Exploit Intelligence Platform

CVE-2014-1826 EPSS 0.00

iThoughtsHD <4.19 - XSS

Cross-site scripting (XSS) vulnerability in the iThoughtsHD app 4.19 for iOS on iPad devices, when the WiFi Transfer feature is used, allows remote attackers to inject arbitrary web script or HTML via a crafted map name.

CWE-79 Mar 26, 2014

CVE-2014-0884 EPSS 0.00

IBM Lotus Protector For Mail Security - XSS

Cross-site scripting (XSS) vulnerability in the Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Mar 25, 2014

CVE-2014-2538 EPSS 0.00

rack-ssl <1.4.0 - XSS

Cross-site scripting (XSS) vulnerability in lib/rack/ssl.rb in the rack-ssl gem before 1.4.0 for Ruby allows remote attackers to inject arbitrary web script or HTML via a URI, which might not be properly handled by third-party adapters such as JRuby-Rack.

CWE-79 Mar 25, 2014

CVE-2014-2526 6.1 MEDIUM EPSS 0.01

BarracudaDrive <6.7 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive before 6.7 allow remote attackers to inject arbitrary web script or HTML via the (1) sForumName or (2) sDescription parameter to Forum/manage/ForumManager.lsp; (3) sHint, (4) sWord, or (5) nId parameter to Forum/manage/hangman.lsp; (6) user parameter to rtl/protected/admin/wizard/setuser.lsp; (7) name or (8) email parameter to feedback.lsp; (9) lname or (10) url parameter to private/manage/PageManager.lsp; (11) cmd parameter to fs; (12) newname, (13) description, (14) firstname, (15) lastname, or (16) id parameter to rtl/protected/mail/manage/list.lsp; or (17) PATH_INFO to fs/.

CWE-79 Mar 25, 2014

CVE-2014-2016 1 PoC Analysis EPSS 0.01

OXID eShop <4.7.11, <4.8.4, <5.0.11, <5.1.4 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in OXID eShop Professional and Community Edition 4.6.8 and earlier, 4.7.x before 4.7.11, and 4.8.x before 4.8.4, and Enterprise Edition 4.6.8 and earlier, 5.0.x before 5.0.11 and 5.1.x before 5.1.4 allow remote attackers to inject arbitrary web script or HTML via the searchtag parameter to the getTag function in (1) application/controllers/details.php or (2) application/controllers/tag.php.

CWE-79 Mar 25, 2014

CVE-2013-5951 EPSS 0.00

Extplorer - XSS

Multiple cross-site scripting (XSS) vulnerabilities in eXtplorer 2.1.3, when used as a component for Joomla!, allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) application.js.php in scripts/ or (2) admin.php, (3) copy_move.php, (4) functions.php, (5) header.php, or (6) upload.php in include/.

CWE-79 Mar 25, 2014

CVE-2012-6430 1 PoC Analysis EPSS 0.11

Opensolution Quick Cart - XSS

Cross-site scripting (XSS) vulnerability in Open Solution Quick.Cms 5.0 and Quick.Cart 6.0, possibly as downloaded before December 19, 2012, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin.php. NOTE: this might be a duplicate of CVE-2008-4140.

CWE-79 Mar 24, 2014

CVE-2014-2589 EPSS 0.01

SonicWall NSA 2400 - XSS

Cross-site scripting (XSS) vulnerability in the Dashboard Backend service (stats/dashboard.jsp) in SonicWall Network Security Appliance (NSA) 2400 allows remote attackers to inject arbitrary web script or HTML via the sn parameter.

CWE-79 Mar 24, 2014

CVE-2014-2586 1 PoC Analysis EPSS 0.09

McAfee Cloud SSO - XSS

Cross-site scripting (XSS) vulnerability in the login audit form in McAfee Cloud Single Sign On (SSO) allows remote attackers to inject arbitrary web script or HTML via a crafted password.

CWE-79 Mar 24, 2014

CVE-2014-2057 EPSS 0.00

ownCloud <6.0.2 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 6.0.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Mar 24, 2014

CVE-2014-2571 EPSS 0.00

Moodle <2.3.11-2.6.2 - XSS

Cross-site scripting (XSS) vulnerability in the quiz_question_tostring function in mod/quiz/editlib.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote authenticated users to inject arbitrary web script or HTML via a quiz question.

CWE-79 Mar 24, 2014

CVE-2013-7342 EPSS 0.00

Flowplayer HTML5 <5.4.1 - XSS

Cross-site scripting (XSS) vulnerability in flowplayer.swf in the Flash fallback feature in Flowplayer HTML5 5.4.1 allows remote attackers to inject arbitrary web script or HTML via the callback parameter, a related issue to CVE-2013-7341.

CWE-79 Mar 24, 2014

CVE-2013-7343 EPSS 0.00

Flowplayer HTML5 5.4.3 - XSS

Cross-site scripting (XSS) vulnerability in flowplayer.swf in the Flash fallback feature in Flowplayer HTML5 5.4.3 allows remote attackers to inject arbitrary web script or HTML by using URL encoding within the callback parameter name. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7342.

CWE-79 Mar 24, 2014

CVE-2013-7341 EPSS 0.00

Flowplayer Flash <3.2.17 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Flowplayer Flash before 3.2.17, as used in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2, allow remote attackers to inject arbitrary web script or HTML by (1) providing a crafted playerId or (2) referencing an external domain, a related issue to CVE-2013-7342.

CWE-79 Mar 24, 2014

CVE-2013-6729 EPSS 0.00

IBM Quickfile - XSS

Cross-site scripting (XSS) vulnerability in IBM QuickFile 1.0.0.0 before iFix 4 and 1.1.0.1 before iFix 3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

CWE-79 Mar 21, 2014

CVE-2011-3199 EPSS 0.00

Gplhost Domain Technologie Control < 0.32.11 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Domain Technologie Control (DTC) before 0.34.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) message body of a support ticket or unspecified vectors to the (2) DNS and (3) MX form, as demonstrated by the "Domain root TXT record:" field.

CWE-79 Mar 21, 2014

CVE-2014-2280 EPSS 0.00

SeedDMS <4.3.4 - XSS

Cross-site scripting (XSS) vulnerability in the search feature in SeedDMS (formerly LetoDMS and MyDMS) before 4.3.4 allows remote attackers to inject arbitrary web script or HTML via the query parameter.

CWE-79 Mar 20, 2014

CVE-2014-2219 EPSS 0.00

CMSimple Classic <3.54 - XSS

Cross-site scripting (XSS) vulnerability in whizzywig/wb.php in CMSimple Classic 3.54 and earlier, possibly as downloaded before February 26, 2014, allows remote attackers to inject arbitrary web script or HTML via the d parameter.

CWE-79 Mar 20, 2014

CVE-2014-2077 EPSS 0.00

Open-Xchange (OX) AppSuite <7.4.1-rev10-7.4.2-rev8 - XSS

Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 7.4.1 before 7.4.1-rev10 and 7.4.2 before 7.4.2-rev8 allows remote attackers to inject arbitrary web script or HTML via the subject of an email, involving 'the aria "tags" for screenreaders at the top bar'.

CWE-79 Mar 20, 2014

CVE-2014-1904 EPSS 0.02

Spring MVC <3.2.8, 4.0.0 - XSS

Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action.

CWE-79 Mar 20, 2014

Investigate

Ecosystems

Reference Indexes

Recent Blog Posts

CVEForge Labs

KEV Gaps