Vulnerabilities (CVE)

Filtered by CWE-79
Total 18948 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-2283 1 Sun 2 Java Web Console, Solaris 2010-06-13 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the help jsp scripts in Sun Java Web Console 3.0.2 through 3.0.5, and Sun Java Web Console in Solaris 10, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-2256 1 Payperviewvideosoftware 1 Pay Per Minute Video Chat Script 2010-06-10 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Pay Per Minute Video Chat Script 2.0 and 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/memberviewdetails.php and the (2) model parameter to videos.php.
CVE-2010-2158 2 Drupal, Speedtech 2 Drupal, Storm 2010-06-08 2.1 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) phone, or (3) im parameter in a stormperson action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2010-2150 1 Fujitsu 1 E-pares 2010-06-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability Fujitsu e-Pares V01 L01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-2144 1 Zeeways 1 Ebay Clone Auction Script 2010-06-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in signinform.php in Zeeways eBay Clone Auction Script allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: some of these details are obtained from third party information.
CVE-2010-2088 1 Microsoft 1 Asp.net 2010-05-28 4.3 MEDIUM N/A
ASP.NET in Microsoft .NET 3.5 does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks against the form control via the __VIEWSTATE parameter.
CVE-2010-2084 1 Microsoft 1 Asp.net 2010-05-28 4.3 MEDIUM N/A
Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to an attribute.
CVE-2010-2085 1 Microsoft 1 .net Framework 2010-05-28 4.3 MEDIUM N/A
The default configuration of ASP.NET in Microsoft .NET before 1.1 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the __VIEWSTATE parameter.
CVE-2010-2086 1 Apache 1 Myfaces 2010-05-28 4.0 MEDIUM N/A
Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application Server and other applications, does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks or execute arbitrary Expression Language (EL) statements via vectors that involve modifying the serialized view object.
CVE-2010-1629 1 Phorum 1 Phorum 2010-05-26 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Phorum before 5.2.15 allows remote attackers to inject arbitrary web script or HTML via an invalid email address.
CVE-2010-1486 1 Cactushop 1 Cactushop 2010-05-26 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in _invoice.asp in CactuShop before 6.155 allow remote attackers to inject arbitrary web script or HTML via the (1) billing address or (2) shipping address.
CVE-2010-2046 2 Activehelper, Joomla 2 Com Activehelper Livehelp, Joomla\! 2010-05-26 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the ActiveHelper LiveHelp (com_activehelper_livehelp) component 2.0.3 for Joomla! allow remote attackers to inject arbitrary web script or HTML via (1) the DOMAINID parameter to server/cookies.php or (2) the SERVER parameter to server/index.php.
CVE-2010-2049 1 Manageengine 1 Adaudit Plus 2010-05-26 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in jsp/audit/reports/ExportReport.jsp in ManageEngine ADAudit Plus 4.0.0 build 4043 allows remote attackers to inject arbitrary web script or HTML via the reportList parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-2268 1 Sun 1 Java System Access Manager 2010-05-25 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in the Cross-Domain Controller (CDC) servlet in Sun Java System Access Manager 6 2005Q1, 7 2005Q4, and 7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-2017 1 Bukulokomedia 1 Lokomedia Cms 2010-05-24 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in hasil-pencarian.html in Lokomedia CMS 1.4.1 and 2.0 allows remote attackers to inject arbitrary web script or HTML via the kata parameter. NOTE: some of these details are obtained from third party information.
CVE-2010-2014 1 Createch-group 1 Lisk Cms 2010-05-24 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in cp/list_content.php in LiSK CMS 4.4 allows remote attackers to inject arbitrary web script or HTML via the cl or possibly id parameter.
CVE-2010-1557 1 Hp 1 Insight Control Server Migration For Windows 2010-05-21 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in HP Insight Control Server Migration before 6.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-2000 2 Drupal, Ron Jerome 2 Drupal, Bibliography 2010-05-21 2.1 LOW N/A
Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio) module 5.x through 5.x-1.17 and 6.x through 6.x-1.9 for Drupal allows remote authenticated users, with "administer biblio" privileges, to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-1358.
CVE-2009-4842 1 Toutvirtual 1 Virtualiq 2010-05-21 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in ToutVirtual VirtualIQ Pro 3.5 build 8691 allow remote attackers to inject arbitrary web script or HTML via the (1) addNewDept, (2) deptId, or (3) deptDesc parameter to tvserver/server/user/addDepartment.jsp; or the (4) firstName, (5) lastName, or (6) email parameter in a save action to tvserver/user/user.do. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2010-2002 3 Addison Berry, Drupal, Jeff Warrington 3 Wordfilter, Drupal, Wordfilter 2010-05-21 2.1 LOW N/A
Cross-site scripting (XSS) vulnerability in the Wordfilter module 5.x before 5.x-1.1 and 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with "administer words filtered" privileges, to inject arbitrary web script or HTML via the word list.