Vulnerabilities (CVE)

Filtered by CWE-79
Total 44813 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-4762 1 Otrs 1 Otrs 2026-06-16 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in the rich-text-editor component in Open Ticket Request System (OTRS) before 3.0.0-beta2 allows remote authenticated users to inject arbitrary web script or HTML by using the "source code" feature in the customer interface.
CVE-2010-4757 1 E107 1 E107 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in submitnews.php in e107 before 0.7.23 allows remote attackers to inject arbitrary web script or HTML via the submitnews_title parameter, a different vector than CVE-2008-6208. NOTE: some of these details are obtained from third party information. NOTE: this might be the same as CVE-2009-4083.1 or CVE-2011-0457.
CVE-2010-4753 1 Lightneasy 1 Lightneasy 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in LightNEasy.php in LightNEasy 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter, which is not properly handled in a forced SQL error message.
CVE-2010-4749 1 Blogcms 1 Blog\ 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in BLOG:CMS 4.2.1.e, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) body parameter to action.php and the (2) amount and (3) action parameters to admin/index.php.
CVE-2010-4748 1 Pmwiki 1 Pmwiki 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in pmwiki.php in PmWiki 2.2.20 allows remote attackers to inject arbitrary web script or HTML via the from parameter to Main/WikiSandbox. NOTE: some of these details are obtained from third party information.
CVE-2010-4747 2 Ahmattox, Wordpress 2 Processing Embed Plugin, Wordpress 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in wordpress-processing-embed/data/popup.php in the Processing Embed plugin 0.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pluginurl parameter.
CVE-2010-4745 1 Gareth Watts 1 Phpxref 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in nav.html in PHPXref before 0.7.1 allows remote attackers to inject arbitrary web script or HTML via the query string.
CVE-2010-4734 1 Amix 1 Skeletonz Cms 1.0 2026-06-16 2.6 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in the comment feature in Skeletonz CMS 1.0, when the Blog plugin is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Website, and (3) Email parameters. NOTE: some of these details are obtained from third party information.
CVE-2010-4718 2 Joomla, Lyften 2 Joomla\!, Com Lyftenbloggie 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Lyftenbloggie (com_lyftenbloggie) component 1.1.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) tag and (2) category parameters to index.php.
CVE-2010-4716 1 Novell 1 Groupwise 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the WebPublisher component in Novell GroupWise before 8.02HP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-4710 1 Yahoo 1 Yui 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the addItem method in the Menu widget in YUI before 2.9.0 allows remote attackers to inject arbitrary web script or HTML via a field that is added to a menu, related to documentation that specifies this field as a text field rather than an HTML field, a similar issue to CVE-2010-4569 and CVE-2010-4570.
CVE-2010-4693 1 Coppermine-gallery 1 Coppermine Photo Gallery 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Coppermine Photo Gallery 1.5.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) h and (2) t parameters to help.php, or (3) picfile_XXX parameter to searchnew.php.
CVE-2010-4667 1 Coppermine-gallery 1 Coppermine Photo Gallery 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery (CPG) before 1.4.27 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-4662 1 Pmwiki 1 Pmwiki 2026-06-16 4.3 MEDIUM 6.1 MEDIUM
PmWiki before 2.2.21 has XSS.
CVE-2010-4659 1 Status 1 Statusnet 2026-06-16 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in statusnet through 2010 in error message contents.
CVE-2010-4647 1 Eclipse 1 Eclipse Ide 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Help Contents web application (aka the Help Server) in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to (1) help/index.jsp or (2) help/advanced/content.jsp.
CVE-2010-4646 1 Hastymail 1 Hastymail2 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Hastymail2 before 1.01 allows remote attackers to inject arbitrary web script or HTML via a crafted background attribute within a cell in a TABLE element, related to improper use of the htmLawed filter.
CVE-2010-4642 1 Xwiki 1 Xwiki 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in XWiki Enterprise before 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-4640 1 Xwiki 1 Xwiki Watch 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in XWiki Watch 1.0 allow remote attackers to inject arbitrary web script or HTML via the rev parameter to (1) bin/viewrev/Main/WebHome and (2) bin/view/Blog, and the (3) register_first_name and (4) register_last_name parameters to bin/register/XWiki/Register. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2010-4637 2 Finalcut, Wordpress 2 Feedlist, Wordpress 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in feedlist/handler_image.php in the FeedList plugin 2.61.01 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter.