Vulnerabilities (CVE)

Filtered by CWE-79
Total 44973 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-1361 1 Glarotech 1 Phpeppershop 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in shop/USER_ARTIKEL_HANDLING_AUFRUF.php in PHPepperShop 2.5 allows remote attackers to inject arbitrary web script or HTML via the darstellen parameter.
CVE-2010-1358 2 Drupal, Ron Jerome 2 Drupal, Bibliography 2026-06-16 2.1 LOW N/A
Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio) module 5.x through 5.x-1.17 and 6.x through 6.x-1.9 for Drupal allows remote authenticated users, with "administer biblio" privileges, to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-1357 1 Sbddirectorysoftware 1 Sbd Directory Software 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in editors/logindialogue.php in SBD Directory Software 4.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVE-2010-1355 1 Vsecurity 1 Tandberg Video Communication Server 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability on the TANDBERG Video Communication Server (VCS) before X5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Reference ID 66316.
CVE-2010-1339 2 Robertotto, Woltlab 2 Teamsite Hack Plugin, Burning Board 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in ts_other.php in the Teamsite Hack plugin 3.0 and earlier for WoltLab Burning Board allows remote attackers to inject arbitrary web script or HTML via the userid parameter in a modboard action, which is not properly handled in a forced SQL error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2010-1333 1 Almas 1 Compiere 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Almas Inc. Compiere J300_A02 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-1332 1 Prettybook 1 Prettyformmail 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in PrettyBook PrettyFormMail allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-1330 1 Jruby 1 Jruby 2026-06-16 4.3 MEDIUM N/A
The regular expression engine in JRuby before 1.4.1, when $KCODE is set to 'u', does not properly handle characters immediately after a UTF-8 character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string.
CVE-2010-1328 1 Tornadostore 1 Tornadostore 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) tipo or (2) destino parameter to login_registrese.php3 in the Services section, (3) the rubro parameter to precios.php3 in the Products section, (4) the arti parameter to recomenda_articulo.php3 in the Products section, (5) the descrip parameter in a profile action to control/abm_det.php3 in the e-Commerce section, (6) the tit parameter in a delivery_courier action to control/abm_list.php3 in the e-Commerce section, or (7) the tit parameter in an usuario action to control/abm_det.php3 in the e-Commerce section.
CVE-2010-1303 2 Drupal, Jim Berry 2 Drupal, Taxonomy Filter 2026-06-16 2.1 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy Filter module 6.x before 6.x-1.1 for Drupal allow remote authenticated users, with administer taxonomy permissions or create node permissions when free tagging is enabled, to inject arbitrary web script or HTML via vocabulary (1) names, (2) terms, and (3) filter menus.
CVE-2010-1293 1 Adobe 1 Coldfusion 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Administrator page in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-1276 1 Bbsxp 1 Bbsxp 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in BBSXP 2008 SP2 allow remote attackers to inject arbitrary web script or HTML via the URI in a request to (1) AddPost.asp, (2) AddTopic.asp, (3) Admin_Default.asp, (4) Bank.asp, (5) Manage.asp, and (6) ShowPost.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2010-1275 1 Bbsxp 1 Bbsxp 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in ShowPost.asp in BBSXP 2008 allows remote attackers to inject arbitrary web script or HTML via the ThreadID parameter.
CVE-2010-1274 1 Webtoolkit 1 Wt 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Emweb Wt before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to "insertions of the URL" that occur during a redirection.
CVE-2010-1257 1 Microsoft 9 Internet Explorer, Office Infopath, Sharepoint Server and 6 more 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2; Office SharePoint Server 2007 SP1 and SP2; SharePoint Services 3.0 SP1 and SP2; and Internet Explorer 8 allows remote attackers to inject arbitrary web script or HTML via vectors related to sanitization.
CVE-2010-1242 1 Ibm 1 Webi 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the IBM Web Interface for Content Management (aka WEBi) before 1.0.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-1236 2 Flock, Google 2 Flock, Chrome 2026-06-16 4.3 MEDIUM N/A
The protocolIs function in platform/KURLGoogle.cpp in WebCore in WebKit before r55822, as used in Google Chrome before 4.1.249.1036 and Flock Browser 3.x before 3.0.0.4112, does not properly handle whitespace at the beginning of a URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted javascript: URL, as demonstrated by a \x00javascript:alert sequence.
CVE-2010-1227 1 Sun 1 Java System Communications Express 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to inject arbitrary web script or HTML via the subject field of a message, as demonstrated by a subject containing an IMG element with a SRC attribute that performs a cross-site request forgery (CSRF) attack involving the cmd and argv parameters to cmd.msc.
CVE-2010-1218 2 Mm Forum, Typo3 2 Mmforum, Typo3 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the mm_forum extension 1.8.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-1197 1 Mozilla 2 Firefox, Seamonkey 2026-06-16 4.3 MEDIUM N/A
Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and SeaMonkey before 2.0.5, does not properly handle situations in which both "Content-Disposition: attachment" and "Content-Type: multipart" are present in HTTP headers, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an uploaded HTML document.