CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2010(Cross Site Scripting (XSS))

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
401 CVE-2010-0783 79 XSS 2010-11-09 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.35 and 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
402 CVE-2010-0779 79 XSS 2010-06-24 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.43, 6.1 before 6.1.0.33, and 7.0 before 7.0.0.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
403 CVE-2010-0778 79 XSS 2010-06-24 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.33 and 7.0 before 7.0.0.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
404 CVE-2010-0768 79 XSS 2010-04-01 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 allows remote attackers to inject arbitrary web script or HTML via the URI.
405 CVE-2010-0754 79 2 XSS 2010-02-27 2018-01-13
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php/Special/Main/Templates in WikyBlog 1.7.2 and 1.7.3 rc2 allows remote attackers to inject arbitrary web script or HTML via the which parameter in a copy action.
406 CVE-2010-0736 79 XSS 2010-03-19 2010-03-22
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the view_queryform function in lib/viewvc.py in ViewVC before 1.0.10, and 1.1.x before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via "user-provided input."
407 CVE-2010-0726 79 XSS 2010-03-02 2010-03-03
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the tb-send.rb (TrackBack transmission) plugin in tDiary 2.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors, possibly related to the (1) plugin_tb_url and (2) plugin_tb_excerpt parameters.
408 CVE-2010-0725 79 2 XSS 2010-02-26 2010-04-15
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in showimg.php in Arab Cart 1.0.2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
409 CVE-2010-0716 79 XSS 2010-02-26 2018-10-10
3.5
None Remote Medium ??? None Partial None
_layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading TXT files, a related issue to CVE-2008-5026. NOTE: the vendor disputes the significance of this issue, because cross-domain isolation can be implemented when needed.
410 CVE-2010-0714 79 XSS 2010-02-26 2018-10-10
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in login.jsp in IBM WebSphere Portal, IBM Lotus Web Content Management (WCM), and IBM Lotus Workplace Web Content Management 5.1.0.0 through 5.1.0.5, 6.0.0.0 through 6.0.0.4, 6.0.1.0 through 6.0.1.7, 6.1.0.0 through 6.1.0.3, and 6.1.5.0; and IBM Lotus Quickr services 8.0, 8.0.0.2, 8.1, 8.1.1, and 8.1.1.1 for WebSphere Portal; allows remote attackers to inject arbitrary web script or HTML via the query string.
411 CVE-2010-0706 79 XSS 2010-02-25 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the login/prompt component in Subex Nikira Fraud Management System allows remote attackers to inject arbitrary web script or HTML via the message parameter.
412 CVE-2010-0704 79 XSS 2010-02-25 2010-03-02
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Portlet Palette in IBM WebSphere Portal 6.0.1.5 wp6015_008_01 allows remote attackers to inject arbitrary web script or HTML via the search field.
413 CVE-2010-0703 79 1 XSS 2010-02-23 2018-10-10
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in wa/auth in PortWise SSL VPN 4.6 allows remote attackers to inject arbitrary web script or HTML via the reloadFrame parameter.
414 CVE-2010-0700 79 XSS 2010-02-23 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in WampServer 2.0i allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
415 CVE-2010-0699 79 1 XSS 2010-02-23 2010-02-24
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in VideoSearchScript Pro 3.5 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
416 CVE-2010-0697 79 XSS 2010-02-23 2017-08-17
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the iTweak Upload module 6.x-1.x before 6.x-1.2 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users, with create content and upload file permissions, to inject arbitrary web script or HTML via the file name of an uploaded file.
417 CVE-2010-0695 79 1 XSS 2010-02-23 2010-03-02
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in pages/index.php in BASIC-CMS allows remote attackers to inject arbitrary web script or HTML via the nav_id parameter.
418 CVE-2010-0684 79 XSS 2010-04-05 2018-10-10
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.
419 CVE-2010-0675 79 1 XSS 2010-02-22 2010-02-23
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in BGSvetionik BGS CMS 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the search parameter in a search action. NOTE: some of these details are obtained from third party information.
420 CVE-2010-0641 79 1 XSS 2010-02-17 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in webline/html/admin/wcs/LoginPage.jhtml in Cisco Collaboration Server (CCS) 5 allows remote attackers to inject arbitrary web script or HTML via the dest parameter.
421 CVE-2010-0640 79 XSS 2010-02-24 2018-10-10
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in CA eHealth Performance Manager 6.0.x through 6.2.x, when malicious HTML detection is disabled, allows remote attackers to inject arbitrary web script or HTML via a crafted request.
422 CVE-2010-0636 79 XSS 2010-02-12 2012-10-13
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar 1.2.0, and other versions before 1.2.5, allow remote attackers to inject arbitrary web script or HTML via the (1) tab parameter to users.php and the PATH_INFO to (2) day.php, (3) month.php, and (4) week.php. NOTE: some of these details are obtained from third party information.
423 CVE-2010-0617 79 XSS 2010-02-11 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in ajax.php in evalSMSI 2.1.03 allows remote attackers to inject arbitrary web script or HTML via the return parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
424 CVE-2010-0615 79 1 XSS 2010-02-11 2018-10-10
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in assess.php in evalSMSI 2.1.03 allows remote attackers to inject arbitrary web script or HTML via the reports comment box in a continue_assess action. NOTE: some of these details are obtained from third party information.
425 CVE-2010-0607 79 1 XSS 2010-02-11 2010-11-04
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Forms/status_statistics_1 in the Sterlite SAM300 AX Router allows remote attackers to inject arbitrary web script or HTML via the Stat_Radio parameter.
426 CVE-2010-0606 79 1 XSS 2010-02-11 2010-11-03
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users to inject arbitrary web script or HTML via the f parameter, possibly related to an error message generated by scp/admin.php.
427 CVE-2010-0594 79 XSS 2010-05-04 2010-05-04
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Cisco Router and Security Device Manager (SDM) allows remote attackers to inject arbitrary web script or HTML via unknown vectors, aka Bug ID CSCtb38467.
428 CVE-2010-0544 79 XSS 2010-06-11 2017-09-19
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to a malformed URL.
429 CVE-2010-0541 79 XSS 2010-06-17 2012-11-06
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the WEBrick HTTP server in Ruby in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote attackers to inject arbitrary web script or HTML via a crafted URI that triggers a UTF-7 error page.
430 CVE-2010-0494 200 XSS Bypass +Info 2010-03-31 2021-07-23
4.3
None Remote Medium Not required Partial None None
Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 allows user-assisted remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted HTML document in a situation where the client user drags one browser window across another browser window, aka "HTML Element Cross-Domain Vulnerability."
431 CVE-2010-0475 79 XSS 2010-05-14 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in esp/editUser.esp in the Palo Alto Networks firewall 3.0.x before 3.0.9 and 3.1.x before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the role parameter.
432 CVE-2010-0470 79 1 XSS 2010-02-02 2010-02-03
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in scvrtsrv.cmd in Comtrend CT-507IT ADSL Router allows remote attackers to inject arbitrary web script or HTML via the srvName parameter.
433 CVE-2010-0468 79 XSS 2010-02-02 2018-10-10
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in utilities/longproc.cfm in PaperThin CommonSpot Content Server allows remote attackers to inject arbitrary web script or HTML via the url parameter.
434 CVE-2010-0465 79 XSS 2010-03-19 2018-10-10
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the online Documents functionality in SugarCRM 5.2.x before 5.2.0l and 5.5.x before 5.5.0a allows remote authenticated users to inject arbitrary web script or HTML via the Document Name field.
435 CVE-2010-0460 79 1 XSS 2010-01-28 2018-10-10
3.5
None Remote Medium ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in staff/index.php in Kayako SupportSuite 3.60.04 and earlier allow remote authenticated users to inject arbitrary web script or HTML via the (1) subject parameter and (2) contents parameter (aka body) in an insertquestion action. NOTE: some of these details are obtained from third party information.
436 CVE-2010-0455 79 1 XSS 2010-01-28 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in forum/viewtopic.php in PunBB 1.3 allows remote attackers to inject arbitrary web script or HTML via the pid parameter.
437 CVE-2010-0452 79 XSS 2010-03-29 2019-10-09
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in HP Project and Portfolio Management Center (PPMC, formerly Mercury IT Governance) 7.1 through SP10 and 7.5 through SP3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
438 CVE-2010-0449 79 XSS 2010-03-31 2019-10-09
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in HP SOA Registry Foundation 6.63 and 6.64 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
439 CVE-2010-0440 79 XSS 2010-02-03 2018-11-15
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in +CSCOT+/translation in Cisco Secure Desktop 3.4.2048, and other versions before 3.5; as used in Cisco ASA appliance before 8.2(1), 8.1(2.7), and 8.0(5); allows remote attackers to inject arbitrary web script or HTML via a crafted POST parameter, which is not properly handled by an eval statement in binary/mainv.js that writes to start.html.
440 CVE-2010-0432 79 XSS 2010-04-15 2018-07-30
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.
441 CVE-2010-0376 79 2 XSS 2010-01-21 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in product_list.php in JCE-Tech PHP Calendars, downloaded 2010-01-11, allows remote attackers to inject arbitrary web script or HTML via the cat parameter. NOTE: this issue is reportedly resultant from a forced SQL error message that occurs from exploitation of CVE-2010-0375.
442 CVE-2010-0374 79 1 XSS 2010-01-21 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Marketplace (com_marketplace) component 1.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the catid parameter in a show_category action to index.php.
443 CVE-2010-0371 79 1 XSS 2010-01-21 2017-08-17
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Hitmaaan Gallery 1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) gall and (2) levela parameters.
444 CVE-2010-0370 79 1 XSS 2010-01-21 2018-10-10
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Node Blocks module 5.x-1.1 and earlier, and 6.x-1.3 and earlier, a module for Drupal, allows remote authenticated users, with permissions to create or edit content and administer blocks, to inject arbitrary web script or HTML via the edit-title parameter (aka block title).
445 CVE-2010-0365 79 1 XSS 2010-01-21 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in search.php in BitScripts Bits Video Script 2.04 and 2.05 Gold Beta allows remote attackers to inject arbitrary web script or HTML via the order parameter.
446 CVE-2010-0363 79 XSS 2010-01-20 2010-02-02
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in Zeus Web Server before 4.3r5, when SSL is enabled for the admin server, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2002-1785.
447 CVE-2010-0357 79 XSS 2010-01-20 2017-08-17
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Login page in IBM Lotus Web Content Management (WCM) 6.0.1.4, 6.0.1.5, and 6.0.1.6 before iFix 32; and 6.1.0.1 and 6.1.0.2 before iFix 24; for WebSphere Portal allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
448 CVE-2010-0349 79 XSS 2010-01-15 2011-04-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in C3 Corp. WebCalenderC3 0.32 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors. NOTE: this issue could not be reproduced by the vendor, but a patch was provided anyway. The original researcher is reliable.
449 CVE-2010-0347 79 XSS 2010-01-15 2011-04-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the VD / Geomap (vd_geomap) extension 0.3.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
450 CVE-2010-0346 79 XSS 2010-01-15 2011-04-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Tip many friends (mimi_tipfriends) extension 0.0.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Total number of vulnerabilities : 605   Page : 1 2 3 4 5 6 7 8 9 (This Page)10 11 12 13
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.