Total
27423 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-1367 | 1 Uiga | 1 Fan Club | 2010-04-14 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in admin/admin_login.php in Uiga Fan Club, as downloaded on 20100310, allow remote attackers to inject arbitrary web script or HTML via the (1) admin_name and (2) admin_password parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-1358 | 2 Drupal, Ron Jerome | 2 Drupal, Bibliography | 2010-04-14 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio) module 5.x through 5.x-1.17 and 6.x through 6.x-1.9 for Drupal allows remote authenticated users, with "administer biblio" privileges, to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-1339 | 2 Robertotto, Woltlab | 2 Teamsite Hack Plugin, Burning Board | 2010-04-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ts_other.php in the Teamsite Hack plugin 3.0 and earlier for WoltLab Burning Board allows remote attackers to inject arbitrary web script or HTML via the userid parameter in a modboard action, which is not properly handled in a forced SQL error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-1276 | 1 Bbsxp | 1 Bbsxp | 2010-04-07 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in BBSXP 2008 SP2 allow remote attackers to inject arbitrary web script or HTML via the URI in a request to (1) AddPost.asp, (2) AddTopic.asp, (3) Admin_Default.asp, (4) Bank.asp, (5) Manage.asp, and (6) ShowPost.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-1195 | 1 Ikiwiki | 1 Ikiwiki | 2010-04-01 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the htmlscrubber component in ikiwiki 2.x before 2.53.5 and 3.x before 3.20100312 allows remote attackers to inject arbitrary web script or HTML via a crafted data:image/svg+xml URI. | |||||
| CVE-2010-1112 | 1 Tristan Barczyk | 1 Klonews | 2010-03-26 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in cat.php in KloNews 2.0 allows remote attackers to inject arbitrary web script or HTML via the cat parameter. | |||||
| CVE-2009-2907 | 1 Springsource | 3 Application Management Suite, Hyperic Hq, Tc Server | 2010-03-25 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SpringSource tc Server 6.0.20.B and earlier, Application Management Suite (AMS) before 2.0.0.SR4, Hyperic HQ Open Source before 4.2.x, Hyperic HQ 4.0 Enterprise before 4.0.3.2, and Hyperic HQ 4.1 Enterprise before 4.1.2.1 allow remote attackers to inject arbitrary web script or HTML via the description field and unspecified "input fields." | |||||
| CVE-2010-1079 | 1 Sawmill | 1 Sawmill | 2010-03-24 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Sawmill before 7.2.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-1076 | 1 Entrylevelcms | 1 El Cms | 2010-03-24 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Entry Level CMS (EL CMS) allows remote attackers to inject arbitrary web script or HTML via the subj parameter, which is not properly handled in a forced SQL error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-1048 | 1 Uiga | 1 Business Portal | 2010-03-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in blog/index.php in Uiga Business Portal allows remote attackers to inject arbitrary web script or HTML via the textcomment parameter (aka the Comment Box) in a noentryid action. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-1052 | 1 Alexandre Dubus | 1 Audistat | 2010-03-23 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in AudiStat 1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) year and (2) mday parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-1020 | 2 Sk-typo3, Typo3 | 2 Sk Simplegallery, Typo3 | 2010-03-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Simple Gallery (sk_simplegallery) extension 0.0.9 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-0736 | 1 Viewvc | 1 Viewvc | 2010-03-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the view_queryform function in lib/viewvc.py in ViewVC before 1.0.10, and 1.1.x before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via "user-provided input." | |||||
| CVE-2010-1008 | 2 Christian Hennecke, Typo3 | 2 Chsellector, Typo3 | 2010-03-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Sellector.com Widget Integration (chsellector) extension before 0.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-1021 | 2 Mads Brunn, Typo3 | 2 T3quixplorer, Typo3 | 2010-03-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Typo3 Quixplorer (t3quixplorer) extension before 1.7.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-1014 | 2 Steffen Kamper, Typo3 | 2 Reports Logview, Typo3 | 2010-03-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Reports Logfile View (reports_logview) extension 1.2.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2010-1005 | 2 Mischa Heimann, Typo3 | 2 Yatse, Typo3 | 2010-03-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2009-4714 | 1 Alexandre Amaral | 1 Xoops Celepar | 2010-03-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the quiz module for XOOPS Celepar allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to cadastro_usuario.php. | |||||
| CVE-2010-0979 | 1 Obsession-design | 1 Image-gallery | 2010-03-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in display.php in Obsession-Design Image-Gallery (ODIG) 1.1 allows remote attackers to inject arbitrary web script or HTML via the folder parameter. | |||||
| CVE-2010-0963 | 1 Yuri D\'elia | 1 Dl | 2010-03-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in dl Download Ticket Service before 0.7 allows remote attackers to inject arbitrary web script or HTML via the t parameter, related to an invalid ticket ID. NOTE: some of these details are obtained from third party information. | |||||