Vulnerabilities (CVE)

Filtered by CWE-79
Total 18948 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-2001 2 Drupal, Ninjitsuweb 2 Drupal, Civiregister 2010-05-21 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in the CiviRegister module before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the URI.
CVE-2010-1985 1 Sixapart 1 Movable Type 2010-05-20 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in Six Apart Movable Type 5.0 and 5.01 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2009-3467 1 Adobe 1 Coldfusion 2010-05-14 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in an unspecified method in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2010-1293 1 Adobe 1 Coldfusion 2010-05-14 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Administrator page in Adobe ColdFusion 8.0, 8.0.1, and 9.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-1482 1 Cmsmadesimple 1 Cms Made Simple 2010-05-13 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in admin/editprefs.php in the backend in CMS Made Simple (CMSMS) before 1.7.1 might allow remote attackers to inject arbitrary web script or HTML via the date_format_string parameter.
CVE-2010-1872 1 Tufat 1 Flashcard 2010-05-12 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in cPlayer.php in FlashCard 2.6.5 and 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: some of these details are obtained from third party information.
CVE-2009-4868 1 Hitronsoft 1 Answer Me 2010-05-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Hitron Soft Answer Me 1.0 allows remote attackers to inject arbitrary web script or HTML via the q_id parameter to the answers script (aka answers.php). NOTE: some of these details are obtained from third party information.
CVE-2009-4859 1 Onlinetechtools.com 1 Owos Lite 2010-05-11 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Online Work Order Suite (OWOS) Lite Edition 3.10 allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) default.asp and (2) report.asp, and the (3) go parameter to login.asp.
CVE-2009-4858 1 Turnkeyforms 1 Yahoo-answers-clone 2010-05-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in questiondetail.php in Yahoo Answers Clone allows remote attackers to inject arbitrary web script or HTML via the questionid parameter.
CVE-2009-4869 1 Hitronsoft 1 Nasim Guest Book 2010-05-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in Nasim Guest Book 1.2 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVE-2009-4861 1 Supportpro 1 Supportdesk 2010-05-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in shownews.php in SupportPRO SupportDesk 3.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVE-2010-1856 1 Realitymedias 1 Repairshop2 2010-05-10 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in index.php in RepairShop2 1.9.023 Trial, when magic_quotes_gpc is disabled, allows remote attackers to inject arbitrary web script or HTML via the prod parameter in a products.details action.
CVE-2009-4852 1 Festic 1 Semanticscuttle 2010-05-10 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in SemanticScuttle before 0.94.1 allow remote attackers to inject arbitrary web script or HTML via the sort parameter to index.php, and other unspecified vectors, a different issue than CVE-2008-6113. NOTE: some of these details are obtained from third party information.
CVE-2010-1854 1 Phpscripte24 1 Pay Per Watch \& Bid Auktions System 2010-05-10 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in auktion.php in Pay Per Watch & Bid Auktions System allows remote attackers to inject arbitrary web script or HTML via the id_auk parameter, which is not properly handled in a forced SQL error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this might be resultant from CVE-2010-1855.
CVE-2010-0594 1 Cisco 1 Router And Security Device Manager 2010-05-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Cisco Router and Security Device Manager (SDM) allows remote attackers to inject arbitrary web script or HTML via unknown vectors, aka Bug ID CSCtb38467.
CVE-2010-1707 1 Piwigo 1 Piwigo 2010-05-04 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in register.php in Piwigo 2.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) login and (2) mail_address parameters.
CVE-2009-4823 1 Cpanel 1 Cpanel 2010-05-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in frontend/x3/files/fileop.html in cPanel 11.0 through 11.24.7 allows remote attackers to inject arbitrary web script or HTML via the fileop parameter.
CVE-2010-1590 1 Vpasp 1 Vp-asp Shopping Cart 2010-04-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in shopsessionsubs.asp in Rocksalt International VP-ASP Shopping Cart 6.50 and earlier might allow remote attackers to inject arbitrary web script or HTML via the client's DNS hostname (aka the REMOTE_HOST variable), related to the CookielessGenerateFilename and CookielessReadFile functions.
CVE-2010-1193 1 Vmware 1 Server 2010-04-28 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in WebAccess in VMware Server 2.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to JSON error messages.
CVE-2009-4829 3 Drupal, James Glasgow, John Vandervort 3 Drupal, Autologout, Autologout 2010-04-28 2.1 LOW N/A
Cross-site scripting (XSS) vulnerability in the Automated Logout module 6.x-1.x before 6.x-1.7 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users with administer autologout privileges to inject arbitrary web script or HTML via unspecified vectors.