/A
http://marc.info/?l=bugtraq&m=129070310906557&w=2secalert@redhat.com
N/A
http://marc.info/?l=bugtraq&m=133469267822771&w=2secalert@redhat.com
N/A
http://marc.info/?l=bugtraq&m=136485229118404&w=2secalert@redhat.com
N/A
http://secunia.com/advisories/35685secalert@redhat.com
N/A
http://secunia.com/advisories/35788secalert@redhat.com
N/A
http://secunia.com/advisories/37460secalert@redhat.com
N/A
http://secunia.com/advisories/42368secalert@redhat.com
N/A
http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1secalert@redhat.com
N/A
http://support.apple.com/kb/HT4077secalert@redhat.com
N/A
http://tomcat.apache.org/security-4.htmlsecalert@redhat.com
Vendor Advisory
http://tomcat.apache.org/security-5.htmlsecalert@redhat.com
Vendor Advisory
http://tomcat.apache.org/security-6.htmlsecalert@redhat.com
Vendor Advisory
http://www.debian.org/security/2011/dsa-2207secalert@redhat.com
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2009:136secalert@redhat.com
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2009:138secalert@redhat.com
N/A
http://www.securityfocus.com/archive/1/501538/100/0/threadedsecalert@redhat.com
N/A
http://www.securityfocus.com/archive/1/507985/100/0/threadedsecalert@redhat.com
N/A
http://www.vmware.com/security/advisories/VMSA-2009-0016.htmlsecalert@redhat.com
N/A
http://www.vupen.com/english/advisories/2009/1856secalert@redhat.com
N/A
http://www.vupen.com/english/advisories/2009/3316secalert@redhat.com
N/A
http://www.vupen.com/english/advisories/2010/3056secalert@redhat.com
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/49213secalert@redhat.com
N/A
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3Esecalert@redhat.com
N/A
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3Esecalert@redhat.com
N/A
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3Esecalert@redhat.com
N/A
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3Esecalert@redhat.com
N/A
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3Esecalert@redhat.com
N/A
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3Esecalert@redhat.com
N/A
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3Esecalert@redhat.com
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11041secalert@redhat.com
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19345secalert@redhat.com
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6564secalert@redhat.com
N/A
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.htmlsecalert@redhat.com
N/A
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.htmlsecalert@redhat.com
N/A
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.htmlsecalert@redhat.com
N/A
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=127420533226623&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=129070310906557&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=133469267822771&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=136485229118404&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/35685af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/35788af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/37460af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/42368af854a3a-2127-422b-91ae-364da2661108
N/A
http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1af854a3a-2127-422b-91ae-364da2661108
N/A
http://support.apple.com/kb/HT4077af854a3a-2127-422b-91ae-364da2661108
N/A
http://tomcat.apache.org/security-4.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://tomcat.apache.org/security-5.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://tomcat.apache.org/security-6.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.debian.org/security/2011/dsa-2207af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2009:136af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2009:138af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/501538/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/507985/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vmware.com/security/advisories/VMSA-2009-0016.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2009/1856af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2009/3316af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2010/3056af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/49213af854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11041af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19345af854a3a-2127-422b-91ae-364da2661108
N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6564af854a3a-2127-422b-91ae-364da2661108
N/A
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=127420533226623&w=2
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=129070310906557&w=2
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=133469267822771&w=2
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=136485229118404&w=2
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/35685
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/35788
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/37460
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/42368
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://support.apple.com/kb/HT4077
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://tomcat.apache.org/security-4.html
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://tomcat.apache.org/security-5.html
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://tomcat.apache.org/security-6.html
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://www.debian.org/security/2011/dsa-2207
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:136
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:138
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/501538/100/0/threaded
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/507985/100/0/threaded
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.vmware.com/security/advisories/VMSA-2009-0016.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2009/1856
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2009/3316
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2010/3056
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/49213
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11041
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19345
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6564
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=127420533226623&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=129070310906557&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=133469267822771&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=136485229118404&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/35685
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/35788
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/37460
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/42368
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://support.apple.com/kb/HT4077
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://tomcat.apache.org/security-4.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://tomcat.apache.org/security-5.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://tomcat.apache.org/security-6.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.debian.org/security/2011/dsa-2207
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:136
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2009:138
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/501538/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/507985/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vmware.com/security/advisories/VMSA-2009-0016.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2009/1856
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2009/3316
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2010/3056
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/49213
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/06cfb634bc7bf37af7d8f760f118018746ad8efbd519c4b789ac9c2e%40%3Cdev.tomcat.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5%40%3Cdev.tomcat.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/8dcaf7c3894d66cb717646ea1504ea6e300021c85bb4e677dc16b1aa%40%3Cdev.tomcat.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74%40%3Cdev.tomcat.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r3aacc40356defc3f248aa504b1e48e819dd0471a0a83349080c6bcbf%40%3Cdev.tomcat.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r584a714f141eff7b1c358d4679288177bd4ca4558e9999d15867d4b5%40%3Cdev.tomcat.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3%40%3Cdev.tomcat.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11041
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19345
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6564
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

12395Records found
CVE-2017-9390
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.51% / 66.56%
||
7 Day CHG~0.00%
Published-17 Jun, 2019 | 19:04
Updated-05 Aug, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a shell script called connect.sh which is supposed to return a specific cookie for the user when the user is authenticated to https://home.getvera.com. One of the parameters retrieved by this script is "RedirectURL". However, the application lacks strict input validation of this parameter and this allows an attacker to execute the client-side code on this application.

Action-Not Available
Vendor-getveran/a
Product-veraliteveraedgeveraedge_firmwareveralite_firmwaren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-9356
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.21% / 43.41%
||
7 Day CHG~0.00%
Published-23 Jun, 2017 | 05:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sitecore.NET 7.1 through 7.2 has a Cross Site Scripting Vulnerability via the searchStr parameter to the /Search-Results URI.

Action-Not Available
Vendor-n/aSitecore
Product-sitecore.netn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-35170
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-6.1||MEDIUM
EPSS-0.34% / 56.62%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 20:28
Updated-03 Aug, 2024 | 09:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP NetWeaver Enterprise Portal does - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore changing the scope of the attack. This leads to limited impact on confidentiality and integrity of data.

Action-Not Available
Vendor-SAP SE
Product-netweaver_enterprise_portalSAP NetWeaver Enterprise Portal
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-9467
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.59% / 69.41%
||
7 Day CHG~0.00%
Published-02 Aug, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the GlobalProtect external interface in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aPalo Alto Networks, Inc.
Product-pan-osn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2009-0763
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-3.64% / 88.00%
||
7 Day CHG~0.00%
Published-03 Mar, 2009 | 18:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in default.php in Kipper 2.01 allows remote attackers to inject arbitrary web script or HTML via the charm parameter.

Action-Not Available
Vendor-bookelvesn/a
Product-kippern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-9623
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.22% / 44.61%
||
7 Day CHG~0.00%
Published-14 Jun, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted country data.

Action-Not Available
Vendor-epesin/a
Product-epesin/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-11876
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.21% / 43.50%
||
7 Day CHG~0.00%
Published-24 May, 2019 | 15:48
Updated-04 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In PrestaShop 1.7.5.2, the shop_country parameter in the install/index.php installation script/component is affected by Reflected XSS. Exploitation by a malicious actor requires the user to follow the initial stages of the setup (accepting terms and conditions) before executing the malicious link.

Action-Not Available
Vendor-n/aThe Drupal AssociationPrestaShop S.A
Product-prestashopdrupaln/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-9668
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.22% / 44.85%
||
7 Day CHG~0.00%
Published-18 Jun, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In admin\addgroup.php in CMS Made Simple 2.1.6, when adding a user group, there is no XSS filtering, resulting in storage-type XSS generation, via the description parameter in an addgroup action.

Action-Not Available
Vendor-n/aThe CMS Made Simple Foundation
Product-cms_made_simplen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-9931
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 47.23%
||
7 Day CHG~0.00%
Published-21 Jul, 2017 | 06:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-Site Scripting (XSS) exists in Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, as demonstrated by the action parameter to ajax.cgi.

Action-Not Available
Vendor-greenpacketn/a
Product-dx-350dx-350_firmwaren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2008-4393
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.83% / 74.72%
||
7 Day CHG~0.00%
Published-07 Oct, 2008 | 18:27
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in VeriSign Kontiki Delivery Management System (DMS) 5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the action parameter to zodiac/servlet/zodiac.

Action-Not Available
Vendor-verisignn/a
Product-kontiki_delivery_management_systemn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-11449
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 47.23%
||
7 Day CHG~0.00%
Published-22 Apr, 2019 | 13:51
Updated-10 Dec, 2025 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

I, Librarian 4.10 has XSS via the notes.php notes parameter.

Action-Not Available
Vendor-scilicon/a
Product-i\,_librariann/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-1422
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-17.11% / 95.09%
||
7 Day CHG~0.00%
Published-29 Jan, 2015 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) horder[], (2) jak_catid, (3) jak_content, (4) jak_css, (5) jak_delete_log[], (6) jak_email, (7) jak_extfile, (8) jak_file, (9) jak_hookshow[], (10) jak_img, (11) jak_javascript, (12) jak_lcontent, (13) jak_name, (14) jak_password, (15) jak_showcontact, (16) jak_tags, (17) jak_title, (18) jak_url, (19) jak_username, (20) real_hook_id[], (21) sp, (22) sreal_plugin_id[], (23) ssp, or (24) sssp parameter to admin/index.php or the (25) editor, (26) field_id, (27) fldr, (28) lang, (29) popup, (30) subfolder, or (31) type parameter to js/editor/plugins/filemanager/dialog.php.

Action-Not Available
Vendor-jakwebn/a
Product-gecko_cmsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-35225
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-6.1||MEDIUM
EPSS-0.34% / 56.62%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 20:28
Updated-03 Aug, 2024 | 09:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore changing the scope of the attack. This leads to limited impact on confidentiality and integrity of data.

Action-Not Available
Vendor-SAP SE
Product-netweaver_enterprise_portalSAP NetWeaver Enterprise Portal
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2003-0712
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-17.95% / 95.24%
||
7 Day CHG~0.00%
Published-17 Oct, 2003 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the HTML encoding for the Compose New Message form in Microsoft Exchange Server 5.5 Outlook Web Access (OWA) allows remote attackers to execute arbitrary web script.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-exchange_servern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-8892
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.20% / 41.19%
||
7 Day CHG~0.00%
Published-10 May, 2017 | 17:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in OpenText Tempo Box 10.0.3 allows remote attackers to inject arbitrary web script or HTML persistently via the name of an uploaded image.

Action-Not Available
Vendor-n/aOpen Text Corporation
Product-tempo_boxn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-9288
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-2.84% / 86.41%
||
7 Day CHG~0.00%
Published-29 May, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Raygun4WP plugin 1.8.0 for WordPress is vulnerable to a reflected XSS in sendtesterror.php (backurl parameter).

Action-Not Available
Vendor-raygunn/a
Product-raygun4wpn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-2072
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.26% / 48.93%
||
7 Day CHG~0.00%
Published-27 Feb, 2015 | 15:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA 73 (1.00.73.00.389160) and HANA Developer Edition 80 (1.00.80.00.391861) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) ide/core/plugins/editor/templates/trace/hanaTraceDetailService.xsjs or (2) xs/ide/editor/templates/trace/hanaTraceDetailService.xsjs, aka SAP Note 2069676.

Action-Not Available
Vendor-n/aSAP SE
Product-hanan/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-9243
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.19% / 40.88%
||
7 Day CHG~0.00%
Published-28 May, 2017 | 18:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Aries QWR-1104 Wireless-N Router with Firmware Version WRC.253.2.0913 has XSS on the Wireless Site Survey page, exploitable with the name of an access point.

Action-Not Available
Vendor-aries_networksn/a
Product-qwr-1104_wireless-n_router_firmwareqwr-1104_wireless-n_routern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-8896
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.38% / 59.54%
||
7 Day CHG~0.00%
Published-17 Jul, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before 9.1.6, and 10.0.x before 10.0.2 are vulnerable to XSS on error pages by injecting code in url parameters.

Action-Not Available
Vendor-n/aownCloud GmbH
Product-owncloudn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-11398
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-2.05% / 84.08%
||
7 Day CHG~0.00%
Published-08 May, 2019 | 17:36
Updated-04 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in UliCMS 2019.2 and 2019.1 allow remote attackers to inject arbitrary web script or HTML via the go parameter to admin/index.php, the go parameter to /admin/index.php?register=register, or the error parameter to admin/index.php?action=favicon.

Action-Not Available
Vendor-ulicmsn/a
Product-ulicmsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-9292
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 47.23%
||
7 Day CHG~0.00%
Published-29 May, 2017 | 17:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lansweeper before 6.0.0.65 has XSS in an image retrieval URI, aka Bug 542782.

Action-Not Available
Vendor-lansweepern/a
Product-lansweepern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-9764
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.22% / 44.87%
||
7 Day CHG~0.00%
Published-19 Jul, 2017 | 12:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in MetInfo 5.3.17 allows remote attackers to inject arbitrary web script or HTML via the Client-IP or X-Forwarded-For HTTP header to /include/stat/stat.php in a para action.

Action-Not Available
Vendor-metinfon/a
Product-metinfon/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-35227
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-6.1||MEDIUM
EPSS-0.30% / 53.55%
||
7 Day CHG~0.00%
Published-12 Jul, 2022 | 20:28
Updated-03 Aug, 2024 | 09:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability in SAP NW EP (WPC) - versions 7.30, 7.31, 7.40, 7.50, which does not sufficiently validate user-controlled input, allows a remote attacker to conduct a Cross-Site (XSS) scripting attack. A successful exploit could allow the attacker to execute arbitrary script code which could lead to stealing or modifying of authentication information of the user, such as data relating to his or her current session.

Action-Not Available
Vendor-SAP SE
Product-netweaver_enterprise_portalSAP NetWeaver Enterprise Portal (WPC)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-9781
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.40% / 60.85%
||
7 Day CHG~0.00%
Published-21 Jun, 2017 | 18:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.4.0x prior to 1.4.0p6, allowing an unauthenticated remote attacker to inject arbitrary HTML or JavaScript via the _username parameter when attempting authentication to webapi.py, which is returned unencoded with content type text/html.

Action-Not Available
Vendor-check_mk_projectn/a
Product-check_mkn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-2169
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-4.12% / 88.77%
||
7 Day CHG~0.00%
Published-24 Jun, 2015 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 allows remote attackers to inject arbitrary web script or HTML via a Publisher registry entry, which is not properly handled when the machine is scanned.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_assetexplorern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-9061
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-3.31% / 87.41%
||
7 Day CHG~0.00%
Published-18 May, 2017 | 14:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the filename.

Action-Not Available
Vendor-n/aDebian GNU/LinuxWordPress.org
Product-debian_linuxwordpressn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-34879
Matching Score-4
Assigner-Rapid7, Inc.
ShareView Details
Matching Score-4
Assigner-Rapid7, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 45.18%
||
7 Day CHG~0.00%
Published-05 Jul, 2022 | 15:40
Updated-16 Sep, 2024 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
VICIDial 2.14b0.5 SVN 3550 was discovered to contain multiple Cross Site Scripting (XSS) vulnerabilities at /vicidial/admin.php.

Reflected Cross Site Scripting (XSS) vulnerabilities in AST Agent Time Sheet interface (/vicidial/AST_agent_time_sheet.php) of VICIdial via agent, and search_archived_data parameters. This issue affects: VICIdial 2.14b0.5 versions prior to 3555.

Action-Not Available
Vendor-vicidialVICIdial
Product-vicidialVICIdial
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-9813
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-3.67% / 88.06%
||
7 Day CHG~0.00%
Published-17 Jul, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312), the scriptName parameter of the licenseKeyInfo action method is vulnerable to cross-site scripting (XSS).

Action-Not Available
Vendor-n/aKaspersky Lab
Product-anti-virus_for_linux_servern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-9783
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.34% / 56.54%
||
7 Day CHG~0.00%
Published-06 Mar, 2018 | 16:00
Updated-05 Aug, 2024 | 17:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) before commit 6c3710430be26feb5371cb0377e5355d6f9a27ca allows remote attackers to inject arbitrary web script or HTML via the Description field in a Site name updated.

Action-Not Available
Vendor-projectsendn/a
Product-projectsendn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-18531
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.23% / 45.65%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 15:48
Updated-05 Aug, 2024 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The raygun4wp plugin before 1.8.3 for WordPress has XSS in the settings, a different issue than CVE-2017-9288.

Action-Not Available
Vendor-raygunn/a
Product-raygun4wpn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2003-0801
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.31% / 54.23%
||
7 Day CHG~0.00%
Published-18 Sep, 2003 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Nokia Electronic Documentation (NED) 5.0 allows remote attackers to execute arbitrary web script and steal cookies via a URL to the docs/ directory that contains the script.

Action-Not Available
Vendor-n/aNokia Corporation
Product-electronic_documentationn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-9523
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.13% / 31.57%
||
7 Day CHG~0.00%
Published-09 Jun, 2017 | 00:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Sophos Web Appliance before 4.3.2 has XSS in the FTP redirect page, aka NSWA-1342.

Action-Not Available
Vendor-n/aSophos Ltd.
Product-web_appliancen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-18564
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.10% / 26.54%
||
7 Day CHG~0.00%
Published-21 Aug, 2019 | 17:19
Updated-05 Aug, 2024 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The sender plugin before 1.2.1 for WordPress has multiple XSS issues.

Action-Not Available
Vendor-n/aBestWebSoft
Product-sendern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2003-0624
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-3.46% / 87.69%
||
7 Day CHG~0.00%
Published-05 Nov, 2003 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for BEA WebLogic 8.1 and earlier allows remote attackers to inject malicious web script via the person parameter.

Action-Not Available
Vendor-n/aBEA Systems, Inc.
Product-weblogic_servern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-8920
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.30% / 53.50%
||
7 Day CHG~0.00%
Published-06 Jun, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

irc.cgi in CGI:IRC before 0.5.12 reflects user-supplied input from the R parameter without proper output encoding, aka XSS.

Action-Not Available
Vendor-cgiircn/a
Product-cgi\n/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-9419
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.19% / 40.27%
||
7 Day CHG~0.00%
Published-15 Jun, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Webhammer WP Custom Fields Search plugin 0.3.28 for WordPress allows remote attackers to inject arbitrary JavaScript via the cs-all-0 parameter.

Action-Not Available
Vendor-webhammern/a
Product-wp_custom_fields_searchn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-9140
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-4.84% / 89.64%
||
7 Day CHG~0.00%
Published-22 May, 2017 | 04:54
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 (11.0.17.406) allows remote attackers to inject arbitrary web script or HTML via the bgColor parameter to Telerik.ReportViewer.axd.

Action-Not Available
Vendor-n/aProgress Software Corporation
Product-telerik_reportingsitefinity_cmsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2008-3968
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.47% / 65.06%
||
7 Day CHG~0.00%
Published-10 Sep, 2008 | 15:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in userlist.php in PunBB before 1.2.20 allows remote attackers to inject arbitrary web script or HTML via the p parameter.

Action-Not Available
Vendor-punbbn/a
Product-punbbn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-34171
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-1.84% / 83.19%
||
7 Day CHG~0.00%
Published-22 Jun, 2022 | 14:40
Updated-03 Aug, 2024 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Jenkins 2.321 through 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the HTML output generated for new symbol-based SVG icons includes the 'title' attribute of 'l:ionicon' (until Jenkins 2.334) and 'alt' attribute of 'l:icon' (since Jenkins 2.335) without further escaping, resulting in a cross-site scripting (XSS) vulnerability.

Action-Not Available
Vendor-Jenkins
Product-jenkinsJenkins
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2012-6453
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 45.15%
||
7 Day CHG~0.00%
Published-31 Dec, 2012 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the RSS Reader extension before 0.2.6 for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a crafted feed.

Action-Not Available
Vendor-n/aWikimedia Foundation
Product-rssreadern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-9621
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.40% / 60.78%
||
7 Day CHG~0.00%
Published-14 Jun, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in modules/Base/Lang/Administrator/update_translation.php in EPESI in Telaxus/EPESI 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) original or (2) new parameter.

Action-Not Available
Vendor-epesin/a
Product-epesin/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2008-2209
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.33% / 55.93%
||
7 Day CHG~0.00%
Published-14 May, 2008 | 17:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in admin/inc/header.php in Maian Greeting 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_script and (2) msg_script2 parameters.

Action-Not Available
Vendor-maianscriptworldn/a
Product-maian_greetingn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-10779
Matching Score-4
Assigner-Snyk
ShareView Details
Matching Score-4
Assigner-Snyk
CVSS Score-6.1||MEDIUM
EPSS-0.29% / 52.68%
||
7 Day CHG~0.00%
Published-28 Jan, 2020 | 00:17
Updated-04 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

All versions of stroom:stroom-app before 5.5.12 and all versions of the 6.0.0 branch before 6.0.25 are affected by Cross-site Scripting. An attacker website is able to load the Stroom UI into a hidden iframe. Using that iframe, the attacker site can issue commands to the Stroom UI via an XSS vulnerability to take full control of the Stroom UI on behalf of the logged-in user.

Action-Not Available
Vendor-gchqn/a
Product-stroomstroom:stroom-app
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-9032
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.24% / 79.49%
||
7 Day CHG~0.00%
Published-25 May, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allow remote attackers to inject arbitrary web script or HTML via the (1) T1 or (2) tmLastConfigFileModifiedDate parameter to log_management.cgi.

Action-Not Available
Vendor-n/aTrend Micro Incorporated
Product-serverprotectn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-9305
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.42% / 61.91%
||
7 Day CHG~0.00%
Published-31 May, 2017 | 03:54
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

lib/core/TikiFilter/PreventXss.php in Tiki Wiki CMS Groupware 16.2 allows remote attackers to bypass the XSS filter via padded zero characters, as demonstrated by an attack on tiki-batch_send_newsletter.php.

Action-Not Available
Vendor-tikin/a
Product-tikiwiki_cms\/groupwaren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-9425
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 46.38%
||
7 Day CHG~0.00%
Published-26 Feb, 2018 | 04:00
Updated-05 Aug, 2024 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Facetag extension 0.0.3 for Piwigo allows XSS via the name parameter to ws.php in a facetag.changeTag action.

Action-Not Available
Vendor-facetag_projectn/a
Product-facetagn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-9306
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.66% / 71.34%
||
7 Day CHG~0.00%
Published-31 May, 2017 | 03:54
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

inc/SP/Html/Html.class.php in sysPass 2.1.9 allows remote attackers to bypass the XSS filter, as demonstrated by use of an "<svg/onload=" substring instead of an "<svg onload=" substring.

Action-Not Available
Vendor-syspassn/a
Product-syspassn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-9244
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.22% / 44.87%
||
7 Day CHG~0.00%
Published-02 Aug, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Trello app before 4.0.8 for iOS might allow remote attackers to inject arbitrary web script or HTML by uploading and attaching a crafted photo to a Card.

Action-Not Available
Vendor-trellon/a
Product-trellon/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-1010193
Matching Score-4
Assigner-7556d962-6fb7-411e-85fa-6cd62f095ba8
ShareView Details
Matching Score-4
Assigner-7556d962-6fb7-411e-85fa-6cd62f095ba8
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 47.23%
||
7 Day CHG~0.00%
Published-24 Jul, 2019 | 12:50
Updated-05 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

hisiphp 1.0.8 is affected by: Cross Site Scripting (XSS).

Action-Not Available
Vendor-hisiphphisiphp
Product-hisiphphisiphp
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-34172
Matching Score-4
Assigner-Jenkins Project
ShareView Details
Matching Score-4
Assigner-Jenkins Project
CVSS Score-5.4||MEDIUM
EPSS-2.76% / 86.21%
||
7 Day CHG~0.00%
Published-22 Jun, 2022 | 14:40
Updated-03 Aug, 2024 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Jenkins 2.340 through 2.355 (both inclusive) symbol-based icons unescape previously escaped values of 'tooltip' parameters, resulting in a cross-site scripting (XSS) vulnerability.

Action-Not Available
Vendor-Jenkins
Product-jenkinsJenkins
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • ...
  • 10
  • 11
  • 12
  • ...
  • 247
  • 248
  • Next
Details not found