Vulnerabilities (CVE)

Filtered by CWE-79
Total 44813 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-4631 1 Pilotcart 1 Pilot Cart 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in ASPilot Pilot Cart 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) countrycode parameter to contact.asp, USERNAME parameter to (2) gateway.asp and (3) cart.asp, and the specific parameter to (4) quote.asp and (5) buyitnow.
CVE-2010-4630 2 Fubra, Wordpress 2 Wp-survey-and-quiz-tool, Wordpress 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in pages/admin/surveys/create.php in the WP Survey And Quiz Tool plugin 1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter.
CVE-2010-4618 2 Algisinfo, Joomla 2 Aicontactsafe, Joomla\! 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Algis Info aiContactSafe component before 2.0.14 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-4616 1 Impresscms 1 Impresscms 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in modules/content/admin/content.php in ImpressCMS 1.2.3 Final, and possibly other versions before 1.2.4, allows remote attackers to inject arbitrary web script or HTML via the quicksearch_ContentContent parameter.
CVE-2010-4610 1 Html-edit 1 Html-edit Cms 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in Html-edit CMS 3.1.8 allows remote attackers to inject arbitrary web script or HTML via the error parameter.
CVE-2010-4607 1 Habariproject 1 Habari 2026-06-16 2.6 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in Habari 0.6.5, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) additem_form parameter to system/admin/dash_additem.php and the (2) status_data[] parameter to system/admin/dash_status.php. NOTE: some of these details are obtained from third party information.
CVE-2010-4590 1 Ibm 1 Lotus Mobile Connect 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in HTTP Access Services (HTTP-AS) in the Connection Manager in IBM Lotus Mobile Connect (LMC) before 6.1.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-4589 1 Ibm 1 Enovia 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in IBM ENOVIA 6 allows remote attackers to inject arbitrary web script or HTML via vectors related to the emxFramework.FilterParameterPattern property.
CVE-2010-4570 1 Mozilla 1 Bugzilla 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the duplicate-detection functionality in Bugzilla 3.7.1, 3.7.2, 3.7.3, and 4.0rc1 allows remote attackers to inject arbitrary web script or HTML via the summary field, related to the DataTable widget in YUI.
CVE-2010-4569 1 Mozilla 1 Bugzilla 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Bugzilla 3.7.1, 3.7.2, 3.7.3, and 4.0rc1 allows remote attackers to inject arbitrary web script or HTML via the real name field of a user account, related to the AutoComplete widget in YUI.
CVE-2010-4567 1 Mozilla 1 Bugzilla 2026-06-16 4.3 MEDIUM N/A
Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 does not properly handle whitespace preceding a (1) javascript: or (2) data: URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the URL (aka bug_file_loc) field.
CVE-2010-4555 1 Squirrelmail 1 Squirrelmail 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) drop-down selection lists, (2) the > (greater than) character in the SquirrelSpell spellchecking plugin, and (3) errors associated with the Index Order (aka options_order) page.
CVE-2010-4544 1 Ibm 1 Lotus Notes Traveler 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the servlet in IBM Lotus Notes Traveler before 8.5.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-4536 1 Wordpress 1 Wordpress 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in KSES, as used in WordPress before 3.0.4, allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the & (ampersand) character, (2) the case of an attribute name, (3) a padded entity, and (4) an entity that is not in normalized form.
CVE-2010-4524 1 Mhonarc 1 Mhonarc 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in lib/mhtxthtml.pl in MHonArc 2.6.16 allows remote attackers to inject arbitrary web script or HTML via a malformed start tag and end tag for a SCRIPT element, as demonstrated by <scr<body>ipt> and </scr<body>ipt> sequences.
CVE-2010-4522 1 Mybb 1 Mybb 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) 1.4.14, and 1.6.x before 1.6.1, allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) editpost.php, (2) member.php, and (3) newreply.php.
CVE-2010-4521 2 Drupal, Earl Miles 2 Drupal, Views 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Views module 6.x before 6.x-2.12 for Drupal allows remote attackers to inject arbitrary web script or HTML via a page path.
CVE-2010-4520 2 Drupal, Earl Miles 2 Drupal, Views 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Views module 6.x before 6.x-2.11 for Drupal allow remote attackers to inject arbitrary web script or HTML via (1) a URL or (2) an aggregator feed title.
CVE-2010-4518 2 Wobeo, Wordpress 2 Wp-safe-search, Wordpress 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in wp-safe-search/wp-safe-search-jx.php in the Safe Search plugin 0.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the v1 parameter.
CVE-2010-4516 2 Joomla, Jxtended 2 Joomla\!, Jxtended Comments 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the JXtended Comments component before 1.3.1 for Joomla allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.