Total
34410 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-0321 | 1 Jamit | 1 Jamit Job Board | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in jobs/index.php in Jamit Job Board 3.0 allows remote attackers to inject arbitrary web script or HTML via the post_id parameter. | ||||
| CVE-2010-0320 | 1 X10media | 1 Glitter Central Script | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in submitlink.php in Glitter Central Script allows remote attackers to inject arbitrary web script or HTML via the catid parameter. | ||||
| CVE-2010-0319 | 1 Docmint | 1 Docmint | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Docmint 1.0 and 2.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2010-0190 | 4 Adobe, Apple, Microsoft and 1 more | 5 Acrobat, Acrobat Reader, Mac Os X and 2 more | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2010-0171 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2024-11-21 | N/A |
| Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allow remote attackers to perform cross-origin keystroke capture, and possibly conduct cross-site scripting (XSS) attacks, by using the addEventListener and setTimeout functions in conjunction with a wrapped object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2007-3736. | ||||
| CVE-2010-0170 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A |
| Mozilla Firefox 3.6 before 3.6.2 does not offer plugins the expected window.location protection mechanism, which might allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via vectors that are specific to each affected plugin. | ||||
| CVE-2010-0162 | 2 Mozilla, Redhat | 3 Firefox, Seamonkey, Enterprise Linux | 2024-11-21 | N/A |
| Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly support the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving SVG and the EMBED element, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via an embedded SVG document. | ||||
| CVE-2010-0152 | 1 Ibm | 2 Proventia Network Mail Security System Virtual Appliance, Proventia Network Mail Security System Virtual Appliance Firmware | 2024-11-21 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5.0.2 allow remote attackers to inject arbitrary web script or HTML via (1) the date1 parameter to pvm_messagestore.php, (2) the userfilter parameter to pvm_user_management.php, (3) the ping parameter to sys_tools.php in a sys_ping.php action, (4) the action parameter to pvm_cert_commaction.php, (5) the action parameter to pvm_cert_serveraction.php, (6) the action parameter to pvm_smtpstore.php, (7) the l parameter to sla/index.php, or (8) unspecified stored data; and allow remote authenticated users to inject arbitrary web script or HTML via (9) saved search filters. | ||||
| CVE-2010-0132 | 1 Viewvc | 1 Viewvc | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in ViewVC 1.1 before 1.1.5 and 1.0 before 1.0.11, when the regular expression search functionality is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to "search_re input," a different vulnerability than CVE-2010-0736. | ||||
| CVE-2009-5159 | 2 Invisioncommunity, Microsoft | 2 Invision Power Board, Internet Explorer | 2024-11-21 | 6.1 Medium |
| Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, when Internet Explorer 5 is used, allows XSS via a .txt attachment. | ||||
| CVE-2009-5145 | 1 Zope | 1 Zope | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in ZMI pages that use the manage_tabs_message in Zope 2.11.4, 2.11.2, 2.10.9, 2.10.7, 2.10.6, 2.10.5, 2.10.4, 2.10.2, 2.10.1, 2.12. | ||||
| CVE-2009-5142 | 2 Binarymoon, Prothemedesign | 2 Timthumb, Mimbo Pro | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb 1.09 and earlier, as used in Mimbo Pro 2.3.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the src parameter. | ||||
| CVE-2009-5113 | 1 Iwork | 1 Webglimpse | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the DOC parameter. | ||||
| CVE-2009-5103 | 1 Atcom | 1 Netvolution | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in ATCOM Netvolution 1.0 ASP allows remote attackers to inject arbitrary web script or HTML via the email variable. | ||||
| CVE-2009-5099 | 1 Pentaho | 1 Bi Server | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in ViewAction in Pentaho BI Server 1.7.0.1062 and earlier allows remote attackers to inject arbitrary web script or HTML via the outputType parameter. | ||||
| CVE-2009-5096 | 2 Drupal, Khalid Baheyeldin | 2 Drupal, Flag Content | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in the Flag Content module 5.x-2.x before 5.x-2.10 for Drupal allows remote attackers to inject arbitrary web script or HTML via the Reason parameter. | ||||
| CVE-2009-5092 | 1 Microsoft | 2 Fast Esp, Sharepoint Server | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in the management interface in Microsoft FAST ESP 5.1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-5086 | 1 Juniper | 1 Idp | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Appliance Configuration Manager (ACM) in Juniper IDP 4.1 before 4.1r3 and 4.2 before 4.2r1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2009-5065 | 1 Mark Pilgrim | 1 Feedparser | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) before 5.0 allows remote attackers to inject arbitrary web script or HTML via vectors involving nested CDATA stanzas. | ||||
| CVE-2009-5049 | 2 Debian, Mortbay | 2 Debian Linux, Jetty | 2024-11-21 | 6.1 Medium |
| WebApp JSP Snoop page XSS in jetty though 6.1.21. | ||||