Vulnerabilities (CVE)

Filtered by CWE-79
Total 28117 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-3921 1 Sixapart 1 Movabletype 2011-01-12 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Movable Type 4.x before 4.35 and 5.x before 5.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-4589 1 Ibm 1 Enovia 2011-01-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in IBM ENOVIA 6 allows remote attackers to inject arbitrary web script or HTML via vectors related to the emxFramework.FilterParameterPattern property.
CVE-2010-4521 2 Drupal, Earl Miles 2 Drupal, Views 2011-01-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Views module 6.x before 6.x-2.12 for Drupal allows remote attackers to inject arbitrary web script or HTML via a page path.
CVE-2010-4276 1 Livezilla 1 Livezilla 2011-01-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the lz_tracking_set_sessid function in templates/jscript/jstrack.tpl in LiveZilla 3.2.0.2 allows remote attackers to inject arbitrary web script or HTML via the livezilla parameter in a track action to server.php.
CVE-2010-4114 2 Hp, Microsoft 2 Discovery\&dependency Mapping Inventory, Windows 2011-01-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in HP Discovery & Dependency Mapping Inventory (DDMI) 2.5x, 7.5x, and 7.6x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-4111 3 Hp, Linux, Microsoft 3 Insight Diagnostics, Linux Kernel, Windows 2011-01-11 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.1.3712 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-4152 1 Ibm 1 Websphere Portal 2011-01-06 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Collaboration component in IBM WebSphere Portal 6.1.x before 6.1.0.3 allows remote attackers to inject arbitrary web script or HTML via the people picker tag.
CVE-2009-4157 2 Joomla, Joomlatune 2 Joomla\!, Com Proofreader 2011-01-06 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php in the ProofReader (com_proofreader) component 1.0 RC9 and earlier for Joomla! allow remote attackers to inject arbitrary web script or HTML via the URI, which is not properly handled in (1) 404 or (2) error pages.
CVE-2009-4169 2 Roytanck, Wordpress 2 Wp-cumulus, Wordpress 2011-01-06 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in wp-cumulus.php in the WP-Cumulus Plug-in before 1.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-4607 1 Habariproject 1 Habari 2011-01-04 2.6 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in Habari 0.6.5, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) additem_form parameter to system/admin/dash_additem.php and the (2) status_data[] parameter to system/admin/dash_status.php. NOTE: some of these details are obtained from third party information.
CVE-2010-2802 1 Mantisbt 1 Mantisbt 2011-01-04 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in MantisBT before 1.2.2 allows remote authenticated users to inject arbitrary web script or HTML via an HTML document with a .gif filename extension, related to inline attachments.
CVE-2010-4610 1 Html-edit 1 Html-edit Cms 2011-01-04 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in Html-edit CMS 3.1.8 allows remote attackers to inject arbitrary web script or HTML via the error parameter.
CVE-2010-4522 1 Mybb 1 Mybb 2010-12-31 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) 1.4.14, and 1.6.x before 1.6.1, allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) editpost.php, (2) member.php, and (3) newreply.php.
CVE-2010-4618 2 Algisinfo, Joomla 2 Aicontactsafe, Joomla\! 2010-12-30 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the Algis Info aiContactSafe component before 2.0.14 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-4590 1 Ibm 1 Lotus Mobile Connect 2010-12-27 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in HTTP Access Services (HTTP-AS) in the Connection Manager in IBM Lotus Mobile Connect (LMC) before 6.1.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-4520 2 Drupal, Earl Miles 2 Drupal, Views 2010-12-23 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Views module 6.x before 6.x-2.11 for Drupal allow remote attackers to inject arbitrary web script or HTML via (1) a URL or (2) an aggregator feed title.
CVE-2009-4252 1 Clixint 1 Image Hosting Script Dpi 2010-12-22 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in images.php in Image Hosting Script DPI 1.1 Final (1.1F) allows remote attackers to inject arbitrary web script or HTML via the date parameter. NOTE: some of these details are obtained from third party information.
CVE-2005-2254 1 Gianluca Baldo 1 Phpauction 2010-12-21 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in PhpAuction 2.5 allow remote attackers to inject arbitrary web script or HTML via the lan parameter to (1) index.php or (2) admin/index.php, or (3) the auction_id parameter to profile.php. NOTE: there is evidence that viewnews.php and login.php may not be part of the PhpAuction product, so they are not included in this description.
CVE-2010-4518 2 Wobeo, Wordpress 2 Wp-safe-search, Wordpress 2010-12-18 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in wp-safe-search/wp-safe-search-jx.php in the Safe Search plugin 0.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the v1 parameter.
CVE-2010-4515 1 Citrix 1 Web Interface 2010-12-18 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Citrix Web Interface 5.0, 5.1, and 5.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2007-6477 and CVE-2009-2454.