CVE-2010-0376
published 2010-01-21CVE-2010-0376: Cross-site scripting (XSS) vulnerability in product_list.php in JCE-Tech PHP Calendars, downloaded 2010-01-11, allows remote attackers to inject arbitrary web…
PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.50%
71.0th percentile
Cross-site scripting (XSS) vulnerability in product_list.php in JCE-Tech PHP Calendars, downloaded 2010-01-11, allows remote attackers to inject arbitrary web script or HTML via the cat parameter. NOTE: this issue is reportedly resultant from a forced SQL error message that occurs from exploitation of CVE-2010-0375.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
JCE-Tech Php Calendars Script Error Message product_list.php cat cross site scripting (EDB-11082 / XFDB-55517)
vuldb·2026-04-29·CVSS 4.3
CVE-2010-0376 [MEDIUM] JCE-Tech Php Calendars Script Error Message product_list.php cat cross site scripting (EDB-11082 / XFDB-55517)
A vulnerability described as problematic has been identified in JCE-Tech Php Calendars Script. Affected is an unknown function of the file product_list.php of the component Error Message Handler. Such manipulation of the argument cat leads to cross site scripting.
This vulnerability is traded as CVE-2010-0376. The attack may be launched remotely. Furthermore, there is an exploit available.
GHSA
GHSA-72fh-93mx-wg3m: Cross-site scripting (XSS) vulnerability in product_list
ghsa_unreviewed·2022-05-02·CVSS 7.5
CVE-2010-0376 [HIGH] CWE-79 GHSA-72fh-93mx-wg3m: Cross-site scripting (XSS) vulnerability in product_list
Cross-site scripting (XSS) vulnerability in product_list.php in JCE-Tech PHP Calendars, downloaded 2010-01-11, allows remote attackers to inject arbitrary web script or HTML via the cat parameter. NOTE: this issue is reportedly resultant from a forced SQL error message that occurs from exploitation of CVE-2010-0375.
No detection rules found.
Bugzilla
CVE-2010-1429 JBossEAP status servlet info leak
bugzilla·2010-04-26·CVSS 5.0
CVE-2010-1429 [MEDIUM] CVE-2010-1429 JBossEAP status servlet info leak
CVE-2010-1429 JBossEAP status servlet info leak
The JBoss Enterprise Application Platform 4.2.0.CP03 and 4.3.0.CP01 updates for Red Hat Enterprise Linux 4 and 5 fixed an issue (CVE-2008-3273) where unauthenticated users were able to access the status servlet; however, a bug fix included in the 4.2.0.CP06 and 4.3.0.CP04 updates re-introduced the issue.
A remote attacker could use this flaw to acquire details about deployed web contexts.
Discussion:
This issue has been addressed in following products:
JBEAP 4.2.0 for RHEL 4
Via RHSA-2010:0376 https://rhn.redhat.com/errata/RHSA-2010-0376.html
---
This issue has been addressed in following products:
JBEAP 4.3.0 for RHEL 4
Via RHSA-2010:0377 https://rhn.redhat.com/errata/RHSA-2010-0377.html
---
This issue has been addressed in follo
Bugzilla
CVE-2010-1428 JBoss Application Server Web Console Authentication bypass
bugzilla·2010-04-26·CVSS 7.5
CVE-2010-1428 [HIGH] CVE-2010-1428 JBoss Application Server Web Console Authentication bypass
CVE-2010-1428 JBoss Application Server Web Console Authentication bypass
Unauthenticated access to the JBoss Application Server Web Console (/web-console) is blocked by default. However, it was found that this block was incomplete, and only blocked GET and POST HTTP "verbs".
A remote attacker could use this flaw to gain access to sensitive information.
Discussion:
This issue has been addressed in following products:
JBEAP 4.2.0 for RHEL 4
Via RHSA-2010:0376 https://rhn.redhat.com/errata/RHSA-2010-0376.html
---
This issue has been addressed in following products:
JBEAP 4.3.0 for RHEL 4
Via RHSA-2010:0377 https://rhn.redhat.com/errata/RHSA-2010-0377.html
---
This issue has been addressed in following products:
JBEAP 4.2.0 for RHEL 5
Via RHSA-2010:0378 https://rhn.redhat.com/erra
http://packetstormsecurity.org/1001-exploits/phpcalendars-xss.txthttp://secunia.com/advisories/38036http://www.exploit-db.com/exploits/11082http://www.securityfocus.com/bid/40391https://exchange.xforce.ibmcloud.com/vulnerabilities/55517http://packetstormsecurity.org/1001-exploits/phpcalendars-xss.txthttp://secunia.com/advisories/38036http://www.exploit-db.com/exploits/11082http://www.securityfocus.com/bid/40391https://exchange.xforce.ibmcloud.com/vulnerabilities/55517
2010-01-21
Published