Exploit Intelligence Platform

CVE-2014-4516 EPSS 0.00

Cross-site scripting (XSS) vulnerability in bicm-carousel-preview.php in the BIC Media Widget plugin 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the param parameter.

CWE-79 Jul 01, 2014

CVE-2014-4515 EPSS 0.00

Cross-site scripting (XSS) vulnerability in mce_anyfont/dialog.php in the AnyFont plugin 2.2.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the text parameter.

CWE-79 Jul 01, 2014

CVE-2014-4513 NUCLEI EPSS 0.03

Multiple cross-site scripting (XSS) vulnerabilities in server/offline.php in the ActiveHelper LiveHelp Live Chat plugin 3.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) MESSAGE, (2) EMAIL, or (3) NAME parameter.

CWE-79 Jul 01, 2014

CVE-2014-2512 EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum eRoom 7.4.3, 7.4.4 before P19, and 7.4.4 SP1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Jul 01, 2014

CVE-2014-2006 EPSS 0.00

Cross-site scripting (XSS) vulnerability in Intercom Web Kyukincho 3.x before 3.0.030 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Jun 28, 2014

CVE-2013-6310 EPSS 0.00

Cross-site scripting (XSS) vulnerability in IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Jun 28, 2014

CVE-2014-3433 EPSS 0.00

Cross-site scripting (XSS) vulnerability in the management console in Symantec Data Insight 3.x and 4.x before 4.5 allows remote attackers to inject arbitrary web script or HTML via an unspecified form field, related to an "HTML script injection" issue.

CWE-79 Jun 27, 2014

CVE-2014-3432 EPSS 0.01

Cross-site scripting (XSS) vulnerability in the management console in Symantec Data Insight 3.x and 4.x before 4.5 allows remote attackers to inject arbitrary web script or HTML via an unspecified form field.

CWE-79 Jun 27, 2014

CVE-2014-4645 1 PoC Analysis EPSS 0.03

Cross-site scripting (XSS) vulnerability in dhcpinfo.html in D-link DSL-2760U-E1 allows remote attackers to inject arbitrary web script or HTML via a hostname.

CWE-79 Jun 25, 2014

CVE-2014-4349 EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.1.x before 4.1.14.1 and 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted table name that is improperly handled after a (1) hide or (2) unhide action.

CWE-79 Jun 25, 2014

CVE-2014-4348 EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.2.x before 4.2.4 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name that is improperly handled after presence in (a) the favorite list or (b) recent tables.

CWE-79 Jun 25, 2014

CVE-2014-4506 EPSS 0.00

Cross-site scripting (XSS) vulnerability in the Custom Meta module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.3 for Drupal allows remote authenticated users with the "administer custom meta settings" permission to inject arbitrary web script or HTML via the (1) attribute or (2) content value for a meta tag.

CWE-79 Jun 20, 2014

CVE-2014-4505 EPSS 0.00

Cross-site scripting (XSS) vulnerability in the Easy Breadcrumb module 7.x-2.x before 7.x-2.10 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Jun 20, 2014

CVE-2012-2591 1 PoC Analysis EPSS 0.06

Multiple cross-site scripting (XSS) vulnerabilities in EmailArchitect Email Server 10.0 and 10.0.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) From or (2) Date field in an email.

CWE-79 Jun 20, 2014

CVE-2012-2580 1 PoC Analysis EPSS 0.02

Cross-site scripting (XSS) vulnerability in the Postie plugin 1.4.3, and possibly before 1.5.15, for WordPress allows remote attackers to inject arbitrary web script or HTML via the From field of an email.

CWE-79 Jun 20, 2014

CVE-2012-2579 1 PoC Analysis EPSS 0.02

Multiple cross-site scripting (XSS) vulnerabilities in the WP SimpleMail plugin 1.0.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) To, (2) From, (3) Date, or (4) Subject field of an email.

CWE-79 Jun 20, 2014

CVE-2014-4335 EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive 6.7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) host or (2) password parameter to rtl/protected/admin/ddns/.

CWE-79 Jun 19, 2014

CVE-2012-2572 1 PoC Analysis EPSS 0.02

Cross-site scripting (XSS) vulnerability in the ThreeWP Email Reflector plugin before 1.16 for WordPress allows remote attackers to inject arbitrary web script or HTML via the Subject of an email.

CWE-79 Jun 19, 2014

CVE-2012-2569 1 PoC Analysis EPSS 0.00

Cross-site scripting (XSS) vulnerability in Synametrics Technologies Xeams 4.4 Build 5720 allows remote attackers to inject arbitrary web script or HTML via the body of an email.

CWE-79 Jun 19, 2014

CVE-2012-1621 EPSS 0.07

Multiple cross-site scripting (XSS) vulnerabilities in Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.02 allow remote attackers to inject arbitrary web script or HTML via (1) a parameter array in freemarker templates, the (2) contentId or (3) mapKey parameter in a cms event request, which are not properly handled in an error message, or unspecified input in (4) an ajax request to the getServerError function in checkoutProcess.js or (5) a Webslinger component request. NOTE: some of these details are obtained from third party information.

CWE-79 Jun 19, 2014