Exploit Intelligence Platform

CVE-2013-2289 1 PoC Analysis EPSS 0.01

Batavi - XSS

Cross-site scripting (XSS) vulnerability in admin/templates/default.php in Batavi 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to admin/index.php.

CWE-79 Mar 11, 2014

CVE-2013-6037 EPSS 0.01

Aker Secure Mail Gateway < 2.5.2 - XSS

Cross-site scripting (XSS) vulnerability in index.php in Aker Secure Mail Gateway 2.5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg_id parameter.

CWE-79 Mar 11, 2014

CVE-2013-6944 EPSS 0.00

Citrix Netscaler Application Delivery Controller Firmware - XSS

Cross-site scripting (XSS) vulnerability in the user interface in the AAA TM vServer in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 before 10.1-118.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Mar 11, 2014

CVE-2014-2315 EPSS 0.00

Thank You Counter Button <1.8.7 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in the Thank You Counter Button plugin 1.8.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) thanks_caption, (2) thanks_caption_style, or (3) thanks_style parameter to wp-admin/options.php.

CWE-79 Mar 09, 2014

CVE-2014-1944 1 PoC Analysis EPSS 0.05

Ilch CMS <=2.0 - XSS

Cross-site scripting (XSS) vulnerability in Ilch CMS 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the text parameter to index.php/guestbook/index/newentry.

CWE-79 Mar 09, 2014

CVE-2014-1599 EPSS 0.00

SFR Box router NB6-MAIN-R3.3.4 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in the SFR Box router with firmware NB6-MAIN-R3.3.4 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) dns, (2) dhcp, (3) nat, (4) route, or (5) lan in network/; or (6) wifi/config.

CWE-79 Mar 09, 2014

CVE-2013-6233 1 PoC Analysis EPSS 0.05

ENG Spagobi < 4.0 - XSS

Cross-site scripting (XSS) vulnerability in SpagoBI before 4.1 allows remote authenticated users to inject arbitrary web script or HTML via the Description field in the "Short document metadata."

CWE-79 Mar 09, 2014

CVE-2013-6232 1 PoC Analysis EPSS 0.01

ENG Spagobi < 4.0 - XSS

Cross-site scripting (XSS) vulnerability in SpagoBI before 4.1 allows remote authenticated users to inject arbitrary web script or HTML via a document note in the execution page.

CWE-79 Mar 09, 2014

CVE-2013-2270 EPSS 0.00

Airvana Hubbub C1-600-rt - XSS

Cross-site scripting (XSS) vulnerability in the administration page in Airvana HubBub C1-600-RT and Sprint AIRAVE 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Mar 09, 2014

CVE-2013-1890 EPSS 0.00

Owncloud < 5.0.0 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) new_name parameter to apps/bookmarks/ajax/renameTag.php or (2) multiple unspecified parameters to unknown files in apps/contacts/ajax/.

CWE-79 Mar 09, 2014

CVE-2014-1906 1 PoC Analysis EPSS 0.01

VideoWhisper Live Streaming Integration <4.29.5 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) m parameter to lb_status.php; (2) msg parameter to vc_chatlog.php; n parameter to (3) channel.php, (4) htmlchat.php, (5) video.php, or (6) videotext.php; (7) message parameter to lb_logout.php; or ct parameter to (8) lb_status.php or (9) v_status.php in ls/.

CWE-79 Mar 06, 2014

CVE-2014-0335 EPSS 0.01

Serena Dimensions CM 12.2 build 7.199.0 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in the web client in Serena Dimensions CM 12.2 build 7.199.0 allow remote attackers to inject arbitrary web script or HTML via the (1) DB_CONN, (2) DB_NAME, (3) DM_HOST, (4) MAN_DB_NAME, (5) framecmd, (6) identifier, (7) merant.adm.adapters.AdmDialogPropertyMgr, (8) nav_frame, (9) nav_jsp, (10) target_frame, (11) id, or (12) type parameter to the dimensions/ URI.

CWE-79 Mar 06, 2014

CVE-2013-6314 EPSS 0.00

IBM Enterprise Records - XSS

Cross-site scripting (XSS) vulnerability in IBM InfoSphere Enterprise Records 4.5.1 before 4.5.1.7-IER-IF001 and Enterprise Records 5.1.1 before 5.1.1.1-IER-IF003 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Mar 06, 2014

CVE-2014-2236 EPSS 0.00

Askbot <0.7.49 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Askbot before 0.7.49 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) tag or (2) user search forms.

CWE-79 Mar 05, 2014

CVE-2014-2235 EPSS 0.00

Askbot <0.7.49 - XSS

Cross-site scripting (XSS) vulnerability in Askbot before 0.7.49 allows remote attackers to inject arbitrary web script or HTML via vectors related to the question search form.

CWE-79 Mar 05, 2014

CVE-2013-6333 EPSS 0.00

IBM Algo One - XSS

Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-6299, CVE-2013-6300, CVE-2013-6301, and CVE-2013-6320.

CWE-79 Mar 05, 2014

CVE-2013-6320 EPSS 0.00

IBM Algo One - XSS

Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-6299, CVE-2013-6300, CVE-2013-6301, and CVE-2013-6333.

CWE-79 Mar 05, 2014

CVE-2013-6318 EPSS 0.00

IBM Algo One - XSS

Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Mar 05, 2014

CVE-2013-6301 EPSS 0.00

IBM Algo One - XSS

Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-6299, CVE-2013-6300, CVE-2013-6320, and CVE-2013-6333.

CWE-79 Mar 05, 2014

CVE-2013-6300 EPSS 0.00

IBM Algo One - XSS

Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-6299, CVE-2013-6301, CVE-2013-6320, and CVE-2013-6333.

CWE-79 Mar 05, 2014

Investigate

Ecosystems

Reference Indexes

Recent Blog Posts

CVEForge Labs

KEV Gaps