Total
34410 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-4240 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-11-21 | 6.1 Medium |
| Tiki Wiki CMS Groupware 5.2 has XSS | ||||
| CVE-2010-4220 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in the Integrated Solution Console in the Administrative Console component in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related in part to "URL injection." | ||||
| CVE-2010-4219 | 1 Ibm | 1 Websphere Portal | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in SemanticTagService.js in IBM WebSphere Portal 6.1.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2010-4209 | 2 Mozilla, Yahoo | 2 Bugzilla, Yui | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.8.1, as used in Bugzilla 3.7.1 through 3.7.3 and 4.1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore/swfstore.swf. | ||||
| CVE-2010-4208 | 3 Moodle, Mozilla, Yahoo | 3 Moodle, Bugzilla, Yui | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader/assets/uploader.swf. | ||||
| CVE-2010-4207 | 3 Moodle, Mozilla, Yahoo | 3 Moodle, Bugzilla, Yui | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to charts/assets/charts.swf. | ||||
| CVE-2010-4183 | 2 Htmlpurifier, Microsoft | 2 Htmlpurifier, Internet Explorer | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in HTML Purifier before 4.1.0, when Internet Explorer is used, allow remote attackers to inject arbitrary web script or HTML via a crafted (1) background-image, (2) background, or (3) font-family Cascading Style Sheets (CSS) property, a different vulnerability than CVE-2010-2479. | ||||
| CVE-2010-4172 | 2 Apache, Redhat | 3 Tomcat, Enterprise Linux, Jboss Enterprise Web Server | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Manager application in Apache Tomcat 6.0.12 through 6.0.29 and 7.0.0 through 7.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) orderBy or (2) sort parameter to sessionsList.jsp, or unspecified input to (3) sessionDetail.jsp or (4) java/org/apache/catalina/manager/JspHelper.java, related to use of untrusted web applications. | ||||
| CVE-2010-4155 | 1 Exv2 | 1 Exv2 | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2.10 allow remote attackers to inject arbitrary web script or HTML via the (1) rssfeedURL parameter to manual/caferss/example.php and the sumb parameter to (2) modules/news/archive.php, (3) modules/news/topics.php, and (4) modules/contact/index.php, different vectors than CVE-2007-1965. | ||||
| CVE-2010-4146 | 1 Attachmate | 1 Reflection For The Web | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Attachmate Reflection for the Web 2008 R2 (builds 10.1.569 and earlier), 2008 R1, and 9.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2010-4120 | 1 Ibm | 1 Tivoli Access Manager For E-business | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the TAM console in IBM Tivoli Access Manager for e-business 6.1.0 before 6.1.0-TIV-TAM-FP0006 allow remote attackers to inject arbitrary web script or HTML via (1) the parm1 parameter to ivt/ivtserver, or the method parameter to (2) acl, (3) domain, (4) group, (5) gso, (6) gsogroup, (7) os, (8) pop, (9) rule, (10) user, or (11) webseal in ibm/wpm/. | ||||
| CVE-2010-4114 | 2 Hp, Microsoft | 2 Discovery\&dependency Mapping Inventory, Windows | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in HP Discovery & Dependency Mapping Inventory (DDMI) 2.5x, 7.5x, and 7.6x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2010-4111 | 3 Hp, Linux, Microsoft | 3 Insight Diagnostics, Linux Kernel, Windows | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics Online Edition before 8.5.1.3712 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2010-4109 | 1 Hp | 1 Palm Webos | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in the Contacts Application in HP Palm webOS before 2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted vCard file. | ||||
| CVE-2010-4101 | 1 Hp | 1 Insight Recovery | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in HP Insight Recovery before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2010-4097 | 1 Avatic | 1 Aardvark Topsites Php | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Aardvark Topsites PHP 5.2.0 and 5.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) mail, (2) title, (3) u, and (4) url parameters. NOTE: the q parameter is already covered by CVE-2009-2302. | ||||
| CVE-2010-4071 | 1 Otrs | 1 Otrs | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in AgentTicketZoom in OTRS 2.4.x before 2.4.9, when RichText is enabled, allows remote attackers to inject arbitrary web script or HTML via JavaScript in an HTML e-mail. | ||||
| CVE-2010-4047 | 1 Opera | 1 Opera Browser | 2024-11-21 | N/A |
| Opera before 10.63 does not properly select the security context of JavaScript code associated with an error page, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site. | ||||
| CVE-2010-4030 | 1 Hp | 1 Insight Control Performance Management | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in HP Insight Control Performance Management before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2010-4023 | 1 Hp | 1 Insight Control Power Management | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in HP Insight Control Power Management before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||