Search Results (47438 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2010-2080 1 Otrs 1 Otrs 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before 2.4.8 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-2091 1 Microsoft 3 Exchange Server, Internet Explorer, Windows Server 2003 2025-04-11 N/A
Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which might allow remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via an invalid value.
CVE-2010-2464 2 Joomla, Rsjoomla 2 Joomla\!, Com Rscomments 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the RSComments (com_rscomments) component 1.0.0 Rev 2 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) website and (2) name parameters to index.php.
CVE-2010-2344 1 Odcms 1 Odcms 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in odCMS 1.06, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the Page parameter to (1) _main/index.php, (2) _members/index.php, (3) _forum/index.php, (4) _docs/index.php, and (5) _announcements/index.php.
CVE-2010-2229 1 Moodle 1 Moodle 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in blog/index.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.
CVE-2010-2230 1 Moodle 1 Moodle 2025-04-11 N/A
The KSES text cleaning filter in lib/weblib.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 does not properly handle vbscript URIs, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via HTML input.
CVE-2010-0704 1 Ibm 1 Websphere Portal 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the Portlet Palette in IBM WebSphere Portal 6.0.1.5 wp6015_008_01 allows remote attackers to inject arbitrary web script or HTML via the search field.
CVE-2010-1275 1 Bbsxp 1 Bbsxp 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in ShowPost.asp in BBSXP 2008 allows remote attackers to inject arbitrary web script or HTML via the ThreadID parameter.
CVE-2010-0716 1 Microsoft 1 Sharepoint Server 2025-04-11 N/A
_layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading TXT files, a related issue to CVE-2008-5026. NOTE: the vendor disputes the significance of this issue, because cross-domain isolation can be implemented when needed.
CVE-2010-2355 1 Pilotgroup 1 Elms Pro 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in error.php in Pilot Group (PG) eLMS Pro allows remote attackers to inject arbitrary web script or HTML via the message parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2010-2480 1 Makotemplates 1 Mako 2025-04-11 N/A
Mako before 0.3.4 relies on the cgi.escape function in the Python standard library for cross-site scripting (XSS) protection, which makes it easier for remote attackers to conduct XSS attacks via vectors involving single-quote characters and a JavaScript onLoad event handler for a BODY element.
CVE-2010-2356 1 Pilotgroup 1 Elms Pro 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in subscribe.php in Pilot Group (PG) eLMS Pro allows remote attackers to inject arbitrary web script or HTML via the course_id parameter.
CVE-2009-4697 1 Radscripts 1 Radnics 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php in RadNICS Gold 5 allow remote attackers to inject arbitrary web script or HTML via the (1) order parameter in a ulist action and the (2) fid parameter in a view_forum action.
CVE-2010-1427 1 Modxcms 1 Evolution 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the SearchHighlight plugin in MODx Evolution before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to AjaxSearch.
CVE-2010-2125 2 Drupal, Systemseed 2 Drupal, Rotor 2025-04-11 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Rotor Banner module 5.x before 5.x-1.8 and 6.x before 6.x-2.5 for Drupal allow remote authenticated users, with "create rotor item" or "edit any rotor item" privileges, to inject arbitrary web script or HTML via the (1) srs, (2) title, or (3) alt image attribute.
CVE-2010-2130 1 Arisglobal 1 Arisg 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in wflogin.jsp in Aris Global ARISg 5.0 allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter.
CVE-2009-4716 1 Edgephp 1 Ezwebsearch 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in results.php in EDGEPHP EZWebSearch allows remote attackers to inject arbitrary web script or HTML via the language parameter.
CVE-2011-4564 1 Activedev 1 Active Cms 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in the admin script in Active CMS 1.2 allows remote attackers to inject arbitrary web script or HTML via the mod parameter in a module action.
CVE-2013-0492 1 Ibm 1 Informix Open Admin Tool 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in IBM Informix Open Admin Tool (OAT) 2.x and 3.x before 3.11.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
CVE-2013-6322 1 Ibm 1 Sterling Selling And Fulfillment Foundation 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Sterling Order Management in IBM Sterling Selling and Fulfillment Suite 8.0 before HF128 and 8.5 before HF93 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.