Search Results (47294 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-1742 1 Satyadeep 1 Scratcher 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in projects.php in Scratcher allows remote attackers to inject arbitrary web script or HTML via the show parameter.
CVE-2010-2001 2 Drupal, Ninjitsuweb 2 Drupal, Civiregister 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the CiviRegister module before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the URI.
CVE-2010-2002 3 Addison Berry, Drupal, Jeff Warrington 3 Wordfilter, Drupal, Wordfilter 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Wordfilter module 5.x before 5.x-1.1 and 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with "administer words filtered" privileges, to inject arbitrary web script or HTML via the word list.
CVE-2010-2000 2 Drupal, Ron Jerome 2 Drupal, Bibliography 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio) module 5.x through 5.x-1.17 and 6.x through 6.x-1.9 for Drupal allows remote authenticated users, with "administer biblio" privileges, to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-1358.
CVE-2010-2017 1 Bukulokomedia 1 Lokomedia Cms 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in hasil-pencarian.html in Lokomedia CMS 1.4.1 and 2.0 allows remote attackers to inject arbitrary web script or HTML via the kata parameter. NOTE: some of these details are obtained from third party information.
CVE-2010-2014 1 Createch-group 1 Lisk Cms 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in cp/list_content.php in LiSK CMS 4.4 allows remote attackers to inject arbitrary web script or HTML via the cl or possibly id parameter.
CVE-2010-2032 1 Caucho 1 Resin 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in resin-admin/digest.php in Caucho Technology Resin Professional 3.1.5, 3.1.10, 4.0.6, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the (1) digest_realm or (2) digest_username parameters. NOTE: some of these details are obtained from third party information.
CVE-2010-2073 1 Debian 1 Pyftpd 2025-04-11 7.5 High
auth_db_config.py in Pyftpd 0.8.4 contains hard-coded usernames and passwords for the (1) test, (2) user, and (3) roxon accounts, which allows remote attackers to read arbitrary files from the FTP server.
CVE-2010-2088 1 Microsoft 1 Asp.net 2025-04-11 N/A
ASP.NET in Microsoft .NET 3.5 does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks against the form control via the __VIEWSTATE parameter.
CVE-2010-2509 1 2daybiz 1 Web Template Software 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in 2daybiz Web Template Software allow remote attackers to inject arbitrary web script or HTML via the (1) keyword parameter to category.php and the (2) password parameter to memberlogin.php.
CVE-2010-2506 1 Cisco 2 Linksys Firmware, Linksys Wap54g 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in debug.cgi in Linksys WAP54Gv3 firmware 3.05.03 and 3.04.03 allows remote attackers to inject arbitrary web script or HTML via the data1 parameter.
CVE-2010-2514 2 Dacian Strain, Joomla 2 Com Jfaq, Joomla\! 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the JFaq (com_jfaq) component 1.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the question parameter in an add2 action to index.php.
CVE-2010-2544 1 Cacti 1 Cacti 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in utilities.php in Cacti before 0.8.7g, as used in Red Hat High Performance Computing (HPC) Solution and other products, allows remote attackers to inject arbitrary web script or HTML via the filter parameter.
CVE-2010-2574 1 Mantisbt 1 Mantisbt 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in manage_proj_cat_add.php in MantisBT 1.2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the name parameter in an Add Category action.
CVE-2010-2615 1 Grafik-power 1 Grafik Cms 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in admin/admin.php in Grafik CMS 1.1.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) page_menu and (2) description parameters in an edit_page action.
CVE-2010-2617 1 Paul Mcenery 1 Php Bible Search 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in bible.php in PHP Bible Search allows remote attackers to inject arbitrary web script or HTML via the chapter parameter.
CVE-2010-2636 1 Ibm 1 Websphere Commerce 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in sample store pages in IBM WebSphere Commerce 7.0 before 7.0.0.1 allow remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVE-2010-2669 1 Novo-ws 1 Orbis Cms 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in admin/editors/text/editor-body.php in Orbis CMS 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter.
CVE-2010-2671 1 Ez 1 Ez Publish 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in advancedsearch.php in eZ Publish 3.7.0 through 4.2.0 allows remote attackers to inject arbitrary web script or HTML via the subTreeItem parameter.
CVE-2010-2675 1 Alanzard 1 Tsoka\ 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in index.php in TSOKA:CMS 1.1, 1.9, and 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter in an articolo action.