CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2010(Cross Site Scripting (XSS))

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2010-4120 79 XSS 2010-10-28 2017-08-17
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the TAM console in IBM Tivoli Access Manager for e-business 6.1.0 before 6.1.0-TIV-TAM-FP0006 allow remote attackers to inject arbitrary web script or HTML via (1) the parm1 parameter to ivt/ivtserver, or the method parameter to (2) acl, (3) domain, (4) group, (5) gso, (6) gsogroup, (7) os, (8) pop, (9) rule, (10) user, or (11) webseal in ibm/wpm/.
2 CVE-2010-4097 79 XSS 2010-10-27 2018-10-10
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Aardvark Topsites PHP 5.2.0 and 5.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) mail, (2) title, (3) u, and (4) url parameters. NOTE: the q parameter is already covered by CVE-2009-2302.
3 CVE-2010-4047 79 XSS 2010-10-21 2017-09-19
4.3
None Remote Medium Not required None Partial None
Opera before 10.63 does not properly select the security context of JavaScript code associated with an error page, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site.
4 CVE-2010-4045 264 Exec Code XSS 2010-10-21 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Opera before 10.63 does not properly restrict web script in unspecified circumstances involving reloads and redirects, which allows remote attackers to spoof the Address Bar, conduct cross-site scripting (XSS) attacks, and possibly execute arbitrary code by leveraging the ability of a script to interact with a web page from (1) a different domain or (2) a different security context.
5 CVE-2010-4023 79 XSS 2010-10-28 2010-11-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in HP Insight Control Power Management before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
6 CVE-2010-3994 79 XSS 2010-10-28 2010-11-06
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in HP Version Control Repository Manager (VCRM) before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
7 CVE-2010-3991 79 XSS 2010-10-28 2010-11-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in HP Insight Control Server Migration before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
8 CVE-2010-3987 79 XSS 2010-10-28 2010-11-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in HP Insight Control Virtual Machine Management before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
9 CVE-2010-3985 79 XSS 2010-10-26 2021-07-23
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in HP Operations Orchestration before 9.0, when Internet Explorer 6.0 is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
10 CVE-2010-3981 79 XSS 2010-10-18 2010-11-03
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to inject arbitrary web script or HTML via the ServiceClass field to the Edit Service Parameters page.
11 CVE-2010-3882 79 XSS 2010-10-08 2010-10-11
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple 1.7.1 and earlier allow remote attackers to inject arbitrary web script or HTML via input to the (1) Add Pages, (2) Add Global Content, (3) Edit Global Content, (4) Add Article, (5) Add Category, (6) Add Field Definition, or (7) Add Shortcut module.
12 CVE-2010-3841 79 XSS 2010-10-18 2017-08-17
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in lib/TWiki.pm in TWiki before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the rev parameter to the view script or (2) the query string to the login script.
13 CVE-2010-3763 79 XSS 2010-10-05 2013-08-27
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in core/summary_api.php in MantisBT before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via the Summary field, a different vector than CVE-2010-3303.
14 CVE-2010-3715 79 XSS 2010-10-25 2010-10-27
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the RemoveXSS function, and allow remote authenticated users to inject arbitrary web script or HTML via vectors related to (2) the backend.
15 CVE-2010-3712 79 XSS 2010-10-28 2018-08-13
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x before 1.5.21 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving "multiple encoded entities," as demonstrated by the query string to index.php in the com_weblinks or com_content component.
16 CVE-2010-3690 79 XSS 2010-10-07 2019-12-30
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in phpCAS before 1.1.3, when proxy mode is enabled, allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Proxy Granting Ticket IOU (PGTiou) parameter to the callback function in client.php, (2) vectors involving functions that make getCallbackURL calls, or (3) vectors involving functions that make getURL calls.
17 CVE-2010-3303 79 XSS 2010-10-05 2013-08-27
3.5
None Remote Medium ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before 1.2.3 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) a plugin name, related to manage_plugin_uninstall.php; (2) an enumeration value or (3) a String value of a custom field, related to core/cfdefs/cfdef_standard.php; or a (4) project or (5) category name to print_all_bug_page_word.php.
18 CVE-2010-3291 79 XSS 2010-10-21 2010-11-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in HP AssetCenter 5.0x through AC_5.03, and AssetManager 5.1x through AM_5.12 and 5.2x through AM_5.22, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
19 CVE-2010-3289 79 XSS 2010-10-23 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in HP Systems Insight Manager (SIM) before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
20 CVE-2010-3243 79 XSS 2010-10-13 2021-07-23
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "HTML Sanitization Vulnerability."
21 CVE-2010-3177 79 XSS 2010-10-21 2017-09-19
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the Gopher parser in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, and SeaMonkey before 2.0.9, allow remote attackers to inject arbitrary web script or HTML via a crafted name of a (1) file or (2) directory on a Gopher server.
22 CVE-2010-2886 79 XSS 2010-10-26 2010-10-28
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Adobe RoboHelp 7 and 8, and RoboHelp Server 7 and 8, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
23 CVE-2010-2885 79 XSS 2010-10-26 2010-10-28
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 7 and 8, and RoboHelp Server 7 and 8, allows remote attackers to inject arbitrary web script or HTML via vectors related to WebHelp generation with RoboHelp for Word.
24 CVE-2010-2535 79 XSS 2010-10-05 2010-10-05
3.5
None Remote Medium ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the Back End in Joomla! 1.5.x before 1.5.20 allow remote authenticated users to inject arbitrary web script or HTML via administrator screens.
25 CVE-2010-2367 79 XSS 2010-10-06 2010-10-07
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in search.cgi in AD-EDIT2 before 3.0.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Total number of vulnerabilities : 25   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.