Vulnerabilities (CVE)

Filtered by CWE-79
Total 44973 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-0726 1 Tdiary 1 Tdiary 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the tb-send.rb (TrackBack transmission) plugin in tDiary 2.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors, possibly related to the (1) plugin_tb_url and (2) plugin_tb_excerpt parameters.
CVE-2010-0725 1 Mhd Zaher Ghaibeh 1 Arab Cart 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in showimg.php in Arab Cart 1.0.2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-2010-0716 1 Microsoft 1 Sharepoint Server 2026-06-16 3.5 LOW N/A
_layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading TXT files, a related issue to CVE-2008-5026. NOTE: the vendor disputes the significance of this issue, because cross-domain isolation can be implemented when needed.
CVE-2010-0714 1 Ibm 4 Lotus Quickr, Lotus Web Content Management, Lotus Workplace Web Content Management and 1 more 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to inject arbitrary web script or HTML via the query string.
CVE-2010-0706 1 Subexworld 1 Nikira Fraud Management System 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the login/prompt component in Subex Nikira Fraud Management System allows remote attackers to inject arbitrary web script or HTML via the message parameter.
CVE-2010-0704 1 Ibm 1 Websphere Portal 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Portlet Palette in IBM WebSphere Portal 6.0.1.5 wp6015_008_01 allows remote attackers to inject arbitrary web script or HTML via the search field.
CVE-2010-0703 1 Portwise 1 Ssl Vpn 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in wa/auth in PortWise SSL VPN 4.6 allows remote attackers to inject arbitrary web script or HTML via the reloadFrame parameter.
CVE-2010-0700 1 Wampserver 1 Wampserver 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in WampServer 2.0i allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
CVE-2010-0699 1 Videosearchscript 1 Videosearchscript Pro 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in VideoSearchScript Pro 3.5 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
CVE-2010-0697 2 Drupal, Ilya Ivanchenko 2 Drupal, Itweak Upload 2026-06-16 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in the iTweak Upload module 6.x-1.x before 6.x-1.2 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users, with create content and upload file permissions, to inject arbitrary web script or HTML via the file name of an uploaded file.
CVE-2010-0695 1 Basic-cms 1 Basic-cms 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in pages/index.php in BASIC-CMS allows remote attackers to inject arbitrary web script or HTML via the nav_id parameter.
CVE-2010-0684 1 Apache 1 Activemq 2026-06-16 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
CVE-2010-0675 1 Bgsvetionik 1 Bgs Cms 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in BGSvetionik BGS CMS 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the search parameter in a search action. NOTE: some of these details are obtained from third party information.
CVE-2010-0641 1 Cisco 1 Collaboration Server 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in webline/html/admin/wcs/LoginPage.jhtml in Cisco Collaboration Server (CCS) 5 allows remote attackers to inject arbitrary web script or HTML via the dest parameter.
CVE-2010-0640 1 Ca 1 Ehealth Performance Manager 2026-06-16 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in CA eHealth Performance Manager 6.0.x through 6.2.x, when malicious HTML detection is disabled, allows remote attackers to inject arbitrary web script or HTML via a crafted request.
CVE-2010-0636 1 K5n 1 Webcalendar 2026-06-16 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar 1.2.0, and other versions before 1.2.5, allow remote attackers to inject arbitrary web script or HTML via the (1) tab parameter to users.php and the PATH_INFO to (2) day.php, (3) month.php, and (4) week.php. NOTE: some of these details are obtained from third party information.
CVE-2010-0617 1 Myshell 1 Evalsmsi 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in ajax.php in evalSMSI 2.1.03 allows remote attackers to inject arbitrary web script or HTML via the return parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2010-0615 1 Myshell 1 Evalsmsi 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in assess.php in evalSMSI 2.1.03 allows remote attackers to inject arbitrary web script or HTML via the reports comment box in a continue_assess action. NOTE: some of these details are obtained from third party information.
CVE-2010-0607 1 Sterlitetechnologies 1 Sam300 Ax Router 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Forms/status_statistics_1 in the Sterlite SAM300 AX Router allows remote attackers to inject arbitrary web script or HTML via the Stat_Radio parameter.
CVE-2010-0594 1 Cisco 1 Router And Security Device Manager 2026-06-16 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Cisco Router and Security Device Manager (SDM) allows remote attackers to inject arbitrary web script or HTML via unknown vectors, aka Bug ID CSCtb38467.