Exploit Intelligence Platform

CVE-2013-7078 EPSS 0.00

Typo3 < 4.5.31 - XSS

Cross-site scripting (XSS) vulnerability in the errorAction method in the ActionController base class in the Extbase Framework in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6, when the Rewritten Property Mapper is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message. NOTE: this might be the same vulnerability as CVE-2013-7072.

CWE-79 Jan 19, 2014

CVE-2013-0244 EPSS 0.00

Drupal - XSS

Cross-site scripting (XSS) vulnerability in Drupal 6.x before 6.28 and 7.x before 7.19, when running with older versions of jQuery that are vulnerable to CVE-2011-4969, allows remote attackers to inject arbitrary web script or HTML via vectors involving unspecified Javascript functions that are used to select DOM elements.

CWE-79 Jan 19, 2014

CVE-2013-7243 EPSS 0.00

GetSimple CMS <3.2.3 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.1.2 and 3.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) post-menu field to edit.php or (2) Display name field to settings.php. NOTE: The Custom Permalink Structure and Email Address fields are already covered by CVE-2012-6621.

CWE-79 Jan 17, 2014

CVE-2012-6632 EPSS 0.00

Vessio Netbill - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Vessio NetBill 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) full name or (2) file title to accounts/admin/index.php or (3) comment parameter in the support page to accounts/index2.php.

CWE-79 Jan 16, 2014

CVE-2012-6630 EPSS 0.00

Rick Mead Media Library Categories - XSS

Multiple cross-site scripting (XSS) vulnerabilities in the Media Library Categories plugin 1.1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) bulk parameter to media-library-categories/add.php or (2) q parameter to media-library-categories/view.php.

CWE-79 Jan 16, 2014

CVE-2012-6628 EPSS 0.00

Xyzscripts Newsletter Manager < 1.0.2 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in the Newsletter Manager plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) xyz_em_campName to admin/create_campaign.php or (2) admin/edit_campaign.php, (3) xyz_em_email parameter to admin/edit_email.php, (4) xyz_em_exportbatchSize parameter to import_export.php, or (5) pagination limit in the Newsletter Manager options.

CWE-79 Jan 16, 2014

CVE-2012-6627 EPSS 0.00

Xyzscripts Newsletter Manager < 1.0.2 - XSS

Cross-site scripting (XSS) vulnerability in admin/test_mail.php in the Newsletter Manager plugin 1.0.2 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter.

CWE-79 Jan 16, 2014

CVE-2012-6624 1 PoC Analysis EPSS 0.02

Mightymess Soundcloud IS Gold - XSS

Cross-site scripting (XSS) vulnerability in the SoundCloud Is Gold plugin 2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the width parameter in a soundcloud_is_gold_player_preview action to wp-admin/admin-ajax.php.

CWE-79 Jan 16, 2014

CVE-2012-6623 EPSS 0.00

Vasthtml Forumpress < 1.7.4 - XSS

Cross-site scripting (XSS) vulnerability in fs-admin/wpf-add-forum.php in the ForumPress WP Forum Server plugin before 1.7.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the groupid parameter in an addforum action to wp-admin/admin.php.

CWE-79 Jan 16, 2014

CVE-2012-6622 1 PoC Analysis EPSS 0.04

Vasthtml Forumpress < 1.7.4 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in fs-admin/fs-admin.php in the ForumPress WP Forum Server plugin before 1.7.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) groupid parameter in an editgroup action or (2) usergroup_id parameter in an edit_usergroup action.

CWE-79 Jan 16, 2014

CVE-2012-6621 EPSS 0.00

Get-simple Getsimple Cms < 3.2.3 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.1, 3.1.2, 3.2.3, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Email Address or (2) Custom Permalink Structure fields in admin/settings.php; (3) path parameter to admin/upload.php; (4) err parameter to admin/theme.php; (5) error parameter to admin/pages.php; or (6) success or (7) err parameter to admin/index.php.

CWE-79 Jan 16, 2014

CVE-2012-6620 1 Writeup EPSS 0.00

Horde Kronolith H4 < 3.0.16 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in the (1) tasks and (2) search views in Horde Kronolith H4 before 3.0.17 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Jan 16, 2014

CVE-2013-6725 EPSS 0.00

IBM Websphere Application Server - XSS

Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server 7.x before 7.0.0.31, 8.0.x before 8.0.0.8, and 8.5.x before 8.5.5.2 allows remote authenticated administrators to inject arbitrary web script or HTML via a crafted URL.

CWE-79 Jan 16, 2014

CVE-2013-6786 EPSS 0.00

Allegrosoft Rompager < 4.07 - XSS

Cross-site scripting (XSS) vulnerability in Allegro RomPager before 4.51, as used on the ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D-Link DSL-2640R and DSL-2641R, when the "forbidden author header" protection mechanism is bypassed, allows remote attackers to inject arbitrary web script or HTML by requesting a nonexistent URI in conjunction with a crafted HTTP Referer header that is not properly handled in a 404 page. NOTE: there is no CVE for a "URL redirection" issue that some sources list separately.

CWE-79 Jan 16, 2014

CVE-2014-1472 EPSS 0.00

Mcafee Vulnerability Manager < 7.5.5 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in the Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Jan 16, 2014

CVE-2013-6017 1 PoC Analysis EPSS 0.24

Atmail < 7.1.6 - XSS

Cross-site scripting (XSS) vulnerability in Atmail Webmail Server before 7.2 allows remote attackers to inject arbitrary web script or HTML via the body of an e-mail message, as demonstrated by the SRC attribute of an IFRAME element.

CWE-79 Jan 12, 2014

CVE-2014-0977 EPSS 0.01

Sixapart Movabletype - XSS

Cross-site scripting (XSS) vulnerability in the Rich Text Editor in Movable Type 5.0x, 5.1x before 5.161, 5.2.x before 5.2.9, and 6.0.x before 6.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Jan 10, 2014

CVE-2014-1407 EPSS 0.00

Conceptronic C54apm Firmware - XSS

Multiple cross-site scripting (XSS) vulnerabilities on the Conceptronic C54APM access point with runtime code 1.26 allow remote attackers to inject arbitrary web script or HTML via (1) the submit-url parameter in a Refresh action to goform/formWlSiteSurvey or (2) the wlan-url parameter to goform/formWlanSetup.

CWE-79 Jan 10, 2014

CVE-2014-0663 EPSS 0.01

Cisco Secure Access Control System - XSS

Cross-site scripting (XSS) vulnerability in the web framework in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCum03625.

CWE-79 Jan 10, 2014

CVE-2013-7289 EPSS 0.00

Andy's PHP Knowledgebase <0.95.8 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in register.php in Andy's PHP Knowledgebase (Aphpkb) before 0.95.8 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name, (2) last_name, (3) email, or (4) username parameter.

CWE-79 Jan 10, 2014

Investigate

Ecosystems

Reference Indexes

Recent Blog Posts

CVEForge Labs

KEV Gaps