Exploit Intelligence Platform

CVE-2013-4954 1 PoC Analysis EPSS 0.05

Genetech Solutions Pie-Register <1.31 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Genetech Solutions Pie-Register plugin before 1.31 for WordPress, when "Allow New Registrations to set their own Password" is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) pass1 or (2) pass2 parameter in a register action. NOTE: some of these details are obtained from third party information.

CWE-79 Jul 29, 2013

CVE-2013-4951 1 PoC Analysis EPSS 0.01

Mintboard 0.3 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Mintboard 0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) pass parameter in views/login.php or (3) name or (4) pass parameter in views/signup.php.

CWE-79 Jul 29, 2013

CVE-2013-4950 1 PoC Analysis EPSS 0.04

Machform 2 - XSS

Cross-site scripting (XSS) vulnerability in view.php in Machform 2 allows remote attackers to inject arbitrary web script or HTML via the element_2 parameter.

CWE-79 Jul 29, 2013

CVE-2013-4946 1 PoC Analysis EPSS 0.01

BMC Service Desk Express 10.2.1.95 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in BMC Service Desk Express (SDE) 10.2.1.95 allow remote attackers to inject arbitrary web script or HTML via the (1) SelTab parameter to QV_admin.aspx, the (2) CallBack parameter to QV_grid.aspx, or the (3) HelpPage parameter to commonhelp.aspx.

CWE-79 Jul 29, 2013

CVE-2013-4140 EPSS 0.00

Drupalisme Tinybox < 7.x-2.1 - XSS

Cross-site scripting (XSS) vulnerability in the TinyBox (Simple Splash) module before 7.x-2.2 for Drupal allows remote authenticated users with the "administer tinybox" permission to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Jul 29, 2013

CVE-2013-4944 EPSS 0.00

BuddyPress Extended Friendship Request <1.0.2 - XSS

Cross-site scripting (XSS) vulnerability in the BuddyPress Extended Friendship Request plugin before 1.0.2 for WordPress, when the "Friend Connections" component is enabled, allows remote attackers to inject arbitrary web script or HTML via the friendship_request_message parameter to wp-admin/admin-ajax.php. NOTE: some of these details are obtained from third party information.

CWE-79 Jul 29, 2013

CVE-2013-3515 1 PoC Analysis EPSS 0.06

Openx < 2.8.10 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in OpenX Source 2.8.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) package parameter to www/admin/plugin-index.php or the (2) group parameter to www/admin/plugin-settings.php.

CWE-79 Jul 29, 2013

CVE-2013-2181 EPSS 0.00

Monkey - XSS

Cross-site scripting (XSS) vulnerability in the Directory Listing plugin in Monkey HTTP Daemon (monkeyd) 1.2.2 allows attackers to inject arbitrary web script or HTML via a file name.

CWE-79 Jul 29, 2013

CVE-2013-4942 EPSS 0.00

Yahoo! YUI 3.5.0-3.9.1 - XSS

Cross-site scripting (XSS) vulnerability in flashuploader.swf in the Uploader component in Yahoo! YUI 3.5.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.

CWE-79 Jul 29, 2013

CVE-2013-4941 EPSS 0.00

Yahoo! YUI 3.2.0-3.9.1 - XSS

Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.

CWE-79 Jul 29, 2013

CVE-2013-4940 EPSS 0.00

Yahoo! YUI 3.10.2 - XSS

Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.

CWE-79 Jul 29, 2013

CVE-2013-4939 EPSS 0.00

Yahoo! YUI 3.0.0-3.9.1 - XSS

Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.

CWE-79 Jul 29, 2013

CVE-2013-2244 EPSS 0.00

Moodle - XSS

Multiple cross-site scripting (XSS) vulnerabilities in lib/conditionlib.php in Moodle 2.4.x before 2.4.5 and 2.5.x before 2.5.1 allow remote attackers to inject arbitrary web script or HTML via the conditional access rule value of a user field.

CWE-79 Jul 29, 2013

CVE-2013-4802 EPSS 0.01

HP ALM Quality Center <11.51 - XSS

Cross-site scripting (XSS) vulnerability in HP Application Lifecycle Management (ALM) Quality Center before 11.51 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka ZDI-CAN-1565.

CWE-79 Jul 29, 2013

CVE-2013-3414 EPSS 0.01

Cisco Adaptive Security Appliance Software - XSS

Cross-site scripting (XSS) vulnerability in the WebVPN portal login page on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCug83080.

CWE-79 Jul 25, 2013

CVE-2013-3999 EPSS 0.00

IBM Social Media Analytics - XSS

Cross-site scripting (XSS) vulnerability in IBM Social Media Analytics 1.2 before FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Jul 25, 2013

CVE-2013-3979 EPSS 0.00

IBM Star Command Center - XSS

Multiple cross-site scripting (XSS) vulnerabilities in the help pages in Web\Content\Help\ in the Web Client in IBM Cognos Command Center (aka Star Command Center or Star Analytics) before 10.1, when Internet Explorer is used, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Jul 25, 2013

CVE-2013-3440 EPSS 0.00

Cisco Unified Operations Manager - XSS

Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in Cisco Unified Operations Manager allow remote attackers to inject arbitrary web script or HTML, and obtain improperly secured cookies, via unspecified vectors, aka Bug ID CSCud80186.

CWE-79 Jul 23, 2013

CVE-2013-3439 EPSS 0.00

Cisco Unified Operations Manager - XSS

Cross-site scripting (XSS) vulnerability in Cisco Unified Operations Manager allows remote attackers to inject arbitrary web script or HTML via a crafted URL in an unspecified HTTP header field, aka Bug ID CSCud80182.

CWE-79 Jul 23, 2013

CVE-2013-4883 1 PoC Analysis EPSS 0.03

McAfee ePolicy Orchestrator <4.6.6 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePO Extension for the McAfee Agent (MA) 4.5 through 4.6, allow remote attackers to inject arbitrary web script or HTML via the (1) instanceId parameter core/loadDisplayType.do; (2) instanceId or (3) monitorUrl parameter to console/createDashboardContainer.do; uid parameter to (4) ComputerMgmt/sysDetPanelBoolPie.do or (5) ComputerMgmt/sysDetPanelSummary.do; (6) uid, (7) orion.user.security.token, or (8) ajaxMode parameter to ComputerMgmt/sysDetPanelQry.do; or (9) uid, (10) orion.user.security.token, or (11) ajaxMode parameter to ComputerMgmt/sysDetPanelSummary.do.

CWE-79 Jul 22, 2013

Investigate

Ecosystems

Reference Indexes

Recent Blog Posts

CVEForge Labs

KEV Gaps