Exploit Intelligence Platform

CVE-2013-2364 EPSS 0.00

Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Jul 22, 2013

CVE-2013-2361 EPSS 0.01

Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Jul 22, 2013

CVE-2013-1955 EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php and (2) datePicker.php in Easy PHP Calendar 6.x and 7.x before 7.0.13 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Jul 20, 2013

CVE-2013-1879 EPSS 0.05

Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message."

CWE-79 Jul 20, 2013

CVE-2012-3414 1 PoC Analysis EPSS 0.06

Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the movieName parameter, related to the "ExternalInterface.call" function.

CWE-79 Jul 19, 2013

CVE-2013-4779 EPSS 0.00

Cross-site scripting (XSS) vulnerability in core/handleTw.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7 R1.7.0, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Jul 18, 2013

CVE-2013-4117 1 PoC Analysis NUCLEI EPSS 0.12

Cross-site scripting (XSS) vulnerability in includes/CatGridPost.php in the Category Grid View Gallery plugin 2.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ID parameter.

CWE-79 Jul 16, 2013

CVE-2013-1087 EPSS 0.01

Cross-site scripting (XSS) vulnerability in the client in Novell GroupWise through 8.0.3 HP3, and 2012 through SP2, on Windows allows user-assisted remote attackers to inject arbitrary web script or HTML via the body of an e-mail message.

CWE-79 Jul 15, 2013

CVE-2013-3423 EPSS 0.00

Cross-site scripting (XSS) vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified field, aka Bug ID CSCud75174.

CWE-79 Jul 12, 2013

CVE-2013-3422 EPSS 0.00

Cross-site scripting (XSS) vulnerability in Administration pages in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud75165.

CWE-79 Jul 12, 2013

CVE-2013-3421 EPSS 0.00

Cross-site scripting (XSS) vulnerability in the Help index page in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud75170.

CWE-79 Jul 12, 2013

CVE-2013-3419 EPSS 0.00

Cross-site scripting (XSS) vulnerability in Cisco Unified MeetingPlace Web Conferencing allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuh74981.

CWE-79 Jul 11, 2013

CVE-2013-3416 EPSS 0.00

Cross-site scripting (XSS) vulnerability in the web framework in the unified-communications management implementation in Cisco Unified Operations Manager and Unified Service Monitor allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug IDs CSCuh47574 and CSCuh95997.

CWE-79 Jul 10, 2013

CVE-2013-1132 EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Communications Domain Manager allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) IptAccountMgmt, (2) IptFeatureConfigTemplateMgmt, (3) IptFeatureDisplayPolicyMgmt, or (4) IptProviderMgmt page, aka Bug IDs CSCud69972, CSCud70193, and CSCud70261.

CWE-79 Jul 10, 2013

CVE-2013-3166 1 PoC Analysis EPSS 0.18

Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to inject arbitrary web script or HTML via vectors involving incorrect auto-selection of the Shift JIS encoding, leading to cross-domain scrolling events, aka "Shift JIS Character Encoding Vulnerability," a different vulnerability than CVE-2013-0015.

CWE-79 Jul 10, 2013

CVE-2013-2205 EPSS 0.01

The default configuration of SWFUpload in WordPress before 3.5.2 has an unrestrictive security.allowDomain setting, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted web site.

CWE-16 Jul 08, 2013

CVE-2013-2201 EPSS 0.01

Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) uploads of media files, (2) editing of media files, (3) installation of plugins, (4) updates to plugins, (5) installation of themes, or (6) updates to themes.

CWE-79 Jul 08, 2013

CVE-2013-0237 1 Writeup EPSS 0.00

Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode plupload before 1.5.5, as used in WordPress before 3.5.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter.

CWE-79 Jul 08, 2013

CVE-2013-0236 EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) gallery shortcodes or (2) the content of a post.

CWE-79 Jul 08, 2013

CVE-2013-1614 EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in the management console (aka Java console) on the Symantec Security Information Manager (SSIM) appliance 4.7.x and 4.8.x before 4.8.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Jul 08, 2013