CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2010(Cross Site Scripting (XSS))

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
251 CVE-2010-2013 79 XSS 2010-05-24 2018-10-10
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in cp/edit_email.php in LiSK CMS 4.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
252 CVE-2010-2010 79 XSS 2010-05-21 2017-08-17
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the Chaos Tool Suite (aka CTools) module 6.x before 6.x-1.4 for Drupal allow remote attackers to inject arbitrary web script or HTML via a node title.
253 CVE-2010-2003 79 1 XSS 2010-05-20 2018-10-10
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in misc/get_admin.php in Advanced Poll 2.08 allows remote attackers to inject arbitrary web script or HTML via the mysql_host parameter.
254 CVE-2010-2002 79 XSS 2010-05-20 2010-05-21
2.1
None Remote High ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Wordfilter module 5.x before 5.x-1.1 and 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with "administer words filtered" privileges, to inject arbitrary web script or HTML via the word list.
255 CVE-2010-2001 79 XSS 2010-05-20 2010-05-21
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in the CiviRegister module before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the URI.
256 CVE-2010-2000 79 XSS 2010-05-20 2010-05-21
2.1
None Remote High ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio) module 5.x through 5.x-1.17 and 6.x through 6.x-1.9 for Drupal allows remote authenticated users, with "administer biblio" privileges, to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-1358.
257 CVE-2010-1998 79 XSS 2010-05-20 2017-08-17
2.1
None Remote High ??? None Partial None
Cross-site scripting (XSS) vulnerability in the CCK TableField module 6.x before 6.x-1.2 for Drupal allows remote authenticated users, with certain node creation or editing privileges, to inject arbitrary web script or HTML via table headers.
258 CVE-2010-1997 79 1 XSS 2010-05-20 2018-10-10
2.1
None Remote High ??? None Partial None
Cross-site scripting (XSS) vulnerability in admin/edit.php in Saurus CMS 4.7.0 allows remote authenticated users, with "Article list" edit privileges, to inject arbitrary web script or HTML via the pealkiri parameter.
259 CVE-2010-1996 79 XSS 2010-05-20 2017-08-17
2.1
None Remote High ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in index.php in TomatoCMS before 2.0.5 allow remote authenticated users, with certain creation privileges, to inject arbitrary web script or HTML via the (1) content parameter in conjunction with a /admin/poll/add PATH_INFO, the (2) meta parameter in conjunction with a /admin/category/add PATH_INFO, and the (3) keyword parameter in conjunction with a /admin/tag/add PATH_INFO.
260 CVE-2010-1995 79 XSS 2010-05-20 2018-10-10
2.1
None Remote High ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in index.php in TomatoCMS before 2.0.5 allow remote authenticated users, with "Add new article" privileges, to inject arbitrary web script or HTML via the (1) title, (2) subTitle, and (3) author parameters in conjunction with a /admin/news/article/add PATH_INFO.
261 CVE-2010-1985 79 XSS 2010-05-19 2010-05-20
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in Six Apart Movable Type 5.0 and 5.01 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.
262 CVE-2010-1984 79 XSS 2010-05-19 2017-08-17
2.1
None Remote High ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Taxonomy Breadcrumb module 5.x before 5.x-1.5 and 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web script or HTML via the taxonomy term name in a Breadcrumb display.
263 CVE-2010-1976 79 XSS 2010-05-19 2017-08-17
2.1
None Remote High ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Taxonomy Breadcrumb module 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web script or HTML via the node title in a Breadcrumb display.
264 CVE-2010-1969 79 XSS 2010-07-22 2019-10-09
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in HP Virtual Connect Enterprise Manager for Windows before 6.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
265 CVE-2010-1963 79 XSS 2010-06-07 2019-10-09
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in HP ServiceCenter allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
266 CVE-2010-1958 79 XSS 2010-06-21 2017-08-17
2.1
None Remote High ??? None Partial None
Cross-site scripting (XSS) vulnerability in the FileField module 5.x before 5.x-2.5 and 6.x before 6.x-3.4 for Drupal allows remote authenticated users, with create or edit permissions and 'Path to File' or 'URL to File' display enabled, to inject arbitrary web script or HTML via the file name (filepath parameter).
267 CVE-2010-1905 79 XSS 2010-05-12 2018-10-10
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allow remote attackers to inject arbitrary web script or HTML via crafted input to ASP pages, as demonstrated using the backurl parameter to sdccommon/verify/asp/n6plugindestructor.asp.
268 CVE-2010-1872 79 1 XSS 2010-05-12 2010-05-12
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in cPlayer.php in FlashCard 2.6.5 and 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: some of these details are obtained from third party information.
269 CVE-2010-1856 79 1 XSS 2010-05-07 2010-05-10
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in RepairShop2 1.9.023 Trial, when magic_quotes_gpc is disabled, allows remote attackers to inject arbitrary web script or HTML via the prod parameter in a products.details action.
270 CVE-2010-1854 79 XSS 2010-05-07 2010-05-10
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in auktion.php in Pay Per Watch & Bid Auktions System allows remote attackers to inject arbitrary web script or HTML via the id_auk parameter, which is not properly handled in a forced SQL error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this might be resultant from CVE-2010-1855.
271 CVE-2010-1778 79 XSS 2010-07-30 2017-09-19
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via an RSS feed.
272 CVE-2010-1762 79 XSS 2010-06-11 2017-09-19
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML in a TEXTAREA element.
273 CVE-2010-1746 79 1 XSS 2010-05-06 2017-08-17
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the Table JX (com_grid) component for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) data_search and (2) rpp parameters to index.php.
274 CVE-2010-1742 79 2 XSS 2010-05-06 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in projects.php in Scratcher allows remote attackers to inject arbitrary web script or HTML via the show parameter.
275 CVE-2010-1738 79 XSS 2010-05-06 2010-05-07
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in lib/LXR/Common.pm in LXR Cross Referencer before 0.9.8 allows remote attackers to inject arbitrary web script or HTML via a title string.
276 CVE-2010-1724 79 XSS 2010-05-06 2018-10-10
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Zikula Application Framework 1.2.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) func parameter to index.php, or the (2) lang parameter to index.php, which is not properly handled by ZLanguage.php.
277 CVE-2010-1712 79 1 XSS 2010-05-04 2017-08-17
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in base/Comments.php in Webmobo WB News 2.3.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and possibly (2) message parameters. NOTE: some of these details are obtained from third party information.
278 CVE-2010-1711 79 2 XSS 2010-05-04 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in carga_foto_al.php in Siestta 2.0, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the usuario parameter.
279 CVE-2010-1709 79 XSS 2010-05-04 2017-08-17
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in upload.cgi in G5-Scripts Auto-Img-Gallery 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) user and (2) pass parameters.
280 CVE-2010-1707 79 XSS 2010-05-04 2010-05-04
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in register.php in Piwigo 2.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) login and (2) mail_address parameters.
281 CVE-2010-1703 79 2 XSS 2010-05-04 2017-08-17
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in index_search.php in 2daybiz Polls (aka Advanced Poll) Script allow remote attackers to inject arbitrary web script or HTML via the (1) category parameter or (2) search field.
282 CVE-2010-1667 79 XSS 2010-07-06 2017-08-17
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
283 CVE-2010-1662 79 2 XSS 2010-05-03 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in acpmoderate.php in PHP-Quick-Arcade (PHPQA) 3.0.21 allows remote attackers to inject arbitrary web script or HTML via the serv parameter.
284 CVE-2010-1655 79 XSS 2010-05-03 2018-10-10
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in User/User_ChkLogin.asp in PowerEasy 2006 and PowerEasy SiteWeaver 6.8 allows remote attackers to inject arbitrary web script or HTML via the ComeUrl parameter.
285 CVE-2010-1649 79 XSS 2010-06-08 2018-08-13
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the back end in Joomla! 1.5 through 1.5.17 allow remote attackers to inject arbitrary web script or HTML via unknown vectors related to "various administrator screens," possibly the search parameter in administrator/index.php.
286 CVE-2010-1647 79 XSS 2010-06-08 2010-07-30
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in MediaWiki 1.15 before 1.15.4 and 1.16 before 1.16 beta 3 allows remote attackers to inject arbitrary web script or HTML via crafted Cascading Style Sheets (CSS) strings that are processed as script by Internet Explorer.
287 CVE-2010-1644 79 XSS 2010-08-23 2012-02-16
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Cacti before 0.8.7f, as used in Red Hat High Performance Computing (HPC) Solution and other products, allow remote attackers to inject arbitrary web script or HTML via the (1) hostname or (2) description parameter to host.php, or (3) the host_id parameter to data_sources.php.
288 CVE-2010-1629 79 XSS 2010-05-19 2010-05-26
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Phorum before 5.2.15 allows remote attackers to inject arbitrary web script or HTML via an invalid email address.
289 CVE-2010-1625 79 XSS 2010-06-24 2010-06-24
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in LXR Cross Referencer before 0.9.7 allows remote attackers to inject arbitrary web script or HTML via vectors related to the search body and the results page for a search, a different vulnerability than CVE-2009-4497 and CVE-2010-1448.
290 CVE-2010-1619 79 XSS 2010-04-29 2020-12-01
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the fix_non_standard_entities function in the KSES HTML text cleaning library (weblib.php), as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via crafted HTML entities.
291 CVE-2010-1618 79 XSS 2010-04-29 2020-12-01
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message.
292 CVE-2010-1614 79 XSS CSRF 2010-04-29 2020-12-01
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the Login-As feature or (2) when the global search feature is enabled, unspecified global search forms in the Global Search Engine. NOTE: vector 1 might be resultant from a cross-site request forgery (CSRF) vulnerability.
293 CVE-2010-1609 79 XSS 2010-04-29 2018-10-10
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in SAP NetWeaver 2004 before SP21 and 2004s before SP13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
294 CVE-2010-1606 79 2 XSS 2010-04-29 2017-08-17
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in NCT Jobs Portal Script allow remote attackers to inject arbitrary web script or HTML via the (1) search, (2) Keywords, (3) Tags, or (4) Desired City field.
295 CVE-2010-1594 79 1 XSS 2010-04-28 2017-08-17
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in ocsreports/index.php in OCS Inventory NG 1.02.1 allow remote attackers to inject arbitrary web script or HTML via (1) the query string, (2) the BASE parameter, or (3) the ega_1 parameter. NOTE: some of these details are obtained from third party information.
296 CVE-2010-1593 79 XSS 2010-04-28 2018-10-10
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via (1) the CommenterURL parameter to PostCommentForm, and in the Forum module before 0.2.5 in SilverStripe before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via (2) the Search parameter to forums/search (aka the search script).
297 CVE-2010-1590 79 XSS 2010-04-28 2010-04-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in shopsessionsubs.asp in Rocksalt International VP-ASP Shopping Cart 6.50 and earlier might allow remote attackers to inject arbitrary web script or HTML via the client's DNS hostname (aka the REMOTE_HOST variable), related to the CookielessGenerateFilename and CookielessReadFile functions.
298 CVE-2010-1584 79 1 XSS 2010-05-19 2017-08-17
2.1
None Remote High ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Context module before 6.x-2.0-rc4 for Drupal allows remote authenticated users, with Administer Blocks privileges, to inject arbitrary web script or HTML via a block description.
299 CVE-2010-1557 79 XSS 2010-05-14 2010-05-21
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in HP Insight Control Server Migration before 6.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
300 CVE-2010-1543 79 XSS 2010-04-26 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the eTracker module before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML by appending a crafted string to an arbitrary URL associated with the Drupal site.
Total number of vulnerabilities : 605   Page : 1 2 3 4 5 6 (This Page)7 8 9 10 11 12 13
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.