CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2010(Cross Site Scripting (XSS))

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2010-3602 79 3 XSS 2010-09-24 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in ProfileView.aspx in mojoPortal 2.3.4.3 and 2.3.5.1 allows remote attackers to inject arbitrary web script or HTML via the User ID parameter. NOTE: some of these details are obtained from third party information.
2 CVE-2010-4631 79 2 XSS 2010-12-30 2017-08-17
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in ASPilot Pilot Cart 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) countrycode parameter to contact.asp, USERNAME parameter to (2) gateway.asp and (3) cart.asp, and the specific parameter to (4) quote.asp and (5) buyitnow.
3 CVE-2010-3483 264 2 +Priv XSS 2010-09-22 2010-09-23
7.5
None Remote Low Not required Partial Partial Partial
cms_write.php in Primitive CMS 1.0.9 does not properly restrict access, which allows remote attackers to gain administrative privileges via a direct request. NOTE: this vulnerability can be leveraged to conduct cross-site scripting attacks, as demonstrated using the (1) title, (2) content, and (3) menutitle parameters.
4 CVE-2010-3457 79 2 XSS 2010-09-17 2020-08-25
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2.0.7 and 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) fields[website] parameter in the post comments feature in articles/a-primer-to-symphony-2s-default-theme/ or (2) send-email[recipient] parameter to about/. NOTE: some of these details are obtained from third party information.
5 CVE-2010-2917 79 2 XSS 2010-07-30 2017-08-17
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in index.php in AJ Square AJ Article 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) emailid, (2) fname, (3) lname, (4) company, (5) address1, (6) address2, (7) city, (8) state, (9) zipcode, (10) phone, and (11) fax parameters in an update action. NOTE: some of these details are obtained from third party information.
6 CVE-2010-2846 79 2 XSS 2010-07-25 2018-10-10
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the afmsg parameter to index.php.
7 CVE-2010-2675 79 2 XSS 2010-07-08 2010-07-16
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in TSOKA:CMS 1.1, 1.9, and 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter in an articolo action.
8 CVE-2010-2613 79 2 XSS 2010-07-02 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the JExtensions JE Awd Song (com_awd_song) component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the song review field, which is not properly handled in a view action to index.php.
9 CVE-2010-2464 79 2 XSS 2010-06-25 2017-08-17
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the RSComments (com_rscomments) component 1.0.0 Rev 2 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) website and (2) name parameters to index.php.
10 CVE-2010-2458 79 2 XSS 2010-06-25 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in video.php in 2daybiz Video Community Portal Script 1.0 allows remote attackers to inject arbitrary web script or HTML via the videoid parameter.
11 CVE-2010-2356 79 2 XSS 2010-06-21 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in subscribe.php in Pilot Group (PG) eLMS Pro allows remote attackers to inject arbitrary web script or HTML via the course_id parameter.
12 CVE-2010-2260 79 2 XSS 2010-06-09 2017-08-17
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Gambit Design Bandwidth Meter, 0.72 and possibly 1.2, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) view_by_name.php or (2) view_by_ip.php in admin/. NOTE: some sources report that the affected product is ShaPlus Bandwidth Meter, but this is incorrect.
13 CVE-2010-2256 79 2 XSS 2010-06-09 2010-06-10
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Pay Per Minute Video Chat Script 2.0 and 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/memberviewdetails.php and the (2) model parameter to videos.php.
14 CVE-2010-2144 79 2 XSS 2010-06-03 2010-06-04
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in signinform.php in Zeeways eBay Clone Auction Script allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: some of these details are obtained from third party information.
15 CVE-2010-1742 79 2 XSS 2010-05-06 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in projects.php in Scratcher allows remote attackers to inject arbitrary web script or HTML via the show parameter.
16 CVE-2010-1711 79 2 XSS 2010-05-04 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in carga_foto_al.php in Siestta 2.0, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the usuario parameter.
17 CVE-2010-1703 79 2 XSS 2010-05-04 2017-08-17
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in index_search.php in 2daybiz Polls (aka Advanced Poll) Script allow remote attackers to inject arbitrary web script or HTML via the (1) category parameter or (2) search field.
18 CVE-2010-1662 79 2 XSS 2010-05-03 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in acpmoderate.php in PHP-Quick-Arcade (PHPQA) 3.0.21 allows remote attackers to inject arbitrary web script or HTML via the serv parameter.
19 CVE-2010-1606 79 2 XSS 2010-04-29 2017-08-17
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in NCT Jobs Portal Script allow remote attackers to inject arbitrary web script or HTML via the (1) search, (2) Keywords, (3) Tags, or (4) Desired City field.
20 CVE-2010-1497 79 2 XSS 2010-04-23 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in download_proc.php in dl_stats before 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
21 CVE-2010-1357 79 2 XSS 2010-04-13 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in editors/logindialogue.php in SBD Directory Software 4.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
22 CVE-2010-1091 79 2 XSS 2010-03-24 2017-08-17
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in contact.php in phpMySite allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) city, (3) email, (4) state, and (5) message parameters.
23 CVE-2010-1072 79 2 XSS 2010-03-23 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in search.php in Sniggabo CMS 2.21 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
24 CVE-2010-1068 79 2 XSS 2010-03-23 2017-08-17
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in surgeftpmgr.cgi in NetWin SurgeFTP 2.3a6 allow remote attackers to inject arbitrary web script or HTML via the (1) domainid or (2) classid parameter in a class action.
25 CVE-2010-0971 79 2 XSS 2010-03-16 2017-08-17
2.1
None Remote High ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.6.4 allow remote authenticated users, with Instructor privileges, to inject arbitrary web script or HTML via the (1) Question and (2) Choice fields in tools/polls/add.php, the (3) Type and (4) Title fields in tools/groups/create_manual.php, and the (5) Title field in assignments/add_assignment.php. NOTE: some of these details are obtained from third party information.
26 CVE-2010-0941 79 2 XSS 2010-03-08 2017-08-17
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in eTek Systems Hit Counter 2.0 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) inc/login.php, (3) admin/index.php, and (4) admin/forgot.php.
27 CVE-2010-0940 79 2 XSS 2010-03-08 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in guestbook.php in Simple PHP Guestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via the action parameter.
28 CVE-2010-0938 79 2 XSS 2010-03-08 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in todooforum.php in Todoo Forum 2.0 allows remote attackers to inject arbitrary web script or HTML via the id_forum parameter in a post action.
29 CVE-2010-0754 79 2 XSS 2010-02-27 2018-01-13
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php/Special/Main/Templates in WikyBlog 1.7.2 and 1.7.3 rc2 allows remote attackers to inject arbitrary web script or HTML via the which parameter in a copy action.
30 CVE-2010-0725 79 2 XSS 2010-02-26 2010-04-15
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in showimg.php in Arab Cart 1.0.2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
31 CVE-2010-0376 79 2 XSS 2010-01-21 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in product_list.php in JCE-Tech PHP Calendars, downloaded 2010-01-11, allows remote attackers to inject arbitrary web script or HTML via the cat parameter. NOTE: this issue is reportedly resultant from a forced SQL error message that occurs from exploitation of CVE-2010-0375.
32 CVE-2010-0321 79 2 XSS 2010-01-15 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in jobs/index.php in Jamit Job Board 3.0 allows remote attackers to inject arbitrary web script or HTML via the post_id parameter.
33 CVE-2010-0320 79 2 XSS 2010-01-15 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in submitlink.php in Glitter Central Script allows remote attackers to inject arbitrary web script or HTML via the catid parameter.
34 CVE-2010-0319 79 2 XSS 2010-01-15 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in Docmint 1.0 and 2.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: some of these details are obtained from third party information.
35 CVE-2009-4736 79 2 XSS 2010-03-23 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in search.php in CommonSense CMS 5.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
36 CVE-2009-4681 79 2 XSS 2010-03-10 2017-09-19
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in search.php in phpDirectorySource 1.x allows remote attackers to inject arbitrary web script or HTML via the st parameter.
37 CVE-2009-4678 79 2 XSS 2010-03-08 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in Winn Guestbook 2.4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
38 CVE-2009-4596 79 2 XSS 2010-01-12 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in PHP Inventory 1.2 allows remote attackers to inject arbitrary web script or HTML via the sup_id parameter in a suppliers details action.
39 CVE-2009-4580 79 2 XSS 2010-01-06 2017-08-17
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Hasta Blog 2.3 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) yorumyaz.php and (2) blog.php.
40 CVE-2009-4579 79 2 XSS 2010-01-06 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Artist avenue (com_artistavenue) component for Joomla! and Mambo allows remote attackers to inject arbitrary web script or HTML via the Itemid parameter to index.php.
41 CVE-2009-4578 79 2 XSS 2010-01-06 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Facileforms (com_facileforms) component for Joomla! and Mambo allows remote attackers to inject arbitrary web script or HTML via the Itemid parameter to index.php.
42 CVE-2009-4567 79 2 XSS 2010-01-05 2017-08-17
3.5
None Remote Medium ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in editprofile.php in Viscacha 0.8 Gold allow remote authenticated users to inject arbitrary web script or HTML via the (1) skype, (2) yahoo, (3) aol, (4) msn, or (5) jabber parameter in a profile2 action. NOTE: some of these details are obtained from third party information.
43 CVE-2010-4637 79 1 XSS 2010-12-30 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in feedlist/handler_image.php in the FeedList plugin 2.61.01 for WordPress allows remote attackers to inject arbitrary web script or HTML via the i parameter.
44 CVE-2010-4630 79 1 XSS 2010-12-30 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in pages/admin/surveys/create.php in the WP Survey And Quiz Tool plugin 1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter.
45 CVE-2010-4610 79 1 XSS 2010-12-29 2011-01-04
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in Html-edit CMS 3.1.8 allows remote attackers to inject arbitrary web script or HTML via the error parameter.
46 CVE-2010-4607 79 1 XSS 2010-12-29 2011-01-04
2.6
None Remote High Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Habari 0.6.5, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) additem_form parameter to system/admin/dash_additem.php and the (2) status_data[] parameter to system/admin/dash_status.php. NOTE: some of these details are obtained from third party information.
47 CVE-2010-4514 79 1 XSS 2010-12-09 2010-12-10
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Install/InstallWizard.aspx in DotNetNuke 5.05.01 and 5.06.00 allows remote attackers to inject arbitrary web script or HTML via the __VIEWSTATE parameter. NOTE: some of these details are obtained from third party information.
48 CVE-2010-4513 79 1 XSS 2010-12-09 2018-10-10
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Zimplit CMS 3.0, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) file parameter in a load action to zimplit.php and (2) client parameter to English_manual_version_2.php.
49 CVE-2010-4504 79 1 XSS 2010-12-08 2010-12-09
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in eSyndiCat Directory 2.3 allow remote attackers to inject arbitrary web script or HTML via the title parameter to (1) suggest-category.php and (2) suggest-listing.php.
50 CVE-2010-4480 79 1 XSS 2010-12-08 2011-01-28
4.3
None Remote Medium Not required None Partial None
error.php in PhpMyAdmin 3.3.8.1, and other versions before 3.4.0-beta1, allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted BBcode tag containing "@" characters, as demonstrated using "[a@url@page]".
Total number of vulnerabilities : 605   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.