CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-79

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-1002017 79 XSS 2017-09-14 2017-09-21
4.3
None Remote Medium Not required None Partial None
Vulnerability in wordpress plugin gift-certificate-creator v1.0, The code in gc-list.php doesn't sanitize user input to prevent a stored XSS vulnerability.
2 CVE-2017-1002011 79 XSS 2017-09-14 2017-09-20
3.5
None Remote Medium Single system None Partial None
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, There is a stored XSS vulnerability via the $value->gallery_name and $value->gallery_description where anyone with privileges to modify or add galleries/images and inject javascript into the database.
3 CVE-2017-1000109 79 XSS 2017-10-04 2017-10-19
4.3
None Remote Medium Not required None Partial None
The custom Details view of the Static Analysis Utilities based OWASP Dependency-Check Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view.
4 CVE-2017-1000078 79 XSS 2017-07-17 2017-07-19
4.3
None Remote Medium Not required None Partial None
Linux foundation ONOS 1.9 is vulnerable to XSS in the device registration
5 CVE-2017-1000065 79 XSS 2017-07-17 2017-07-21
4.3
None Remote Medium Not required None Partial None
Multiple Cross-site scripting (XSS) vulnerabilities in rpc.php in OpenMediaVault release 2.1 in Access Rights Management(Users) functionality allows attackers to inject arbitrary web scripts and execute malicious scripts within an authenticated client's browser.
6 CVE-2017-1000063 79 XSS 2017-07-17 2017-07-19
4.3
None Remote Medium Not required None Partial None
kittoframework kitto version 0.5.1 is vulnerable to an XSS in the 404 page resulting in information disclosure
7 CVE-2017-1000059 79 Exec Code XSS 2017-07-17 2017-07-20
4.3
None Remote Medium Not required None Partial None
Live Helper Chat version 2.06v and older is vulnerable to Cross-Site Scripting in the HTTP Header handling resulting in the execution of any user provided Javascript code in the session of other users.
8 CVE-2017-1000058 79 XSS 2017-07-17 2017-07-20
4.3
None Remote Medium Not required None Partial None
Stored XSS in chevereto CMS before version 3.8.11
9 CVE-2017-1000057 79 XSS 2017-07-17 2017-07-21
4.3
None Remote Medium Not required None Partial None
A reflected cross-site scripting vulnerability in GetSimple CMS version 3.3.13 and earlier, allow remote attackers to inject arbitrary JavaScript in the URL-field for the administrative login page (/admin/index.php).
10 CVE-2017-1000054 79 XSS 2017-07-17 2017-07-19
4.3
None Remote Medium Not required None Partial None
Rocket.Chat version 0.8.0 and newer is vulnerable to XSS in the markdown link parsing code for messages.
11 CVE-2017-1000051 79 XSS 2017-07-17 2017-07-20
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in pad export in XWiki labs CryptPad before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the pad content
12 CVE-2017-1000049 79 XSS 2017-07-17 2017-07-19
4.3
None Remote Medium Not required None Partial None
Roundcube Webmail 1.1.5 is vulnerable to Persistent Xss
13 CVE-2017-1000043 79 XSS 2017-07-17 2017-07-20
4.3
None Remote Medium Not required None Partial None
Mapbox.js versions 1.x prior to 1.6.6 and 2.x prior to 2.2.4 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON name and map share control
14 CVE-2017-1000042 79 XSS 2017-07-17 2017-07-20
4.3
None Remote Medium Not required None Partial None
Mapbox.js versions 1.x prior to 1.6.5 and 2.x prior to 2.1.7 are vulnerable to a cross-site-scripting attack in certain uncommon usage scenarios via TileJSON Name.
15 CVE-2017-1000038 79 XSS 2017-07-17 2017-07-20
4.3
None Remote Medium Not required None Partial None
WordPress plugin Relevanssi version 3.5.7.1 is vulnerable to stored XSS resulting in attacker being able to execute JavaScript on the affected site
16 CVE-2017-1000036 79 Exec Code XSS 2017-07-17 2017-07-20
4.3
None Remote Medium Not required None Partial None
All versions of Candy Chat are vulnerable to an XSS attack by message senders, permitting remote code execution within the page
17 CVE-2017-1000035 79 XSS 2017-07-17 2017-10-06
4.3
None Remote Medium Not required None Partial None
Tiny Tiny RSS before 829d478f is vulnerable to XSS window.opener attack
18 CVE-2017-1000033 79 Exec Code XSS 2017-07-17 2017-07-21
4.3
None Remote Medium Not required None Partial None
Wordpress Plugin Vospari Forms version < 1.4 is vulnerable to a reflected cross site scripting in the form submission resulting in javascript code execution in the context on the current user.
19 CVE-2017-1000032 79 XSS 2017-07-17 2017-07-19
4.3
None Remote Medium Not required None Partial None
Cross-Site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the parent_id parameter to tree.php and drp_action parameter to data_sources.php.
20 CVE-2017-1000023 79 XSS 2017-07-17 2017-07-20
4.3
None Remote Medium Not required None Partial None
LogicalDoc CommunityEdition 7.5.3 and prior is vulnerable to an XSS when using preview on HTML document
21 CVE-2017-1000015 79 XSS 2017-07-17 2017-07-19
4.3
None Remote Medium Not required None Partial None
phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack through crafted cookie parameters
22 CVE-2017-1000012 79 XSS 2017-07-17 2017-08-15
4.3
None Remote Medium Not required None Partial None
MySQL Dumper version 1.24 is vulnerable to stored XSS when displaying the data in the database to the user
23 CVE-2017-1000011 79 XSS 2017-07-17 2017-07-20
4.3
None Remote Medium Not required None Partial None
MyWebSQL version 3.6 is vulnerable to stored XSS in the database manager component resulting in account takeover or stealing of information
24 CVE-2017-1000006 79 XSS 2017-07-17 2017-07-27
4.3
None Remote Medium Not required None Partial None
Plotly, Inc. plotly.js versions prior to 1.16.0 are vulnerable to an XSS issue.
25 CVE-2017-1000005 79 XSS 2017-07-17 2017-07-21
4.3
None Remote Medium Not required None Partial None
PHPMiniAdmin version 1.9.160630 is vulnerable to stored XSS in the name of databases, tables and columns resulting in potential account takeover and scraping of data (stealing data).
26 CVE-2017-15194 79 XSS 2017-10-10 2017-10-20
4.3
None Remote Medium Not required None Partial None
include/global_session.php in Cacti 1.1.25 has XSS related to (1) the URI or (2) the refresh page.
27 CVE-2017-15009 79 XSS 2017-10-03 2017-10-12
4.3
None Remote Medium Not required None Partial None
PRTG Network Monitor version 17.3.33.2830 is vulnerable to reflected Cross-Site Scripting on error.htm (the error page), via the errormsg parameter.
28 CVE-2017-15008 79 XSS 2017-10-03 2017-10-12
3.5
None Remote Medium Single system None Partial None
PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored Cross-Site Scripting on all sensor titles, related to incorrect error handling for a %00 in the SRC attribute of an IMG element.
29 CVE-2017-14985 79 XSS 2017-10-02 2017-10-10
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the url parameter to module/module_frame/index.php.
30 CVE-2017-14984 79 XSS 2017-10-02 2017-10-10
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the bp_name parameter to /module/admin_bp/add_services.php.
31 CVE-2017-14983 79 XSS 2017-10-02 2017-10-10
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the object parameter to module/admin_conf/index.php.
32 CVE-2017-14981 79 XSS 2017-10-02 2017-10-11
3.5
None Remote Medium Single system None Partial None
Cross-Site Scripting (XSS) was discovered in ATutor before 2.2.3. The vulnerability exists due to insufficient filtration of data (url in /mods/_standard/rss_feeds/edit_feed.php). An attacker could inject arbitrary HTML and script code into a browser in the context of the vulnerable website.
33 CVE-2017-14957 79 XSS 2017-10-01 2017-10-06
4.3
None Remote Medium Not required None Partial None
Stored XSS vulnerability via a comment in inc/conv.php in BlogoText before 3.7.6 allows an unauthenticated attacker to inject JavaScript. If the victim is an administrator, an attacker can (for example) change global settings or create/delete posts. It is also possible to execute JavaScript against unauthenticated users of the blog.
34 CVE-2017-14923 79 XSS 2017-09-29 2017-10-05
3.5
None Remote Medium Single system None Partial None
Stored XSS vulnerability via IMG element at "Leadname" of CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users.
35 CVE-2017-14922 79 XSS 2017-09-29 2017-10-05
3.5
None Remote Medium Single system None Partial None
Stored XSS vulnerability via IMG element at "History" of Profile, Calendar, Tasks, and CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users.
36 CVE-2017-14921 79 XSS 2017-09-29 2017-10-05
3.5
None Remote Medium Single system None Partial None
Stored XSS vulnerability via IMG element at "Filename" of Filemanager in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users.
37 CVE-2017-14920 79 XSS 2017-09-29 2017-10-05
4.3
None Remote Medium Not required None Partial None
Stored XSS vulnerability in eGroupware Community Edition before 16.1.20170922 allows an unauthenticated remote attacker to inject JavaScript via the User-Agent HTTP header, which is mishandled during rendering by the application administrator.
38 CVE-2017-14765 79 XSS 2017-09-27 2017-09-29
4.3
None Remote Medium Not required None Partial None
In GeniXCMS 1.1.4, gxadmin/index.php has XSS via the Menu ID field in a page=menus request.
39 CVE-2017-14762 79 XSS 2017-09-27 2017-09-29
4.3
None Remote Medium Not required None Partial None
In GeniXCMS 1.1.4, /inc/lib/Control/Backend/menus.control.php has XSS via the id parameter.
40 CVE-2017-14761 79 XSS 2017-09-27 2017-09-29
4.3
None Remote Medium Not required None Partial None
In GeniXCMS 1.1.4, /inc/lib/backend/menus.control.php has XSS via the id parameter.
41 CVE-2017-14756 79 XSS 2017-10-02 2017-10-11
4.3
None Remote Medium Not required None Partial None
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Cross-Site Scripting: /xAdmin/html/Deployment (cat_id).
42 CVE-2017-14755 79 XSS 2017-10-02 2017-10-11
4.3
None Remote Medium Not required None Partial None
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Cross-Site Scripting: /xAdmin/html/XPressoDoc, parameter: categoryId.
43 CVE-2017-14753 79 XSS 2017-09-26 2017-10-06
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the filter parameter to module/module_filters/index.php.
44 CVE-2017-14751 79 XSS 2017-09-26 2017-10-06
4.3
None Remote Medium Not required None Partial None
The Intense WP "WP Jobs" plugin 1.5 for WordPress has XSS, related to the Job Qualification field.
45 CVE-2017-14744 79 XSS 2017-09-26 2017-10-06
4.3
None Remote Medium Not required None Partial None
UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element.
46 CVE-2017-14735 79 XSS 2017-09-25 2017-10-06
4.3
None Remote Medium Not required None Partial None
OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of &colon; to construct a javascript: URL.
47 CVE-2017-14726 79 XSS 2017-09-23 2017-10-15
4.3
None Remote Medium Not required None Partial None
Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor.
48 CVE-2017-14724 79 XSS 2017-09-23 2017-10-15
4.3
None Remote Medium Not required None Partial None
Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery.
49 CVE-2017-14721 79 XSS 2017-09-23 2017-10-15
4.3
None Remote Medium Not required None Partial None
Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name.
50 CVE-2017-14720 79 XSS 2017-09-23 2017-10-15
4.3
None Remote Medium Not required None Partial None
Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.