Exploit Intelligence Platform

CVE-2013-1822 EPSS 0.00

Owncloud Server - XSS

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x before 4.5.8 allow remote authenticated users with administrator privileges to inject arbitrary web script or HTML via the (1) quota parameter to /core/settings/ajax/setquota.php, or remote authenticated users with group admin privileges to inject arbitrary web script or HTML via the (2) group field to settings.php or (3) "share with" field.

CWE-79 Mar 14, 2014

CVE-2012-0891 EPSS 0.00

Puppet Dashboard <1.2.5, Enterprise <1.2.5, <2.0.1 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Puppet Dashboard 1.0 before 1.2.5 and Enterprise 1.0 before 1.2.5 and 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified fields.

CWE-79 Mar 14, 2014

CVE-2014-2291 EPSS 0.00

Juniper Junos Pulse Secure Access Service <8.0 - XSS

Cross-site scripting (XSS) vulnerability in the Pulse Collaboration (Secure Meeting) user pages in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r18, 7.3 before 7.3r10, 7.4 before 7.4r8, and 8.0 before 8.0r1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Mar 14, 2014

CVE-2013-0307 EPSS 0.00

Owncloud < 4.0.11 - XSS

Cross-site scripting (XSS) vulnerability in settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allows remote administrators to inject arbitrary web script or HTML via the group input field parameter.

CWE-79 Mar 14, 2014

CVE-2013-0298 EPSS 0.00

Owncloud Server - XSS

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x before 4.5.7 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted iCalendar file to the calendar application, the (2) dir or (3) file parameter to apps/files_pdfviewer/viewer.php, or the (4) mountpoint parameter to /apps/files_external/addMountPoint.php.

CWE-79 Mar 14, 2014

CVE-2013-0297 EPSS 0.00

Owncloud Server < 4.0.11 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) site_name or (2) site_url parameter to apps/external/ajax/setsites.php.

CWE-79 Mar 14, 2014

CVE-2014-2325 EPSS 0.00

Proxmox Mail Gateway <3.1-5829 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Proxmox Mail Gateway before 3.1-5829 allow remote attackers to inject arbitrary web script or HTML via the (1) state parameter to objects/who/index.htm or (2) User email address to quarantine/spam/manage.htm.

CWE-79 Mar 14, 2014

CVE-2014-2024 EPSS 0.00

Open Classifieds <2.1.3 - XSS

Cross-site scripting (XSS) vulnerability in classes/controller/error.php in Open Classifieds 2 before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to shared-apartments-rooms/.

CWE-79 Mar 14, 2014

CVE-2013-2671 EPSS 0.00

Brother MFC-9970CDW L - XSS

Multiple cross-site scripting (XSS) vulnerabilities in the Brother MFC-9970CDW printer with firmware L (1.10) allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) val parameter to admin/admin_main.html; (3) id, (4) val, or (5) arbitrary parameter name (QUERY_STRING) to admin/profile_settings_net.html; or (6) kind or (7) arbitrary parameter name (QUERY_STRING) to fax/general_setup.html, a different vulnerability than CVE-2013-2507 and CVE-2013-2670.

CWE-79 Mar 14, 2014

CVE-2013-2670 EPSS 0.01

Brother MFC-9970CDW - XSS

Cross-site scripting (XSS) vulnerability in the Brother MFC-9970CDW printer with firmware G (1.03) and L (1.10) allows remote attackers to inject arbitrary web script or HTML via an arbitrary parameter name (QUERY_STRING) to admin/admin_main.html, a different vulnerability than CVE-2013-2507 and CVE-2013-2671.

CWE-79 Mar 14, 2014

CVE-2013-2507 EPSS 0.00

Brother MFC-9970CDW G - XSS

Multiple cross-site scripting (XSS) vulnerabilities in the Brother MFC-9970CDW printer with firmware G (1.03) allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/log_to_net.html or (2) kind parameter to fax/copy_settings.html, a different vulnerability than CVE-2013-2670 and CVE-2013-2671.

CWE-79 Mar 14, 2014

CVE-2013-1759 EPSS 0.00

Opensource Technologies Responsive Logo Slideshow - XSS

Cross-site scripting (XSS) vulnerability in the Responsive Logo Slideshow plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the "URL and Image" field.

CWE-79 Mar 14, 2014

CVE-2013-1758 EPSS 0.00

Marekkis Watermark - XSS

Cross-site scripting (XSS) vulnerability in the Marekkis Watermark plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pfad parameter to wp-admin/options-general.php. NOTE: some of these details are obtained from third party information.

CWE-79 Mar 14, 2014

CVE-2014-1877 EPSS 0.00

Dokeos 2.1.1 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Phone, (2) Street, (3) Address line, (4) Zip code, or (5) City field to main/auth/profile.php; (6) Subject field to main/social/groups.php; or (7) Message body field to main/messages/view_message.php.

CWE-79 Mar 13, 2014

CVE-2013-3728 1 PoC Analysis EPSS 0.01

Kasseler-cms < 2 - XSS

Cross-site scripting (XSS) vulnerability in Kasseler CMS before 2 r1232 allows remote authenticated users with permissions to create categories to inject arbitrary web script or HTML via the cat parameter in an admin_new_category action to admin.php.

CWE-79 Mar 13, 2014

CVE-2013-4649 EPSS 0.00

DotNetNuke <6.2.9, <7.1.1 - XSS

Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote attackers to inject arbitrary web script or HTML via the __dnnVariable parameter to the default URI.

CWE-79 Mar 12, 2014

CVE-2013-3943 EPSS 0.00

Dotnetnuke < 6.2.8 - XSS

Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the Display Name field in the Manage Profile.

CWE-79 Mar 12, 2014

CVE-2013-1636 1 PoC Analysis EPSS 0.10

Caseproof Prettylinks < 1.6.2 - XSS

Cross-site scripting (XSS) vulnerability in open-flash-chart.swf in Open Flash Chart (aka Open-Flash Chart), as used in the Pretty Link Lite plugin before 1.6.3 for WordPress, JNews (com_jnews) component 8.0.1 for Joomla!, and CiviCRM 3.1.0 through 4.2.9 and 4.3.0 through 4.3.3, allows remote attackers to inject arbitrary web script or HTML via the get-data parameter.

CWE-79 Mar 12, 2014

CVE-2013-4433 EPSS 0.00

PHP Xhprof < 0.9.3 - XSS

Cross-site scripting (XSS) vulnerability in XHProf before 0.9.4 allows remote attackers to inject arbitrary web script or HTML via the run parameter.

CWE-79 Mar 11, 2014

CVE-2013-4190 EPSS 0.00

Plone < 4.1.1 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in (1) spamProtect.py, (2) pts.py, and (3) request.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Mar 11, 2014

Investigate

Ecosystems

Reference Indexes

Recent Blog Posts

CVEForge Labs

KEV Gaps