Vulnerabilities (CVE)

Filtered by CWE-79
Total 44823 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-2480 1 Makotemplates 1 Mako 2026-06-16 4.3 MEDIUM N/A
Mako before 0.3.4 relies on the cgi.escape function in the Python standard library for cross-site scripting (XSS) protection, which makes it easier for remote attackers to conduct XSS attacks via vectors involving single-quote characters and a JavaScript onLoad event handler for a BODY element.
CVE-2010-2479 2 Htmlpurifier, Mahara 2 Htmlpurifier, Mahara 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in HTML Purifier before 4.1.1, as used in Mahara and other products, when the browser is Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-2477 1 Pythonpaste 1 Paste 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the paste.httpexceptions implementation in Paste before 1.7.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving a 404 status code, related to (1) paste.urlparser.StaticURLParser, (2) paste.urlparser.PkgResourcesParser, (3) paste.urlmap.URLMap, and (4) HTTPNotFound.
CVE-2010-2472 1 Drupal 1 Drupal 2026-06-16 3.5 LOW 4.8 MEDIUM
Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which could allow an attacker to perform a cross-site scripting (XSS) attack. This vulnerability is mitigated by the fact that an attacker must have a role with the 'administer languages' permission.
CVE-2010-2464 2 Joomla, Rsjoomla 2 Joomla\!, Com Rscomments 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the RSComments (com_rscomments) component 1.0.0 Rev 2 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) website and (2) name parameters to index.php.
CVE-2010-2463 1 Jamroom 1 Jamroom 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in forum.php in Jamroom before 4.1.9 allows remote attackers to inject arbitrary web script or HTML via the post_id parameter in a modify action.
CVE-2010-2458 1 2daybiz 1 Video Community Portal Script 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in video.php in 2daybiz Video Community Portal Script 1.0 allows remote attackers to inject arbitrary web script or HTML via the videoid parameter.
CVE-2010-2457 1 Qsoft-inc 1 K-search 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in K-Search allows remote attackers to inject arbitrary web script or HTML via the term parameter.
CVE-2010-2453 1 Synology 13 Disk Station Ds1010\+, Disk Station Ds109, Disk Station Ds110\+ and 10 more 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Synology Disk Station 2.x before DSM3.0-1337 allow remote attackers to inject arbitrary web script or HTML by connecting to the FTP server and providing a crafted (1) USER or (2) PASS command, which is written by the FTP logging module to a web-interface log window, related to a "web commands injection" issue.
CVE-2010-2437 1 Anecms 1 Anecms Blog 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in class/tools.class.php in AneCMS Blog 1.3 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the comment variable to modules/blog/index.php.
CVE-2010-2433 1 Ibm 1 Websphere Ilog Jrules 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in content/internalError.jsp in IBM WebSphere ILOG JRules 6.7 allow remote attackers to inject arbitrary web script or HTML via an RTS URL to (1) explore/explore.jsp, (2) compose/compose.jsp, or (3) home.jsp in faces/.
CVE-2010-2429 2 Microsoft, Splunk 2 Internet Explorer, Splunk 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.1.2, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer in a "404 Not Found" response.
CVE-2010-2428 2 Microsoft, Wftpserver 2 Windows, Wing Ftp Server 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in admin_loginok.html in the Administrator web interface in Wing FTP Server for Windows 3.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted POST request.
CVE-2010-2422 1 Plone 1 Plone 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in PortalTransforms in Plone 2.1 through 3.3.4 before hotfix 20100612 allows remote attackers to inject arbitrary web script or HTML via the safe_html transform.
CVE-2010-2367 1 Norenz 1 Ad-edit2 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in search.cgi in AD-EDIT2 before 3.0.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-2366 1 Futomi 1 Access Analyzer Cgi 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in futomi CGI Cafe Access Analyzer CGI Professional, and Standard 4.0.2 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-2365 1 Common1 1 Moobbs2 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Free CGI Moo moobbs2 before 1.03 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-2364 1 Common1 1 Moobbs 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Free CGI Moo moobbs before 1.03 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-2356 1 Pilotgroup 1 Elms Pro 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in subscribe.php in Pilot Group (PG) eLMS Pro allows remote attackers to inject arbitrary web script or HTML via the course_id parameter.
CVE-2010-2355 1 Pilotgroup 1 Elms Pro 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in error.php in Pilot Group (PG) eLMS Pro allows remote attackers to inject arbitrary web script or HTML via the message parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.