Security Vulnerabilities, CVEs, Published In June 2010 (XSS)

CVE-2010-2514

Cross-site scripting (XSS) vulnerability in the JFaq (com_jfaq) component 1.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the question parameter in an add2 action to index.php.
Max CVSS
4.3
EPSS Score
0.16%
Published
2010-06-28
Updated
2010-06-29

CVE-2010-2509

Multiple cross-site scripting (XSS) vulnerabilities in 2daybiz Web Template Software allow remote attackers to inject arbitrary web script or HTML via the (1) keyword parameter to category.php and the (2) password parameter to memberlogin.php.
Max CVSS
4.3
EPSS Score
0.13%
Published
2010-06-28
Updated
2010-06-29

CVE-2010-2506

Cross-site scripting (XSS) vulnerability in debug.cgi in Linksys WAP54Gv3 firmware 3.05.03 and 3.04.03 allows remote attackers to inject arbitrary web script or HTML via the data1 parameter.
Max CVSS
2.9
EPSS Score
0.13%
Published
2010-06-28
Updated
2018-10-10

CVE-2010-2503

Multiple cross-site scripting (XSS) vulnerabilities in Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) redirects, aka SPL-31067; (2) unspecified "user->user or user->admin" vectors, aka SPL-31084; or (3) unspecified "user input," aka SPL-31085.
Max CVSS
4.3
EPSS Score
0.10%
Published
2010-06-28
Updated
2010-06-29

CVE-2010-2464

Multiple cross-site scripting (XSS) vulnerabilities in the RSComments (com_rscomments) component 1.0.0 Rev 2 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) website and (2) name parameters to index.php.
Max CVSS
4.3
EPSS Score
0.77%
Published
2010-06-25
Updated
2017-08-17

CVE-2010-2463

Cross-site scripting (XSS) vulnerability in forum.php in Jamroom before 4.1.9 allows remote attackers to inject arbitrary web script or HTML via the post_id parameter in a modify action.
Max CVSS
4.3
EPSS Score
0.25%
Published
2010-06-25
Updated
2010-06-28

CVE-2010-2458

Cross-site scripting (XSS) vulnerability in video.php in 2daybiz Video Community Portal Script 1.0 allows remote attackers to inject arbitrary web script or HTML via the videoid parameter.
Max CVSS
4.3
EPSS Score
0.46%
Published
2010-06-25
Updated
2017-08-17

CVE-2010-2457

Cross-site scripting (XSS) vulnerability in index.php in K-Search allows remote attackers to inject arbitrary web script or HTML via the term parameter.
Max CVSS
4.3
EPSS Score
0.22%
Published
2010-06-25
Updated
2010-07-13

CVE-2010-2437

Cross-site scripting (XSS) vulnerability in class/tools.class.php in AneCMS Blog 1.3 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the comment variable to modules/blog/index.php.
Max CVSS
4.3
EPSS Score
0.20%
Published
2010-06-24
Updated
2018-10-10

CVE-2010-2433

Multiple cross-site scripting (XSS) vulnerabilities in content/internalError.jsp in IBM WebSphere ILOG JRules 6.7 allow remote attackers to inject arbitrary web script or HTML via an RTS URL to (1) explore/explore.jsp, (2) compose/compose.jsp, or (3) home.jsp in faces/.
Max CVSS
4.3
EPSS Score
0.40%
Published
2010-06-24
Updated
2017-08-17

CVE-2010-2429

Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.1.2, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer in a "404 Not Found" response.
Max CVSS
4.3
EPSS Score
0.22%
Published
2010-06-24
Updated
2021-07-23

CVE-2010-2428

Cross-site scripting (XSS) vulnerability in admin_loginok.html in the Administrator web interface in Wing FTP Server for Windows 3.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted POST request.
Max CVSS
4.3
EPSS Score
2.59%
Published
2010-06-24
Updated
2017-08-17

CVE-2010-2422

Cross-site scripting (XSS) vulnerability in PortalTransforms in Plone 2.1 through 3.3.4 before hotfix 20100612 allows remote attackers to inject arbitrary web script or HTML via the safe_html transform.
Max CVSS
4.3
EPSS Score
0.14%
Published
2010-06-24
Updated
2010-06-24

CVE-2010-2356

Cross-site scripting (XSS) vulnerability in subscribe.php in Pilot Group (PG) eLMS Pro allows remote attackers to inject arbitrary web script or HTML via the course_id parameter.
Max CVSS
4.3
EPSS Score
0.22%
Published
2010-06-21
Updated
2017-08-17

CVE-2010-2355

Cross-site scripting (XSS) vulnerability in error.php in Pilot Group (PG) eLMS Pro allows remote attackers to inject arbitrary web script or HTML via the message parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
4.3
EPSS Score
0.22%
Published
2010-06-21
Updated
2017-08-17

CVE-2010-2344

Multiple cross-site scripting (XSS) vulnerabilities in odCMS 1.06, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the Page parameter to (1) _main/index.php, (2) _members/index.php, (3) _forum/index.php, (4) _docs/index.php, and (5) _announcements/index.php.
Max CVSS
4.3
EPSS Score
0.31%
Published
2010-06-21
Updated
2017-08-17

CVE-2010-2325

Cross-site scripting (XSS) vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related in part to "URL injection."
Max CVSS
4.3
EPSS Score
0.12%
Published
2010-06-18
Updated
2010-06-24

CVE-2010-2318

Cross-site scripting (XSS) vulnerability in cms_data.php in PHPCityPortal 1.3 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
Max CVSS
4.3
EPSS Score
0.21%
Published
2010-06-17
Updated
2010-06-18

CVE-2010-2316

Multiple cross-site scripting (XSS) vulnerabilities in default.asp in WmsCms 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) search, (2) sbr, (3) p, and (4) sbl parameters, different vectors than CVE-2007-3137.
Max CVSS
4.3
EPSS Score
0.60%
Published
2010-06-17
Updated
2010-06-18

CVE-2010-2301

Cross-site scripting (XSS) vulnerability in editing/markup.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to inject arbitrary web script or HTML via vectors related to the node.innerHTML property of a TEXTAREA element. NOTE: this might overlap CVE-2010-1762.
Max CVSS
4.3
EPSS Score
0.22%
Published
2010-06-15
Updated
2020-08-06

CVE-2010-2292

Cross-site scripting (XSS) vulnerability in the Ping tools web interface in Dlink Di-604 router allows remote attackers to inject arbitrary web script or HTML via the IP field.
Max CVSS
4.3
EPSS Score
0.19%
Published
2010-06-15
Updated
2018-10-10

CVE-2010-2290

Cross-site scripting (XSS) vulnerability in cgi-bin/cgix/help in McAfee Unified Threat Management (UTM) Firewall (formerly SnapGear) firmware 3.0.0 through 4.0.6 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
Max CVSS
4.3
EPSS Score
0.42%
Published
2010-06-15
Updated
2018-10-10

CVE-2010-2288

Cross-site scripting (XSS) vulnerability in dana/nc/ncrun.cgi in Juniper Networks IVE 6.5R1 (Build 14599) and 6.5R2 (Build 14951) allows remote attackers to inject arbitrary web script or HTML via the DSSignInURL cookie.
Max CVSS
4.3
EPSS Score
0.37%
Published
2010-06-15
Updated
2018-10-10

CVE-2010-2281

Multiple cross-site scripting (XSS) vulnerabilities in index.php in TomatoCMS 2.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) keyword or (2) bannerid parameter in conjunction with a /admin/ad/banner/list PATH_INFO; and allow remote authenticated users, with certain privileges, to inject arbitrary web script or HTML via the (3) title or (4) answers parameter in conjunction with a /admin/poll/add PATH_INFO, or the (5) name parameter in conjunction with a /admin/category/add PATH_INFO.
Max CVSS
4.3
EPSS Score
0.11%
Published
2010-06-15
Updated
2010-06-16

CVE-2010-2277

Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Connections 2.5.x before 2.5.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) create or (2) edit form in the Communities component, the (3) verbiage field in the Bookmarks component, or (4) unspecified vectors related to the Mobile Blogs component.
Max CVSS
4.3
EPSS Score
0.17%
Published
2010-06-15
Updated
2010-06-16
75 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close