CWE-79 CVEs and Security Vulnerabilities

Export limit exceeded: 350373 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (45916 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2002-2362	1 Sourceforge	1 Mymarket	2026-04-16	N/A
Cross-site scripting (XSS) vulnerability in form_header.php in MyMarket 1.71 allows remote attackers to inject arbitrary web script or HTML via the noticemsg parameter.
CVE-2003-1334	1 Kai Blankenhorn Bitfolge	1 Simple And Nice Index File	2026-04-16	N/A
Cross-site scripting (XSS) vulnerability in Kai Blankenhorn Bitfolge simple and nice index file (aka snif) before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2002-2255	1 Phpbb	1 Phpbb	2026-04-16	N/A
Cross-site scripting (XSS) vulnerability in search.php in phpBB 2.0.3 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via the search_username parameter in searchuser mode.
CVE-2006-0101	1 Sblog	1 Sblog	2026-04-16	N/A
Multiple cross-site scripting (XSS) vulnerabilities in sBLOG 0.7.1 Beta 20051202 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) p and (2) keyword parameters in (a) index.php and (b) search.php.
CVE-2004-2755	1 Symantec	1 Web Security	2026-04-16	N/A
Cross-site scripting (XSS) vulnerability in Symantec Web Security 2.5, 3.0.0, and 3.0.1 before build 62 allows remote attackers to inject arbitrary web script or HTML via the query string in blocked URLs that are listed in (1) error or (2) block page messages.
CVE-2006-3571	1 Papoo	1 Papoo	2026-04-16	N/A
Multiple cross-site scripting (XSS) vulnerabilities in interna/hilfe.php in Papoo 3 RC3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) titel or (2) ausgabe parameters.
CVE-2006-0779	1 Xmb Forum	1 Xmb	2026-04-16	N/A
Cross-site scripting (XSS) vulnerability in u2u.php in XMB Forums 1.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter, as demonstrated using a URL-encoded iframe tag.
CVE-2005-0485	1 Phparena	1 Panews	2026-04-16	N/A
Cross-site scripting (XSS) vulnerability in comment.php for paNews 2.0b4 for PHP Arena allows remote attackers to inject arbitrary HTML and web script via the showpost parameter.
CVE-2006-1750	1 Jmb Software	1 Autogallery	2026-04-16	N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Autogallery 0.41 allow remote attackers to inject arbitrary web script or HTML via the (1) pic or (2) show parameters.
CVE-2006-0233	1 Microblog	1 Microblog	2026-04-16	N/A
Cross-site scripting (XSS) vulnerability in functions.php in microBlog 2.0 RC-10 allows remote attackers to inject arbitrary web script and HTML via a javascript: URI in a [url] BBcode tag.
CVE-2006-2545	1 Xtreme Scripts	1 Xtreme Topsites	2026-04-16	N/A
Multiple cross-site scripting (XSS) vulnerabilities in Xtreme Topsites 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in stats.php and (2) unspecified inputs in lostid.php, probably the searchthis parameter. NOTE: one or more of these vectors might be resultant from SQL injection.
CVE-2003-1348	1 Ftls	1 Guestbook	2026-04-16	N/A
Cross-site scripting (XSS) vulnerability in guestbook.cgi in ftls.org Guestbook 1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) name, or (3) title field.
CVE-2002-2418	1 Acfp Project	1 Acfreeproxy	2026-04-16	N/A
Cross-site scripting (XSS) vulnerability in acFreeProxy (aka acFP) 1.33 beta 7 allows remote attackers to inject arbitrary web script or HTML via the URL, which is inserted into an error page.
CVE-2006-0938	1 Ez	1 Ez Publish	2026-04-16	N/A
Cross-site scripting (XSS) vulnerability in eZ publish 3.7.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the RefererURL parameter.
CVE-2003-1151	1 Fastream	1 Netfile Ftp Web Server	2026-04-16	N/A
Cross-site scripting (XSS) vulnerability in Fastream NETFile Server 6.0.3.588 allows remote attackers to inject arbitrary web script or HTML via the URL, which is displayed on a "404 Not Found" error page.
CVE-2005-3205	1 Oracle	1 Database Server	2026-04-16	N/A
Cross-site scripting (XSS) vulnerability in iSQL*Plus (iSQLPlus) in Oracle9i Database Server Release 2 9.0.2.4 allows remote attackers to inject arbitrary web script or HTML via script in the "set markup HTML TABLE" command, which is executed when the user selects a table.
CVE-2003-1522	1 Pscs	1 Vpop3 Web Mail Server	2026-04-16	N/A
Cross-site scripting (XSS) vulnerability in PSCS VPOP3 Web Mail server 2.0e and 2.0f allows remote attackers to inject arbitrary web script or HTML via the redirect parameter to the admin/index.html page.
CVE-2006-0603	1 Hinton Design	1 Phphg Guestbook	2026-04-16	N/A
Multiple cross-site scripting vulnerabilities in signed.php in Hinton Design phphg Guestbook 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) location, (2) website, or (3) message parameter.
CVE-2006-2800	1 Unak	1 Unak Cms	2026-04-16	N/A
Multiple cross-site scripting (XSS) vulnerabilities in Unak CMS 1.5 RC2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) u_a or (2) u_s parameters. NOTE: this might be resultant from SQL injection.
CVE-2003-1519	1 Vivisimo	1 Clustering Engine	2026-04-16	N/A
Cross-site scripting (XSS) vulnerability in Vivisimo clustering engine allows remote attackers to inject arbitrary web script or HTML via the query parameter to the search program.

« first previous Page 461 of 2296. next last »