Exploit Intelligence Platform

CVE-2014-3428 EPSS 0.00

Yealink Voip Phone Firmware - XSS

Cross-site scripting (XSS) vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary web script or HTML via the model parameter to servlet.

CWE-79 Jun 16, 2014

CVE-2014-2002 EPSS 0.00

C-BOARD Moyuku <1.01b6 - XSS

Cross-site scripting (XSS) vulnerability in C-BOARD Moyuku 1.01b6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Jun 14, 2014

CVE-2014-4161 EPSS 0.00

SAP SRM - XSS

Cross-site scripting (XSS) vulnerability in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote attackers to inject arbitrary web script or HTML via the url parameter.

CWE-79 Jun 13, 2014

CVE-2014-4160 EPSS 0.00

SAP NetWeaver Business Client - XSS

Multiple cross-site scripting (XSS) vulnerabilities in the testcanvas node in SAP NetWeaver Business Client (NWBC) allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) sap-accessibility parameter.

CWE-79 Jun 13, 2014

CVE-2012-3522 EPSS 0.00

Qbnz Geshi < 1.0.8.10 - XSS

Cross-site scripting (XSS) vulnerability in contrib/langwiz.php in GeSHi before 1.0.8.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Jun 13, 2014

CVE-2014-4037 EPSS 0.00

FCKeditor <2.6.11 - XSS

Cross-site scripting (XSS) vulnerability in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor before 2.6.11 and earlier allows remote attackers to inject arbitrary web script or HTML via an array key in the textinputs[] parameter, a different issue than CVE-2012-4000.

CWE-79 Jun 11, 2014

CVE-2014-4036 EPSS 0.00

ImpressCMS 1.3.6.1 - XSS

Cross-site scripting (XSS) vulnerability in modules/system/admin.php in ImpressCMS 1.3.6.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a listimg action.

CWE-79 Jun 11, 2014

CVE-2014-4035 1 PoC Analysis EPSS 0.03

Best Soft Inc. (BSI) Advance Hotel Booking System 2.0 - XSS

Cross-site scripting (XSS) vulnerability in booking_details.php in Best Soft Inc. (BSI) Advance Hotel Booking System 2.0 allows remote attackers to inject arbitrary web script or HTML via the title parameter.

CWE-79 Jun 11, 2014

CVE-2014-4033 1 PoC Analysis EPSS 0.02

eFront 3.6.14.4 - XSS

Cross-site scripting (XSS) vulnerability in libraries/includes/personal/profile.php in Epignosis eFront 3.6.14.4 allows remote attackers to inject arbitrary web script or HTML via the surname parameter to student.php.

CWE-79 Jun 11, 2014

CVE-2014-4032 EPSS 0.00

Fiyo CMS 1.5.7 - XSS

Cross-site scripting (XSS) vulnerability in apps/app_comment/form_comment.php in Fiyo CMS 1.5.7 allows remote attackers to inject arbitrary web script or HTML via the Nama field.

CWE-79 Jun 11, 2014

CVE-2014-0533 EPSS 0.01

Adobe Flash Player < 13.0.0.214 - XSS

Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-0531 and CVE-2014-0532.

CWE-79 Jun 11, 2014

CVE-2014-0532 EPSS 0.04

Adobe Air SDK < 13.0.0.111 - XSS

Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-0531 and CVE-2014-0533.

CWE-79 Jun 11, 2014

CVE-2014-0531 EPSS 0.01

Adobe Air < 13.0.0.111 - XSS

Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on Windows and OS X and before 11.2.202.378 on Linux, Adobe AIR before 14.0.0.110, Adobe AIR SDK before 14.0.0.110, and Adobe AIR SDK & Compiler before 14.0.0.110 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2014-0532 and CVE-2014-0533.

CWE-79 Jun 11, 2014

CVE-2014-1823 EPSS 0.28

Microsoft Lync Server <2013 - XSS

Cross-site scripting (XSS) vulnerability in the Web Components Server in Microsoft Lync Server 2010 and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL containing a valid meeting ID, aka "Lync Server Content Sanitization Vulnerability."

CWE-79 Jun 11, 2014

CVE-2014-4017 EPSS 0.00

WordPress Conversion Ninja - XSS

Cross-site scripting (XSS) vulnerability in the Conversion Ninja plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter to lp/index.php.

CWE-79 Jun 10, 2014

CVE-2014-3289 EPSS 0.01

Cisco Ironport Asyncos < 8.0 - XSS

Cross-site scripting (XSS) vulnerability in the web management interface in Cisco AsyncOS on the Email Security Appliance (ESA) 8.0, Web Security Appliance (WSA) 8.0 (.5 Hot Patch 1) and earlier, and Content Security Management Appliance (SMA) 8.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, as demonstrated by the date_range parameter to monitor/reports/overview on the IronPort ESA, aka Bug IDs CSCun07998, CSCun07844, and CSCun07888.

CWE-79 Jun 10, 2014

CVE-2013-3082 1 PoC Analysis EPSS 0.02

Jojo <1.2.2 - XSS

Cross-site scripting (XSS) vulnerability in plugins/jojo_core/forgot_password.php in Jojo before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the search parameter to forgot-password/.

CWE-79 Jun 09, 2014

CVE-2014-3966 EPSS 0.00

MediaWiki <1.19.16, <1.21.10, <1.22.7 - XSS

Cross-site scripting (XSS) vulnerability in Special:PasswordReset in MediaWiki before 1.19.16, 1.21.x before 1.21.10, and 1.22.x before 1.22.7, when wgRawHtml is enabled, allows remote attackers to inject arbitrary web script or HTML via an invalid username.

CWE-79 Jun 06, 2014

CVE-2013-2618 EXPLOITED RANSOMWARE 1 PoC Analysis EPSS 0.09

Network Weathermap <0.97b - XSS

Cross-site scripting (XSS) vulnerability in editor.php in Network Weathermap before 0.97b allows remote attackers to inject arbitrary web script or HTML via the map_title parameter.

CWE-79 Jun 05, 2014

CVE-2014-3974 1 PoC Analysis EPSS 0.05

AuraCMS <3.0 - XSS

Cross-site scripting (XSS) vulnerability in filemanager.php in AuraCMS 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the viewdir parameter.

CWE-79 Jun 05, 2014

Investigate

Ecosystems

Reference Indexes

Recent Blog Posts

CVEForge Labs

KEV Gaps