CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Related To CWE-79

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-1000155 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin wpsolr-search-engine v7.6
2 CVE-2016-1000154 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin whizz v1.0.7
3 CVE-2016-1000153 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin tidio-gallery v1.1
4 CVE-2016-1000152 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin tidio-form v1.0
5 CVE-2016-1000151 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin tera-charts v1.0
6 CVE-2016-1000150 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin simplified-content v1.0.0
7 CVE-2016-1000149 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin simpel-reserveren v3.5.2
8 CVE-2016-1000148 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin s3-video v0.983
9 CVE-2016-1000147 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin recipes-writer v1.0.4
10 CVE-2016-1000146 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin pondol-formmail v1.1
11 CVE-2016-1000145 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin pondol-carousel v1.0
12 CVE-2016-1000144 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin photoxhibit v2.1.8
13 CVE-2016-1000143 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin photoxhibit v2.1.8
14 CVE-2016-1000142 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin parsi-font v4.2.5
15 CVE-2016-1000141 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin page-layout-builder v1.9.3
16 CVE-2016-1000140 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin new-year-firework v1.1.9
17 CVE-2016-1000139 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin infusionsoft v1.5.11
18 CVE-2016-1000138 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin indexisto v1.0.5
19 CVE-2016-1000137 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin hero-maps-pro v2.1.0
20 CVE-2016-1000136 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin heat-trackr v1.0
21 CVE-2016-1000135 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin hdw-tube v1.2
22 CVE-2016-1000134 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin hdw-tube v1.2
23 CVE-2016-1000133 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin forget-about-shortcode-buttons v1.1.1
24 CVE-2016-1000132 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin enhanced-tooltipglossary v3.2.8
25 CVE-2016-1000131 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin e-search v1.0
26 CVE-2016-1000130 79 XSS 2016-10-10 2016-10-12
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin e-search v1.0
27 CVE-2016-1000129 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin defa-online-image-protector v3.3
28 CVE-2016-1000128 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin anti-plagiarism v3.60
29 CVE-2016-1000127 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin ajax-random-post v2.00
30 CVE-2016-1000126 79 XSS 2016-10-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Reflected XSS in wordpress plugin admin-font-editor v1.8
31 CVE-2016-1000121 79 XSS 2016-10-27 2016-11-28
3.5
None Remote Medium Single system None Partial None
XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension
32 CVE-2016-1000119 79 XSS 2016-10-21 2016-11-28
6.5
None Remote Low Single system Partial Partial Partial
SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla
33 CVE-2016-1000118 79 XSS 2016-10-21 2016-11-28
6.5
None Remote Low Single system Partial Partial Partial
XSS & SQLi in HugeIT slideshow v1.0.4
34 CVE-2016-1000117 79 XSS 2016-10-21 2016-11-28
6.5
None Remote Low Single system Partial Partial Partial
XSS & SQLi in HugeIT slideshow v1.0.4
35 CVE-2016-1000116 79 Sql XSS 2016-10-21 2016-11-28
6.5
None Remote Low Single system Partial Partial Partial
Huge-IT Portfolio Gallery manager v1.1.5 SQL Injection and XSS
36 CVE-2016-1000115 79 Sql XSS 2016-10-21 2016-11-28
6.5
None Remote Low Single system Partial Partial Partial
Huge-IT Portfolio Gallery manager v1.1.5 SQL Injection and XSS
37 CVE-2016-1000114 79 XSS 2016-10-06 2016-11-28
4.3
None Remote Medium Not required None Partial None
XSS in huge IT gallery v1.1.5 for Joomla
38 CVE-2016-1000007 79 XSS 2016-10-07 2016-11-07
4.3
None Remote Medium Not required None Partial None
Pagure 2.2.1 XSS in raw file endpoint
39 CVE-2016-9751 79 XSS 2016-12-01 2016-12-01
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the search results front end in Piwigo 2.8.3 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
40 CVE-2016-9188 79 XSS 2016-11-04 2016-11-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerabilities in Moodle CMS on or before 3.1.2 allow remote attackers to inject arbitrary web script or HTML via the s_additionalhtmlhead, s_additionalhtmltopofbody, and s_additionalhtmlfooter parameters.
41 CVE-2016-8583 79 XSS 2016-10-28 2016-11-28
4.3
None Remote Medium Not required None Partial None
Multiple GET parameters in the vulnerability scan scheduler of AlienVault OSSIM and USM before 5.3.2 are vulnerable to reflected XSS.
42 CVE-2016-8581 79 XSS 2016-10-28 2016-11-28
4.3
None Remote Medium Not required None Partial None
A persistent XSS vulnerability exists in the User-Agent header of the login process of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to steal session IDs of logged in users when the current sessions are viewed by an administrator.
43 CVE-2016-8506 79 XSS 2016-10-26 2016-12-02
4.3
None Remote Medium Not required None Partial None
XSS in Yandex Browser Translator in Yandex browser for desktop for versions from 15.12 to 16.2 could be used by remote attacker for evaluation arbitrary javascript code.
44 CVE-2016-8505 79 XSS 2016-10-26 2016-12-02
4.3
None Remote Medium Not required None Partial None
XSS in Yandex Browser BookReader in Yandex browser for desktop for versions before 16.6. could be used by remote attacker for evaluation arbitrary javascript code.
45 CVE-2016-7851 79 XSS 2016-11-08 2016-11-28
4.3
None Remote Medium Not required None Partial None
Adobe Connect version 9.5.6 and earlier does not adequately validate input in the events registration module. This vulnerability could be exploited in cross-site scripting attacks.
46 CVE-2016-7571 79 XSS 2016-10-03 2016-10-04
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Drupal 8.x before 8.1.10 allows remote attackers to inject arbitrary web script or HTML via vectors involving an HTTP exception.
47 CVE-2016-7419 79 XSS 2016-09-17 2016-11-28
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in share.js in the gallery application in ownCloud Server before 9.0.4 and Nextcloud Server before 9.0.52 allows remote authenticated users to inject arbitrary web script or HTML via a crafted directory name.
48 CVE-2016-7251 79 XSS 2016-11-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the MDS API in Microsoft SQL Server 2016 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "MDS API XSS Vulnerability."
49 CVE-2016-7239 79 XSS +Info 2016-11-10 2016-11-28
2.6
None Remote High Not required Partial None None
The RegEx class in the XSS filter in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive information via unspecified vectors, aka "Microsoft Browser Information Disclosure Vulnerability."
50 CVE-2016-7148 79 XSS 2016-11-10 2016-11-28
4.3
None Remote Medium Not required None Partial None
MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=AttachFile (via page name) component.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.