Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-79
Total 44637 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-5260 1 Sap 1 Netweaver 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in SAP/BW/DOC/METADATA in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVE-2011-5258 1 Orangehrm 1 Orangehrm 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM before 2.6.11.2 allow remote attackers to inject arbitrary web script or HTML via the (1) uniqcode or (2) isAdmin parameter to index.php; or the (3) PATH_INFO to lib/controllers/centralcontroller.php.
CVE-2011-5257 2 Appthemes, Wordpress 2 Classipress, Wordpress 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Classipress theme before 3.1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) twitter_id parameter related to the Twitter widget and (2) facebook_id parameter related to the Facebook widget.
CVE-2011-5256 1 Limesurvey 1 Limesurvey 2026-06-16 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in the tooltips in LimeSurvey before 1.91+ Build 11379-20111116, when viewing survey results, allows remote attackers to inject arbitrary web script or HTML via unknown parameters.
CVE-2011-5255 1 X3cms 1 X3 Cms 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in admin/login in X3 CMS 0.4.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, (2) username, or (3) password parameter.
CVE-2011-5249 1 Intersectalliance 1 System Intrusion Analysis And Reporting Environment 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the events page in the System iNtrusion Analysis and Reporting Environment (SNARE) for Linux agent before 1.7.0 allows remote attackers to inject arbitrary web script or HTML via a logged shell command.
CVE-2011-5228 1 Apprain 1 Apprain 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Search module (quickstart/search) in appRain CMF 0.1.5 allows remote attackers to inject arbitrary web script or HTML via the ss parameter.
CVE-2011-5225 2 Trioniclabs, Wordpress 2 Sentinel, Wordpress 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in wordpress_sentinel.php in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2011-5223 1 Cacti 1 Cacti 2026-06-16 4.3 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in logout.php in Cacti before 0.8.7i allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2011-5221 1 Websvn 1 Websvn 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the getLog function in svnlook.php in WebSVN before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the path parameter to (1) comp.php, (2) diff.php, or (3) revision.php.
CVE-2011-5220 1 Cristopher Shi 1 Php-scms 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in templates/default/Admin/Login.html in PHP-SCMS 1.6.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter to index.php.
CVE-2011-5214 1 Browsercrm 1 Browsercrm 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) modules/admin/admin_module_index.php, or (3) modules/calendar/customise_calendar_times.php; login[] parameter to (4) index.php or (5) pub/clients.php; or framed parameter to (6) licence/index.php or (7) licence/view.php.
CVE-2011-5211 1 Intelliants 1 Subrion Cms 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the poll module in Subrion CMS 2.0.4 allows remote attackers to inject arbitrary web script or HTML via the title field. NOTE: some of these details are obtained from third party information. NOTE: this might overlap CVE-2012-5452.
CVE-2011-5209 1 Cloneforest 1 Graphicsclone Script 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in search/ in GraphicsClone Script, possibly 1.11, allows remote attackers to inject arbitrary web script or HTML via the term parameter.
CVE-2011-5207 2 Thecartpress, Wordpress 2 Thecartpress, Wordpress 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in admin/OptionsPostsList.php in the TheCartPress plugin for WordPress before 1.1.6 before 2011-12-31 allows remote attackers to inject arbitrary web script or HTML via the tcp_name_post_XXXXX parameter.
CVE-2011-5206 1 Rapidleech 1 Rapidleech 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in notes.php in Rapidleech before 2.3 rev42 SVN r399 allows remote attackers to inject arbitrary web script or HTML via the notes parameter.
CVE-2011-5205 1 Rapidleech 1 Rapidleech 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in audl.php in Rapidleech 2.3 rev42 SVN r358, rev43 SVN r397, and earlier allows remote attackers to inject arbitrary web script or HTML via the links parameter.
CVE-2011-5199 1 Steveyolam 1 Tinyguestbook 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in sign.php in tinyguestbook allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
CVE-2011-5194 2 Phpace, Wordpress 2 Samswhois, Wordpress 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in vendors/samswhois/samswhois.inc.php in the Whois Search plugin before 1.4.2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the domain parameter, a different vulnerability than CVE-2011-5193.
CVE-2011-5193 2 Phpace, Wordpress 2 Samswhois, Wordpress 2026-06-16 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in vendors/samswhois/samswhois.inc.php in the Whois Search plugin 1.4.2.3 for WordPress, when the WHOIS widget is enabled, allows remote attackers to inject arbitrary web script or HTML via the domain parameter to index.php, a different vulnerability than CVE-2011-5194.