Total
34410 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-1584 | 2 Drupal, Steven Jones | 2 Drupal, Context | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in the Context module before 6.x-2.0-rc4 for Drupal allows remote authenticated users, with Administer Blocks privileges, to inject arbitrary web script or HTML via a block description. | ||||
| CVE-2010-1557 | 1 Hp | 1 Insight Control Server Migration For Windows | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in HP Insight Control Server Migration before 6.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2010-1543 | 2 Drupal, Etracker | 2 Drupal, Etracker | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in the eTracker module before 6.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML by appending a crafted string to an arbitrary URL associated with the Drupal site. | ||||
| CVE-2010-1541 | 1 Dragonfrugal | 1 Dfd Cart | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in DFD Cart 1.198, 1.197, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) category and (2) list_quantity parameters to index.php, and the (3) category parameter to your.order.php. | ||||
| CVE-2010-1539 | 2 Drupal, John Vandyk | 2 Drupal, Workflow | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in the Workflow module 5.x-2.x before 5.x-2.6 and 6.x-1.x before 6.x-1.4 for Drupal, when used with the Token module, might allow remote authenticated users to inject arbitrary web script or HTML via a certain Comment field. | ||||
| CVE-2010-1536 | 2 Drupal, Mearra | 2 Drupal, Addthis | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in the AddThis Button module 5.x before 5.x-2.2 and 6.x before 6.x-2.9 for Drupal allows remote authenticated users, with administer addthis privileges, to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2010-1530 | 2 Drupal, Reyero | 2 Drupal, I18n | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Internationalization module 6.x before 6.x-1.4 for Drupal allow remote authenticated users, with translate interface or administer blocks privileges, to inject arbitrary web script or HTML via (1) strings used in block translation or (2) the untranslated input. | ||||
| CVE-2010-1520 | 1 Taskfreak | 1 Taskfreak\! | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in logout.php in TaskFreak! Original multi user before 0.6.4 allows remote attackers to inject arbitrary web script or HTML via the tznMessage parameter. | ||||
| CVE-2010-1515 | 1 Tomatocms | 1 Tomatocms | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in TomatoCMS 2.0.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) keyword or (2) article-id parameter in conjunction with a /admin/news/article/list PATH_INFO; the (3) keyword parameter in conjunction with a /admin/multimedia/set/list PATH_INFO; the (4) keyword or (5) fileId parameter in conjunction with a /admin/multimedia/file/list PATH_INFO; or the (6) name, (7) email, or (8) address parameter in conjunction with a /admin/ad/client/list PATH_INFO. | ||||
| CVE-2010-1504 | 1 Google | 1 Chrome | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Google Chrome before 4.1.249.1059 allows remote attackers to inject arbitrary web script or HTML via vectors related to a chrome://downloads URI. | ||||
| CVE-2010-1503 | 1 Google | 1 Chrome | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Google Chrome before 4.1.249.1059 allows remote attackers to inject arbitrary web script or HTML via vectors related to a chrome://net-internals URI. | ||||
| CVE-2010-1497 | 1 Clausvb | 1 Dl Stats | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in download_proc.php in dl_stats before 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | ||||
| CVE-2010-1489 | 1 Microsoft | 1 Internet Explorer | 2024-11-21 | N/A |
| The XSS Filter in Microsoft Internet Explorer 8 does not properly perform neutering for the SCRIPT tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, a different issue than CVE-2009-4074. | ||||
| CVE-2010-1486 | 1 Cactushop | 1 Cactushop | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in _invoice.asp in CactuShop before 6.155 allow remote attackers to inject arbitrary web script or HTML via the (1) billing address or (2) shipping address. | ||||
| CVE-2010-1482 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/editprefs.php in the backend in CMS Made Simple (CMSMS) before 1.7.1 might allow remote attackers to inject arbitrary web script or HTML via the date_format_string parameter. | ||||
| CVE-2010-1481 | 1 Pmwiki | 1 Pmwiki | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in the table feature in PmWiki 2.2.15 allows remote authenticated users to inject arbitrary web script or HTML via the width attribute. | ||||
| CVE-2010-1464 | 1 Webasyst | 1 Shop-script | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WebAsyst Shop-Script FREE allow remote attackers to inject arbitrary web script or HTML via the (1) currency_id_left, (2) currency_id_right, (3) darkcolor, (4) lightcolor, (5) middlecolor, and (6) w parameters. | ||||
| CVE-2010-1459 | 1 Mono | 1 Mono | 2024-11-21 | N/A |
| The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by the __VIEWSTATE parameter to 2.0/menu/menu1.aspx in the XSP sample project. | ||||
| CVE-2010-1453 | 2 Matomo, Piwik | 2 Matomo, Piwik | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in the Login form in Piwik 0.1.6 through 0.5.5 allows remote attackers to inject arbitrary web script or HTML via the form_url parameter. | ||||
| CVE-2010-1448 | 1 Malcom Box | 1 Lxr Cross Referencer | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in lib/LXR/Common.pm in LXR Cross Referencer before 0.9.8 allows remote attackers to inject arbitrary web script or HTML via vectors related to a string in the search page's TITLE element, a different vulnerability than CVE-2009-4497 and CVE-2010-1625. | ||||