Vulnerabilities (CVE)

Filtered by CWE-79
Total 44818 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-3425 1 Smartertools 1 Smarterstats 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in UserControls/Popups/frmHelp.aspx in SmarterStats 5.3, 5.3.3819, and possibly other 5.3 versions, allows remote attackers to inject arbitrary web script or HTML via the url parameter.
CVE-2010-3424 1 Invisioncommunity 1 Invision Power Board 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in admin/sources/classes/bbcode/custom/defaults.php in Invision Power Board (IP.Board) 3.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-3421 1 Productcart 1 Productcart 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in AffiliateLogin.asp in ProductCart 3, 4.1 SP1, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the redirectUrl parameter, a different vector than CVE-2004-2174 and CVE-2005-0995. NOTE: some of these details are obtained from third party information.
CVE-2010-3420 1 Webassist 1 Powerstore 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Products_Results.php in PowerStore 3.0 allows remote attackers to inject arbitrary web script or HTML via the totalRows_WADAProducts parameter.
CVE-2010-3418 1 Netartmedia 1 Car Portal 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in NetArt Media Car Portal 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) car_id parameter to index.php and (2) y parameter to include/images.php.
CVE-2010-3324 1 Microsoft 6 Groove Server, Internet Explorer, Sharepoint Foundation and 3 more 2026-06-16 4.3 MEDIUM N/A
The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257.
CVE-2010-3317 1 Ibm 1 Filenet Content Manager 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-3314 1 Egroupware 1 Egroupware 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in login.php in EGroupware 1.4.001+.002; 1.6.001+.002 and possibly other versions before 1.6.003; and EPL 9.1 before 9.1.20100309 and 9.2 before 9.2.20100309; allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
CVE-2010-3303 1 Mantisbt 1 Mantisbt 2026-06-16 3.5 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before 1.2.3 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) a plugin name, related to manage_plugin_uninstall.php; (2) an enumeration value or (3) a String value of a custom field, related to core/cfdefs/cfdef_standard.php; or a (4) project or (5) category name to print_all_bug_page_word.php.
CVE-2010-3294 1 Pecl-php 1 Alternative Php Cache 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in apc.php in the Alternative PHP Cache (APC) extension before 3.1.4 for PHP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-3291 1 Hp 2 Assetcenter, Assetmanager 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in HP AssetCenter 5.0x through AC_5.03, and AssetManager 5.1x through AM_5.12 and 5.2x through AM_5.22, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-3289 1 Hp 1 Systems Insight Manager 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in HP Systems Insight Manager (SIM) before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-3274 1 Zohocorp 1 Manageengine Adselfservice Plus 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in the Employee Search Engine in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allow remote attackers to inject arbitrary web script or HTML via the searchString parameter in a (1) showList or (2) Search action.
CVE-2010-3266 1 Ifdefined 1 Bugtracker.net 2026-06-16 3.5 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in BugTracker.NET before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via (1) the pcd parameter to edit_bug.aspx, (2) the bug_id parameter to edit_comment.aspx, (3) the id parameter to edit_user_permissions2.aspx, or (4) the default_name parameter to edit_customfield.aspx. NOTE: some of these details are obtained from third party information.
CVE-2010-3263 1 Phpmyadmin 1 Phpmyadmin 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in setup/frames/index.inc.php in the setup script in phpMyAdmin 3.x before 3.3.7 allows remote attackers to inject arbitrary web script or HTML via a server name.
CVE-2010-3262 1 Flock 1 Flock 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Flock Browser 3.x before 3.0.0.4114 allows remote attackers to inject arbitrary web script or HTML via a crafted RSS feed.
CVE-2010-3243 1 Microsoft 8 Internet Explorer, Sharepoint Server, Sharepoint Services and 5 more 2026-06-16 4.3 MEDIUM 4.3 MEDIUM
Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "HTML Sanitization Vulnerability."
CVE-2010-3208 1 Wiccle 1 Wiccle Web Builder 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in ajax.php in Wiccle Web Builder (WWB) 1.00 and 1.0.1 allows remote attackers to inject arbitrary web script or HTML via the post_text parameter in a site custom_search action to index.php. NOTE: some of these details are obtained from third party information.
CVE-2010-3202 1 Flock 1 Flock 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Flock Browser 3.0.0.3989 allows remote attackers to inject arbitrary web script or HTML via a crafted bookmark.
CVE-2010-3201 1 Netwin 1 Surgemail 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in NetWin Surgemail before 4.3g allows remote attackers to inject arbitrary web script or HTML via the username_ex parameter to the surgeweb program.