Vulnerabilities (CVE)

Filtered by CWE-79
Total 44813 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-4324 1 Novell 2 Identity Manager, Identity Manager Roles Based Provisioning Module 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Approval Form in the User Application in the Roles Based Provisioning Module 3.7.0 before 370D in Novell Identity Manager (aka IDM) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-4322 1 Novell 1 Vibe Onprem 2026-06-16 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in gwtTeaming.rpc in Novell Vibe OnPrem 3 BETA allows remote authenticated users to inject arbitrary web script or HTML via the Micro Blog (aka What Are You Working On?) field.
CVE-2010-4277 2 Jovelstefan, Wordpress 2 Embedded-video, Wordpress 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in lembedded-video.php in the Embedded Video plugin 4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the content parameter to wp-admin/post.php.
CVE-2010-4276 1 Livezilla 1 Livezilla 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the lz_tracking_set_sessid function in templates/jscript/jstrack.tpl in LiveZilla 3.2.0.2 allows remote attackers to inject arbitrary web script or HTML via the livezilla parameter in a track action to server.php.
CVE-2010-4275 1 Dmasoftlab 1 Radius Manager 2026-06-16 3.5 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in Radius Manager 3.8.0 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) name or (2) descr parameter in an (a) update_usergroup or a (b) store_nas action to admin.php.
CVE-2010-4264 1 Vanillaforums 1 Vanilla Forums 2026-06-16 4.3 MEDIUM 6.1 MEDIUM
It was found in vanilla forums before 2.0.10 a cross-site scripting vulnerability where a filename could contain arbitrary code to execute on the client side.
CVE-2010-4246 1 Bsdperimeter 1 Pfsense 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in graph.php in pfSense 1.2.3 and 2 beta 4 allow remote attackers to inject arbitrary web script or HTML via the (1) ifnum or (2) ifname parameter, a different vulnerability than CVE-2008-1182.
CVE-2010-4245 1 Translatehouse 1 Pootle 2026-06-16 4.3 MEDIUM 6.1 MEDIUM
pootle 2.0.5 has XSS via 'match_names' parameter
CVE-2010-4240 1 Tiki 1 Tikiwiki Cms\/groupware 2026-06-16 4.3 MEDIUM 6.1 MEDIUM
Tiki Wiki CMS Groupware 5.2 has XSS
CVE-2010-4220 1 Ibm 1 Websphere Application Server 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Integrated Solution Console in the Administrative Console component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related in part to "URL injection."
CVE-2010-4219 1 Ibm 1 Websphere Portal 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in SemanticTagService.js in IBM WebSphere Portal 6.1.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information.
CVE-2010-4209 2 Mozilla, Yahoo 2 Bugzilla, Yui 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.8.1, as used in Bugzilla 3.7.1 through 3.7.3 and 4.1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore/swfstore.swf.
CVE-2010-4208 3 Moodle, Mozilla, Yahoo 3 Moodle, Bugzilla, Yui 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader/assets/uploader.swf.
CVE-2010-4207 3 Moodle, Mozilla, Yahoo 3 Moodle, Bugzilla, Yui 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to charts/assets/charts.swf.
CVE-2010-4183 2 Htmlpurifier, Microsoft 2 Htmlpurifier, Internet Explorer 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in HTML Purifier before 4.1.0, when Internet Explorer is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) background-image, (2) background, or (3) font-family Cascading Style Sheets (CSS) property, a different vulnerability than CVE-2010-2479.
CVE-2010-4172 1 Apache 1 Tomcat 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications.
CVE-2010-4155 1 Exv2 1 Exv2 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2.10 allow remote attackers to inject arbitrary web script or HTML via the (1) rssfeedURL parameter to manual/caferss/example.php and the sumb parameter to (2) modules/news/archive.php, (3) modules/news/topics.php, and (4) modules/contact/index.php, different vectors than CVE-2007-1965.
CVE-2010-4146 1 Attachmate 1 Reflection For The Web 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Attachmate Reflection for the Web 2008 R2 (builds 10.1.569 and earlier), 2008 R1, and 9.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-4120 1 Ibm 1 Tivoli Access Manager For E-business 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the TAM console in IBM Tivoli Access Manager for e-business 6.1.0 before 6.1.0-TIV-TAM-FP0006 allow remote attackers to inject arbitrary web script or HTML via (1) the parm1 parameter to ivt/ivtserver, or the method parameter to (2) acl, (3) domain, (4) group, (5) gso, (6) gsogroup, (7) os, (8) pop, (9) rule, (10) user, or (11) webseal in ibm/wpm/.
CVE-2010-4114 2 Hp, Microsoft 2 Discovery\&dependency Mapping Inventory, Windows 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in HP Discovery & Dependency Mapping Inventory (DDMI) 2.5x, 7.5x, and 7.6x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.