Total
34410 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-3274 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in the Employee Search Engine in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allow remote attackers to inject arbitrary web script or HTML via the searchString parameter in a (1) showList or (2) Search action. | ||||
| CVE-2010-3266 | 1 Ifdefined | 1 Bugtracker.net | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in BugTracker.NET before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via (1) the pcd parameter to edit_bug.aspx, (2) the bug_id parameter to edit_comment.aspx, (3) the id parameter to edit_user_permissions2.aspx, or (4) the default_name parameter to edit_customfield.aspx. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2010-3263 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in setup/frames/index.inc.php in the setup script in phpMyAdmin 3.x before 3.3.7 allows remote attackers to inject arbitrary web script or HTML via a server name. | ||||
| CVE-2010-3262 | 1 Flock | 1 Flock | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Flock Browser 3.x before 3.0.0.4114 allows remote attackers to inject arbitrary web script or HTML via a crafted RSS feed. | ||||
| CVE-2010-3243 | 1 Microsoft | 8 Internet Explorer, Sharepoint Server, Sharepoint Services and 5 more | 2024-11-21 | 4.3 Medium |
| Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "HTML Sanitization Vulnerability." | ||||
| CVE-2010-3208 | 1 Wiccle | 1 Wiccle Web Builder | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in ajax.php in Wiccle Web Builder (WWB) 1.00 and 1.0.1 allows remote attackers to inject arbitrary web script or HTML via the post_text parameter in a site custom_search action to index.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2010-3202 | 1 Flock | 1 Flock | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Flock Browser 3.0.0.3989 allows remote attackers to inject arbitrary web script or HTML via a crafted bookmark. | ||||
| CVE-2010-3201 | 1 Netwin | 1 Surgemail | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in NetWin Surgemail before 4.3g allows remote attackers to inject arbitrary web script or HTML via the username_ex parameter to the surgeweb program. | ||||
| CVE-2010-3177 | 2 Mozilla, Redhat | 3 Firefox, Seamonkey, Enterprise Linux | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Gopher parser in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, and SeaMonkey before 2.0.9, allow remote attackers to inject arbitrary web script or HTML via a crafted name of a (1) file or (2) directory on a Gopher server. | ||||
| CVE-2010-3094 | 1 Drupal | 1 Drupal | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.18 allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) an action description, (2) an action message, (3) a node, or (4) a taxonomy term, related to the actions feature and the trigger module. | ||||
| CVE-2010-3089 | 2 Gnu, Redhat | 2 Mailman, Enterprise Linux | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman before 2.1.14rc1 allow remote authenticated users to inject arbitrary web script or HTML via vectors involving (1) the list information field or (2) the list description field. | ||||
| CVE-2010-3082 | 1 Djangoproject | 1 Django | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Django 1.2.x before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via a csrfmiddlewaretoken (aka csrf_token) cookie. | ||||
| CVE-2010-3077 | 1 Horde | 1 Horde Application Framework | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in util/icon_browser.php in the Horde Application Framework before 3.3.9 allows remote attackers to inject arbitrary web script or HTML via the subdir parameter. | ||||
| CVE-2010-3070 | 1 Dietrich Ayala | 1 Nusoap | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in NuSOAP 0.9.5, as used in MantisBT and other products, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to an arbitrary PHP script that uses NuSOAP classes. | ||||
| CVE-2010-3056 | 1 Phpmyadmin | 1 Phpmyadmin | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.11.x before 2.11.10.1 and 3.x before 3.3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) db_search.php, (2) db_sql.php, (3) db_structure.php, (4) js/messages.php, (5) libraries/common.lib.php, (6) libraries/database_interface.lib.php, (7) libraries/dbi/mysql.dbi.lib.php, (8) libraries/dbi/mysqli.dbi.lib.php, (9) libraries/db_info.inc.php, (10) libraries/sanitizing.lib.php, (11) libraries/sqlparser.lib.php, (12) server_databases.php, (13) server_privileges.php, (14) setup/config.php, (15) sql.php, (16) tbl_replace.php, and (17) tbl_sql.php. | ||||
| CVE-2010-3025 | 1 Tomaz-muraus | 1 Open Blog | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Tomaz Muraus Open Blog 1.2.1, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) excerpt parameter to application/modules/admin/controllers/posts.php, as reachable by admin/posts/edit; and the (2) content parameter to application/modules/admin/controllers/pages.php, as reachable by admin/posts/edit. | ||||
| CVE-2010-3023 | 1 Hulihanapplications | 1 Diamondlist | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in DiamondList 0.1.6, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) category[description] parameter to user/main/update_category, which is not properly handled by _app/views/categories/index.html.erb; and the (2) setting[site_title] parameter to user/main/update_settings, which is not properly handled by _app/views/settings/_list_settings.rhtml. | ||||
| CVE-2010-3022 | 1 Drupal | 1 Devel Module | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in the Performance logging module in the Devel module 5.x before 5.x-1.3 and 6.x before 6.x-1.21 for Drupal allows remote authenticated users, with add url aliases and report access permissions, to inject arbitrary web script or HTML via crafted node paths in a URL. | ||||
| CVE-2010-3012 | 1 Hp | 1 System Management Homepage | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue was originally assigned CVE-2010-3010 due to a CNA error. | ||||
| CVE-2010-3010 | 1 Hp | 2 3com Officeconnect Gigabit Vpn Firewall Software, 3crevf100-73 | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability on the HP 3Com OfficeConnect Gigabit VPN Firewall 3CREVF100-73 with firmware before 1.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: a separate XSS issue for HP System Management Homepage (SMH) was originally assigned CVE-2010-3010 due to a CNA error, but CVE-2010-3012 is the appropriate identifier for the SMH issue. | ||||