Exploit Intelligence Platform

CVE-2013-6299 EPSS 0.00

IBM Algo One - XSS

Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-6300, CVE-2013-6301, CVE-2013-6320, and CVE-2013-6333.

CWE-79 Mar 05, 2014

CVE-2014-0846 EPSS 0.00

IBM Rational Doors Next Generation - XSS

Cross-site scripting (XSS) vulnerability in IBM Rational Requirements Composer 3.x before 3.0.1.6 iFix2 and 4.x before 4.0.6, and Rational DOORS Next Generation 4.x before 4.0.6, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

CWE-79 Mar 04, 2014

CVE-2014-2040 EPSS 0.00

Media File Renamer 1.7.0 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in the (1) callback_multicheck, (2) callback_radio, and (3) callback_wysiwygin functions in mfrh_class.settings-api.php in the Media File Renamer plugin 1.7.0 for WordPress allow remote authenticated users with permissions to add media or edit media to inject arbitrary web script or HTML via unspecified parameters, as demonstrated by the title of an uploaded file.

CWE-79 Mar 03, 2014

CVE-2014-1840 EPSS 0.00

MyBB <1.6.12 - XSS

Cross-site scripting (XSS) vulnerability in Upload/search.php in MyBB 1.6.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a do_search action, which is not properly handled in a forced SQL error message.

CWE-79 Mar 03, 2014

CVE-2013-3487 EPSS 0.01

Ait-pro Bulletproof-security < .48.9 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in the security log in the BulletProof Security plugin before .49 for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified HTML header fields to (1) 400.php, (2) 403.php, or (3) 403.php.

CWE-79 Mar 03, 2014

CVE-2013-1409 1 PoC Analysis EPSS 0.03

Commentluv < 2.92.3 - XSS

Cross-site scripting (XSS) vulnerability in the CommentLuv plugin before 2.92.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the _ajax_nonce parameter to wp-admin/admin-ajax.php.

CWE-79 Mar 03, 2014

CVE-2014-2092 EPSS 0.00

CMS Made Simple 1.11.10 - XSS

Cross-site scripting (XSS) vulnerability in lib/filemanager/ImageManager/editorFrame.php in CMS Made Simple 1.11.10 allows remote attackers to inject arbitrary web script or HTML via the action parameter, a different issue than CVE-2014-0334. NOTE: the original disclosure also reported issues that may not cross privilege boundaries.

CWE-79 Mar 02, 2014

CVE-2014-2091 1 PoC Analysis EPSS 0.01

ATutor 2.1.1 - XSS

Cross-site scripting (XSS) vulnerability in mods/_standard/forums/admin/forum_add.php in ATutor 2.1.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the title parameter in an add_forum action. NOTE: the original disclosure also reported issues that may not cross privilege boundaries.

CWE-79 Mar 02, 2014

CVE-2014-2090 1 PoC Analysis EPSS 0.01

ILIAS 4.4.1 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in ilias.php in ILIAS 4.4.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) tar, (2) tar_val, or (3) title parameter.

CWE-79 Mar 02, 2014

CVE-2014-0334 1 PoC Analysis EPSS 0.01

CMS Made Simple - XSS

Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple allow remote authenticated users to inject arbitrary web script or HTML via (1) the group parameter to admin/addgroup.php, (2) the htmlblob parameter to admin/addhtmlblob.php, the (3) title or (4) url parameter to admin/addbookmark.php, (5) the stylesheet_name parameter to admin/copystylesheet.php, (6) the template_name parameter to admin/copytemplate.php, the (7) title or (8) url parameter to admin/editbookmark.php, (9) the template parameter to admin/listtemplates.php, or (10) the css_name parameter to admin/listcss.php, a different issue than CVE-2014-2092.

CWE-79 Mar 02, 2014

CVE-2014-2244 EPSS 0.00

MediaWiki <1.19.12, <1.20.x, <1.21.6, <1.22.3 - XSS

Cross-site scripting (XSS) vulnerability in the formatHTML function in includes/api/ApiFormatBase.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 allows remote attackers to inject arbitrary web script or HTML via a crafted string located after http:// in the text parameter to api.php.

CWE-79 Mar 02, 2014

CVE-2014-2242 EPSS 0.00

MediaWiki <1.19.12, 1.20.x, 1.21.x <1.21.6, 1.22.x <1.22.3 - XSS

includes/upload/UploadBase.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 does not prevent use of invalid namespaces in SVG files, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an SVG upload, as demonstrated by use of a W3C XHTML namespace in conjunction with an IFRAME element.

CWE-79 Mar 02, 2014

CVE-2014-2104 EPSS 0.00

Cisco Unified Communications Domain Manager 9.0 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in the Business Voice Services Manager (BVSM) page in Cisco Unified Communications Domain Manager 9.0(.1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCum78536, CSCum78526, CSCum69809, and CSCum63113.

CWE-79 Mar 02, 2014

CVE-2014-2080 EPSS 0.00

ModX Revolution <2.2.11 - XSS

Cross-site scripting (XSS) vulnerability in manager/templates/default/header.tpl in ModX Revolution before 2.2.11 allows remote attackers to inject arbitrary web script or HTML via the "a" parameter.

CWE-79 Mar 01, 2014

CVE-2014-2067 EPSS 0.00

Jenkins <1.551-1.532.2 - XSS

Cross-site scripting (XSS) vulnerability in java/hudson/model/Cause.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users to inject arbitrary web script or HTML via a "remote cause note."

CWE-79 Mar 01, 2014

CVE-2014-1888 EPSS 0.00

BuddyPress <1.9.2 - XSS

Cross-site scripting (XSS) vulnerability in the BuddyPress plugin before 1.9.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the name field to groups/create/step/group-details. NOTE: this can be exploited without authentication by leveraging CVE-2014-1889.

CWE-79 Mar 01, 2014

CVE-2014-1695 1 PoC Analysis EPSS 0.04

OTRS <3.1.20-3.3.5 - XSS

Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML email.

CWE-79 Mar 01, 2014

CVE-2014-1456 EPSS 0.00

Openwebanalytics Open Web Analytics < 1.5.5 - XSS

Cross-site scripting (XSS) vulnerability in the login page in Open Web Analytics (OWA) before 1.5.6 allows remote attackers to inject arbitrary web script or HTML via the owa_user_id parameter to index.php.

CWE-79 Mar 01, 2014

CVE-2014-0874 EPSS 0.00

IBM Content Navigator - XSS

Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote authenticated users to inject arbitrary web script or HTML via an unspecified parameter.

CWE-79 Feb 28, 2014

CVE-2014-2231 EPSS 0.00

Synetics i-doit pro <1.2.5 - XSS

Cross-site scripting (XSS) vulnerability in the API in synetics i-doit pro before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via a property title.

CWE-79 Feb 27, 2014

Investigate

Ecosystems

Reference Indexes

Recent Blog Posts

CVEForge Labs

KEV Gaps