CVE & Exploit Intelligence Database

CVE-2010-1358 EPSS 0.00

Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio) module 5.x through 5.x-1.17 and 6.x through 6.x-1.9 for Drupal allows remote authenticated users, with "administer biblio" privileges, to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Apr 13, 2010

CVE-2010-1357 EPSS 0.00

Cross-site scripting (XSS) vulnerability in editors/logindialogue.php in SBD Directory Software 4.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

CWE-79 Apr 13, 2010

CVE-2010-1355 EPSS 0.00

Cross-site scripting (XSS) vulnerability on the TANDBERG Video Communication Server (VCS) before X5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Reference ID 66316.

CWE-79 Apr 13, 2010

CVE-2010-1339 EPSS 0.00

Cross-site scripting (XSS) vulnerability in ts_other.php in the Teamsite Hack plugin 3.0 and earlier for WoltLab Burning Board allows remote attackers to inject arbitrary web script or HTML via the userid parameter in a modboard action, which is not properly handled in a forced SQL error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CWE-79 Apr 09, 2010

CVE-2010-1333 EPSS 0.01

Multiple cross-site scripting (XSS) vulnerabilities in Almas Inc. Compiere J300_A02 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Apr 09, 2010

CVE-2010-1332 EPSS 0.00

Cross-site scripting (XSS) vulnerability in PrettyBook PrettyFormMail allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Apr 09, 2010

CVE-2010-1303 EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy Filter module 6.x before 6.x-1.1 for Drupal allow remote authenticated users, with administer taxonomy permissions or create node permissions when free tagging is enabled, to inject arbitrary web script or HTML via vocabulary (1) names, (2) terms, and (3) filter menus.

CWE-79 Apr 08, 2010

CVE-2010-1186 1 PoC Analysis EPSS 0.01

Cross-site scripting (XSS) vulnerability in xml/media-rss.php in the NextGEN Gallery plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the mode parameter.

CWE-79 Apr 07, 2010

CVE-2010-1276 EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in BBSXP 2008 SP2 allow remote attackers to inject arbitrary web script or HTML via the URI in a request to (1) AddPost.asp, (2) AddTopic.asp, (3) Admin_Default.asp, (4) Bank.asp, (5) Manage.asp, and (6) ShowPost.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CWE-79 Apr 06, 2010

CVE-2010-1275 EPSS 0.00

Cross-site scripting (XSS) vulnerability in ShowPost.asp in BBSXP 2008 allows remote attackers to inject arbitrary web script or HTML via the ThreadID parameter.

CWE-79 Apr 06, 2010

CVE-2010-1274 EPSS 0.00

Cross-site scripting (XSS) vulnerability in Emweb Wt before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to "insertions of the URL" that occur during a redirection.

CWE-79 Apr 06, 2010

CVE-2010-0684 EPSS 0.00

Cross-site scripting (XSS) vulnerability in createDestination.action in Apache ActiveMQ before 5.3.1 allows remote authenticated users to inject arbitrary web script or HTML via the JMSDestination parameter in a queue action.

CWE-79 Apr 05, 2010

CVE-2010-1242 EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in the IBM Web Interface for Content Management (aka WEBi) before 1.0.4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Apr 05, 2010

CVE-2010-0828 EPSS 0.01

Cross-site scripting (XSS) vulnerability in action/Despam.py in the Despam action module in MoinMoin 1.8.7 and 1.9.2 allows remote authenticated users to inject arbitrary web script or HTML by creating a page with a crafted URI.

CWE-79 Apr 05, 2010

CVE-2010-1236 EPSS 0.01

The protocolIs function in platform/KURLGoogle.cpp in WebCore in WebKit before r55822, as used in Google Chrome before 4.1.249.1036 and Flock Browser 3.x before 3.0.0.4112, does not properly handle whitespace at the beginning of a URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted javascript: URL, as demonstrated by a \x00javascript:alert sequence.

CWE-79 Apr 01, 2010

CVE-2010-1227 EPSS 0.00

Cross-site scripting (XSS) vulnerability in Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to inject arbitrary web script or HTML via the subject field of a message, as demonstrated by a subject containing an IMG element with a SRC attribute that performs a cross-site request forgery (CSRF) attack involving the cmd and argv parameters to cmd.msc.

CWE-79 Apr 01, 2010

CVE-2010-1193 EPSS 0.00

Cross-site scripting (XSS) vulnerability in WebAccess in VMware Server 2.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to JSON error messages.

CWE-79 Apr 01, 2010

CVE-2010-1137 EPSS 0.01

Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5, and the Server Console in VMware Server 1.0, allows remote attackers to inject arbitrary web script or HTML via the name of a virtual machine.

CWE-79 Apr 01, 2010

CVE-2010-0768 EPSS 0.00

Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before 6.1.0.31, and 7.0 before 7.0.0.9 allows remote attackers to inject arbitrary web script or HTML via the URI.

CWE-79 Apr 01, 2010

CVE-2009-2277 EPSS 0.00

Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "context data."

CWE-79 Apr 01, 2010