Exploit Intelligence Platform

CVE-2013-5421 EPSS 0.00

Cross-site scripting (XSS) vulnerability in the IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote attackers to inject arbitrary web script or HTML via crafted input to an unspecified dynamic web form.

CWE-79 Dec 22, 2013

CVE-2013-6196 EPSS 0.00

Cross-site scripting (XSS) vulnerability in HP Autonomy Ultraseek 5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Dec 21, 2013

CVE-2013-5406 EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, leading to improper interaction with the Windows MHTML protocol handler.

CWE-79 Dec 21, 2013

CVE-2013-5405 EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters.

CWE-79 Dec 21, 2013

CVE-2013-4065 EPSS 0.00

Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1, when ultra-light mode is enabled, allows remote attackers to inject arbitrary web script or HTML via active content in an e-mail message, aka SPR TCLE98ZKRP.

CWE-79 Dec 21, 2013

CVE-2013-4064 EPSS 0.00

Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1, when ultra-light mode is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN9ARMFA.

CWE-79 Dec 21, 2013

CVE-2013-4063 EPSS 0.00

Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1 allows remote attackers to inject arbitrary web script or HTML via active content in an e-mail message, aka SPRs PTHN9AQMV7 and TCLE98ZKRP.

CWE-79 Dec 21, 2013

CVE-2013-4045 EPSS 0.00

Cross-site scripting (XSS) vulnerability in the Portal application in IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Dec 21, 2013

CVE-2013-7194 1 PoC Analysis EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in www/administrator.php in eFront 3.6.14 (build 18012) allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) Last name, (2) Lesson name, or (3) Course name field.

CWE-79 Dec 21, 2013

CVE-2013-7191 EPSS 0.00

Cross-site scripting (XSS) vulnerability in Tenmiles Helpdesk Pilot allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI for a ticket.

CWE-79 Dec 21, 2013

CVE-2013-7082 EPSS 0.00

Cross-site scripting (XSS) vulnerability in the errorAction method in the ActionController base class in TYPO3 Flow (formerly FLOW3) 1.1.x before 1.1.1 and 2.0.x before 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message.

CWE-79 Dec 21, 2013

CVE-2013-7077 EPSS 0.00

Cross-site scripting (XSS) vulnerability in the Backend User Administration Module in TYPO3 6.0.x before 6.0.12 and 6.1.x before 6.1.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Dec 21, 2013

CVE-2013-7076 EPSS 0.00

Cross-site scripting (XSS) vulnerability in Extension Manager in TYPO3 4.5.x before 4.5.32 and 4.7.x before 4.7.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Dec 21, 2013

CVE-2013-7074 EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in Content Editing Wizards in TYPO3 4.5.x before 4.5.32, 4.7.x before 4.7.17, 6.0.x before 6.0.12, 6.1.x before 6.1.7, and the development versions of 6.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters.

CWE-79 Dec 21, 2013

CVE-2013-7002 EPSS 0.00

Cross-site scripting (XSS) vulnerability in mobile/php/translation/index.php in LiveZilla before 5.1.1.0 allows remote attackers to inject arbitrary web script or HTML via the g_language parameter.

CWE-79 Dec 21, 2013

CVE-2013-6162 1 PoC Analysis EPSS 0.01

Cross-site scripting (XSS) vulnerability in Code-Crafters Ability Mail Server 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the body of an email.

CWE-79 Dec 21, 2013

CVE-2013-7188 EPSS 0.01

Cross-site scripting (XSS) vulnerability in KBKP Software HostBill before 2013-12-14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Dec 20, 2013

CVE-2013-6178 EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer GRC 5.x before 5.4 SP1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Dec 19, 2013

CVE-2013-6837 EPSS 0.01

Cross-site scripting (XSS) vulnerability in the setTimeout function in js/jquery.prettyPhoto.js in prettyPhoto 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted PATH_INTO to the default URI.

CWE-79 Dec 19, 2013

CVE-2013-5402 EPSS 0.00

Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management, Maximo Asset Management Essentials, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities 7.1.x through 7.1.1.12, 7.1.2, 7.5 before 7.5.0.3 IFIX014, and 7.5.0.5 before IFIX003; SmartCloud Control Desk (SCCD) 7.5 before 7.5.0.3 IFIX014 and 7.5.0.5 before IFIX003; and Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.1.x through 7.1.1.12, 7.1.2, and 7.2.x through 7.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Dec 18, 2013