Exploit Intelligence Platform

Updated 5h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

339,490 CVEs tracked 53,352 with exploits 4,748 exploited in wild 1,551 CISA KEV 3,945 Nuclei templates 49,201 vendors 42,812 researchers

42,625 results Clear all

CVE-2013-5223 5.4 MEDIUM KEV 2 PoCs Analysis EPSS 0.35

D-Link DSL-2760U Gateway - XSS

Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2760U Gateway (Rev. E1) allow remote authenticated users to inject arbitrary web script or HTML via the (1) ntpServer1 parameter to sntpcfg.cgi, username parameter to (2) ddnsmngr.cmd or (3) todmngr.tod, (4) TodUrlAdd parameter to urlfilter.cmd, (5) appName parameter to scprttrg.cmd, (6) fltName in an add action or (7) rmLst parameter in a remove action to scoutflt.cmd, (8) groupName parameter to portmapcfg.cmd, (9) snmpRoCommunity parameter to snmpconfig.cgi, (10) fltName parameter to scinflt.cmd, (11) PolicyName in an add action or (12) rmLst parameter in a remove action to prmngr.cmd, (13) ippName parameter to ippcfg.cmd, (14) smbNetBiosName or (15) smbDirName parameter to samba.cgi, or (16) wlSsid parameter to wlcfg.wl.

CWE-79 Nov 19, 2013

CVE-2013-4519 EPSS 0.00

Review Board <1.6.21, <1.7.17 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Review Board 1.6.x before 1.6.21 and 1.7.x before 1.7.17 allow remote attackers to inject arbitrary web script or HTML via the (1) Branch field or (2) caption of an uploaded file.

CWE-79 Nov 19, 2013

CVE-2013-0741 EPSS 0.00

Percipient Studios ImageGen <2.9.0 - XSS

Cross-site scripting (XSS) vulnerability in imagegen.ashx in Percipient Studios ImageGen before 2.9.0 for Umbraco CMS allows remote attackers to inject arbitrary web script or HTML via the font parameter.

CWE-79 Nov 19, 2013

CVE-2013-5418 EPSS 0.00

IBM WebSphere Application Server <7.0.0.31-8.5.5.1 - XSS

Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

CWE-79 Nov 18, 2013

CVE-2013-5417 EPSS 0.00

IBM WebSphere Application Server <7.0.0.31-8.5.5.1 - XSS

Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote attackers to inject arbitrary web script or HTML via HTTP response data.

CWE-79 Nov 18, 2013

CVE-2013-5425 EPSS 0.00

IBM WebSphere Virtual Enterprise <7.0.0.4 - XSS

Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Virtual Enterprise 6.1 before 6.1.1.6 and 7.0 before 7.0.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

CWE-79 Nov 18, 2013

CVE-2013-4842 EPSS 0.01

HP iLO4 <1.32 - XSS

Cross-site scripting (XSS) vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Nov 18, 2013

CVE-2013-4556 EPSS 0.00

SPIP <3.0.12, <2.1.24 - XSS

Cross-site scripting (XSS) vulnerability in the author page (prive/formulaires/editer_auteur.php) in SPIP before 2.1.24 and 3.0.x before 3.0.12 allows remote attackers to inject arbitrary web script or HTML via the url_site parameter.

CWE-79 Nov 18, 2013

CVE-2013-4204 EPSS 0.00

Google Web Toolkit < 2.5.0 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in the JUnit files in the GWTTestCase in Google Web Toolkit (GWT) before 2.5.1 RC1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Nov 18, 2013

CVE-2013-2031 EPSS 0.02

Gentoo Linux < 1.19.5 - XSS

MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a CDATA section containing valid UTF-7 encoded sequences in a SVG file, which is then incorrectly interpreted as UTF-8 by Chrome and Firefox.

CWE-79 Nov 18, 2013

CVE-2013-6794 1 PoC Analysis EPSS 0.02

Cross-site scripting (XSS) vulnerability in the Calendar module in Olat 7.8.0.1 (b20130821 N1) allows remote attackers to inject arbitrary web script or HTML via the Location field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CWE-79 Nov 14, 2013

CVE-2013-6793 1 PoC Analysis EPSS 0.08

Multiple cross-site scripting (XSS) vulnerabilities in the Calendar module in Olat 7.8.0.1 (b20130821 N1) allow remote attackers to inject arbitrary web script or HTML via the (1) event name or (2) date field.

CWE-79 Nov 14, 2013

CVE-2013-6168 EPSS 0.00

Zikula Application Framework < 1.3.5 - XSS

Cross-site scripting (XSS) vulnerability in Zikula Application Framework before 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the returnpage parameter to index.php.

CWE-79 Nov 14, 2013

CVE-2013-6163 EPSS 0.01

Projeqtor < 3.4.4 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in ProjeQtOr (formerly Project'Or RIA) before 4.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) type parameter to view/parameter.php, (2) p1value parameter to view/main.php, or (3) objectClass parameter to view/objectDetail.php.

CWE-79 Nov 14, 2013

CVE-2013-6780 EPSS 0.01

Yahoo Yui - XSS

Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via the allowedDomain parameter.

CWE-79 Nov 13, 2013

CVE-2013-5442 EPSS 0.00

IBM Security Network Protection - XSS

Cross-site scripting (XSS) vulnerability in the Local Management Interface (LMI) in IBM Security Network Protection on XGS 5100 devices with firmware 5.1 before 5.1.0.6 and 5.1.1 before 5.1.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Nov 13, 2013

CVE-2013-5379 EPSS 0.00

IBM WebSphere Portal <7.0.0.2-8.0.0.1 - XSS

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.x before 7.0.0.2 CF25 and 8.x before 8.0.0.1 CF8 allows remote authenticated users to inject arbitrary web script or HTML by leveraging improper tagging functionality.

CWE-79 Nov 13, 2013

CVE-2013-5378 EPSS 0.00

IBM WebSphere Portal <8.0.0.1 CF8 - XSS

Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.x before 8.0.0.1 CF8 allows remote authenticated users to inject arbitrary web script or HTML by leveraging incorrect IBM Connections integration.

CWE-79 Nov 13, 2013

CVE-2013-5326 EXPLOITED EPSS 0.00

Adobe ColdFusion <10 - XSS

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 9.0 before Update 12, 9.0.1 before Update 11, 9.0.2 before Update 6, and 10 before Update 12, when the CFIDE directory is available, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the logviewer directory.

CWE-79 Nov 13, 2013

CVE-2013-4716 EPSS 0.00

Tattyan HP TOWN <5.9.3 - XSS

Cross-site scripting (XSS) vulnerability in Tattyan HP TOWN 5_9_3 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string.

CWE-79 Nov 08, 2013