Vulnerabilities (CVE)

Filtered by CWE-79
Total 44858 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-0997 1 E107 1 E107 2026-06-16 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in 107_plugins/content/content_manager.php in the Content Management plugin in e107 before 0.7.20, when the personal content manager is enabled, allows user-assisted remote authenticated users to inject arbitrary web script or HTML via the content_heading parameter.
CVE-2010-0979 1 Obsession-design 1 Image-gallery 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in display.php in Obsession-Design Image-Gallery (ODIG) 1.1 allows remote attackers to inject arbitrary web script or HTML via the folder parameter.
CVE-2010-0971 1 Atutor 1 Atutor 2026-06-16 2.1 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.6.4 allow remote authenticated users, with Instructor privileges, to inject arbitrary web script or HTML via the (1) Question and (2) Choice fields in tools/polls/add.php, the (3) Type and (4) Title fields in tools/groups/create_manual.php, and the (5) Title field in assignments/add_assignment.php. NOTE: some of these details are obtained from third party information.
CVE-2010-0963 1 Yuri D\'elia 1 Dl 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in dl Download Ticket Service before 0.7 allows remote attackers to inject arbitrary web script or HTML via the t parameter, related to an invalid ticket ID. NOTE: some of these details are obtained from third party information.
CVE-2010-0959 1 Ibm 1 Enovia Smarteam 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in WebEditor/Authentication/LoginPage.aspx in IBM ENOVIA SmarTeam 5 allows remote attackers to inject arbitrary web script or HTML via the errMsg parameter.
CVE-2010-0949 1 Natychmiast-cms 1 Natychmiast-cms 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Natychmiast CMS allow remote attackers to inject arbitrary web script or HTML via the id_str parameter to (1) index.php and (2) a_index.php.
CVE-2010-0947 1 Bbsmax 1 Bbsmax 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in post.aspx in Max Network Technology BBSMAX 3.0, 4.1, and 4.2 allows remote attackers to inject arbitrary web script or HTML via the action parameter.
CVE-2010-0941 1 Web-site-development 1 Etek Systems Hit Counter 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in eTek Systems Hit Counter 2.0 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) inc/login.php, (3) admin/index.php, and (4) admin/forgot.php.
CVE-2010-0940 1 Sanusart 1 Simple Php Guestbook 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in guestbook.php in Simple PHP Guestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via the action parameter.
CVE-2010-0938 1 Todoomasters 1 Todoo Forum 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in todooforum.php in Todoo Forum 2.0 allows remote attackers to inject arbitrary web script or HTML via the id_forum parameter in a post action.
CVE-2010-0936 1 D-link 1 Dkvm-ip8 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in auth.asp on the D-LINK DKVM-IP8 with firmware 2282_dlinkA4_p8_20071213 allows remote attackers to inject arbitrary web script or HTML via the nickname parameter.
CVE-2010-0927 1 Ibm 1 Lotus Domino 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in help/readme.nsf/Header in the Help component in IBM Lotus Domino 7.x before 7.0.4 and 8.x before 8.0.2 allows remote attackers to inject arbitrary web script or HTML via the BaseTarget parameter in an OpenPage action. NOTE: this may overlap CVE-2010-0920.
CVE-2010-0920 1 Ibm 2 Lotus Domino, Lotus Inotes 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 allows remote attackers to inject arbitrary web script or HTML via vectors related to lack of "XSS/CSRF Get Filter and Referer Check fixes."
CVE-2010-0828 1 Moinmo 1 Moinmoin 2026-06-16 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in action/Despam.py in the Despam action module in MoinMoin 1.8.7 and 1.9.2 allows remote authenticated users to inject arbitrary web script or HTML by creating a page with a crafted URI.
CVE-2010-0817 1 Microsoft 2 Sharepoint Server, Sharepoint Services 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script or HTML via the cid0 parameter.
CVE-2010-0804 1 Netartmedia 1 Iboutique 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in iBoutique 4.0 allows remote attackers to inject arbitrary web script or HTML via the key parameter in a products action.
CVE-2010-0797 2 Snowflake, Typo3 2 T3blog, Typo3 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the T3BLOG extension 0.6.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-0784 1 Ibm 1 Websphere Application Server 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-0783 1 Ibm 1 Websphere Application Server 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-0779 1 Ibm 1 Websphere Application Server 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.33, and 7.0 before 7.0.0.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.