Vulnerabilities (CVE)

Filtered by CWE-79
Total 44849 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-1137 1 Vmware 3 Esx Server, Server, Virtualcenter 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5, and the Server Console in VMware Server 1.0, allows remote attackers to inject arbitrary web script or HTML via the name of a virtual machine.
CVE-2010-1113 1 Comscripts 1 Web Server Creator Web Portal 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the forum page in Web Server Creator - Web Portal 0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to index.php.
CVE-2010-1112 1 Tristan Barczyk 1 Klonews 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in cat.php in KloNews 2.0 allows remote attackers to inject arbitrary web script or HTML via the cat parameter.
CVE-2010-1111 1 Easysitenetwork 1 Jokes Complete Website 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Jokes Complete Website allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to joke.php and the (2) searchingred parameter to results.php.
CVE-2010-1108 2 Drupal, Hashmarkconsulting 2 Drupal, Controlpanel 2026-06-16 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in the Control Panel module 5.x through 5.x-1.5 and 6.x through 6.x-1.2 for Drupal allows remote authenticated users, with "administer blocks" privileges, to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-1107 2 Drupal, Fourkitchens 2 Drupal, Recent Comments 2026-06-16 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in the Recent Comments module 5.x through 5.x-1.2 and 6.x through 6.x-1.0 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a "custom block title interface."
CVE-2010-1105 1 Advertisementmanager 1 Advertisementmanager 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in cgi/index.php in AdvertisementManager 3.1.0 and 3.6 allows remote attackers to inject arbitrary web script or HTML via the usr parameter.
CVE-2010-1104 1 Zope 1 Zope 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages.
CVE-2010-1095 1 Jan Schutze 1 Truc 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in login_reset_password_page.php in Tracking Requirements & Use Cases (TRUC) 0.11.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2010-1091 1 Phpmysite 1 Phpmysite 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in contact.php in phpMySite allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) city, (3) email, (4) state, and (5) message parameters.
CVE-2010-1080 1 Pulsecms 1 Pulse Cms 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in view.php in Pulse CMS 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter.
CVE-2010-1079 1 Sawmill 1 Sawmill 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Sawmill before 7.2.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-1076 1 Entrylevelcms 1 El Cms 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in Entry Level CMS (EL CMS) allows remote attackers to inject arbitrary web script or HTML via the subj parameter, which is not properly handled in a forced SQL error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2010-1074 2 2bits, Drupal 2 Currency, Drupal 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Currency Exchange module before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to watchdog logging.
CVE-2010-1072 1 Sniggabo 1 Sniggabo Cms 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in search.php in Sniggabo CMS 2.21 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
CVE-2010-1068 1 Netwin 1 Surgeftp 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in surgeftpmgr.cgi in NetWin SurgeFTP 2.3a6 allow remote attackers to inject arbitrary web script or HTML via the (1) domainid or (2) classid parameter in a class action.
CVE-2010-1052 1 Alexandre Dubus 1 Audistat 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php in AudiStat 1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) year and (2) mday parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2010-1048 1 Uiga 1 Business Portal 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in blog/index.php in Uiga Business Portal allows remote attackers to inject arbitrary web script or HTML via the textcomment parameter (aka the Comment Box) in a noentryid action. NOTE: some of these details are obtained from third party information.
CVE-2010-1036 1 Hp 1 Systems Insight Manager 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in HP System Insight Manager before 6.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-1025 2 Chris Wederka, Typo3 2 Tgm Newsletter, Typo3 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the TGM-Newsletter (tgm_newsletter) extension 0.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.