Exploit Intelligence Platform

CVE-2012-5455 EPSS 0.00

Joomla! <3.0.1 - XSS

Cross-site scripting (XSS) vulnerability in the language search component in Joomla! before 3.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "typographical error."

CWE-79 Oct 22, 2012

CVE-2012-5452 1 PoC Analysis EPSS 0.19

Subrion CMS 2.2.1 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS 2.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) multi_title parameter to blocks/add/; (2) cost, (3) days, or (4) title[en] parameter to plans/add/; (5) name or (6) title[en] parameter to fields/group/add/ in admin/manage/; or (7) f[accounts][fullname] or (8) f[accounts][username] parameter to advsearch/. NOTE: This might overlap CVE-2011-5211. NOTE: it was later reported that the f[accounts][fullname] and f[accounts][username] vectors might also affect 2.2.2.

CWE-79 Oct 22, 2012

CVE-2012-5169 EPSS 0.00

ATutor AContent <1.2-2 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in file_manager/preview_top.php in ATutor AContent before 1.2-2 allow remote attackers to inject arbitrary web script or HTML via the (1) pathext, (2) popup, (3) framed, or (4) file parameter.

CWE-79 Oct 22, 2012

CVE-2012-4989 1 PoC Analysis EPSS 0.03

OpenX <2.8.10 - XSS

Cross-site scripting (XSS) vulnerability in admin/plugin-index.php in OpenX 2.8.10 before revision 81823 allows remote attackers to inject arbitrary web script or HTML via the parent parameter in an info action.

CWE-79 Oct 22, 2012

CVE-2012-4771 1 PoC Analysis EPSS 0.07

Subrion CMS <2.2.3 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) admin/accounts/, (2) admin/manage/, or (3) admin/manage/blocks/edit/; or (4) group parameter to admin/configuration/. NOTE: The f[accounts][fullname] and f[accounts][username] vectors are covered in CVE-2012-5452.

CWE-79 Oct 22, 2012

CVE-2012-4231 1 PoC Analysis EPSS 0.03

Jcore < 1.0 - XSS

Cross-site scripting (XSS) vulnerability in admin/index.php in jCore before 1.0pre2 allows remote attackers to inject arbitrary web script or HTML via the path parameter.

CWE-79 Oct 22, 2012

CVE-2011-5211 1 PoC Analysis EPSS 0.01

Intelliants Subrion Cms - XSS

Cross-site scripting (XSS) vulnerability in the poll module in Subrion CMS 2.0.4 allows remote attackers to inject arbitrary web script or HTML via the title field. NOTE: some of these details are obtained from third party information. NOTE: this might overlap CVE-2012-5452.

CWE-79 Oct 22, 2012

CVE-2010-4821 1 PoC Analysis EPSS 0.03

phpMyFAQ <2.6.9 - XSS

Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.6.9 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.

CWE-79 Oct 22, 2012

CVE-2012-4751 2 PoCs Analysis EPSS 0.08

OTRS Help Desk <2.4.15, <3.0.17, <3.1.11 - XSS

Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x before 3.1.11 allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with whitespace before a javascript: URL in the SRC attribute of an element, as demonstrated by an IFRAME element.

CWE-79 Oct 22, 2012

CVE-2012-5384 EPSS 0.00

WebCalendar - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Craig Knudsen WebCalendar allow remote attackers to inject arbitrary web script or HTML via the (1) $name or (2) $description variables in edit_entry_handler.php, or (3) $url, (4) $tempfullname, or (5) $ext_users[] variables in view_entry.php, different vectors than CVE-2012-0846.

CWE-79 Oct 11, 2012

CVE-2012-3040 EPSS 0.01

Siemens SIMATIC S7-1200 <3.0.1 - XSS

Cross-site scripting (XSS) vulnerability in the web server on Siemens SIMATIC S7-1200 PLCs 2.x through 3.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URI.

CWE-79 Oct 10, 2012

CVE-2012-4184 EPSS 0.01

Mozilla Firefox < 10.0.8 - XSS

The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not prevent access to properties of a prototype for a standard class, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site.

CWE-79 Oct 10, 2012

CVE-2012-3994 EPSS 0.01

Mozilla Firefox < 10.0.8 - XSS

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to conduct cross-site scripting (XSS) attacks via a binary plugin that uses Object.defineProperty to shadow the top object, and leverages the relationship between top.location and the location property.

CWE-79 Oct 10, 2012

CVE-2012-3992 EPSS 0.01

Mozilla Firefox < 10.0.8 - XSS

Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage history data, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive POST content via vectors involving a location.hash write operation and history navigation that triggers the loading of a URL into the history object.

CWE-79 Oct 10, 2012

CVE-2012-3985 EPSS 0.01

Mozilla Firefox < 16.0 - XSS

Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before 2.13 do not properly implement the HTML5 Same Origin Policy, which allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging initial-origin access after document.domain has been set.

CWE-79 Oct 10, 2012

CVE-2012-4003 EPSS 0.00

Glpi < 0.83.2 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in GLPI-PROJECT GLPI before 0.83.3 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.

CWE-79 Oct 09, 2012

CVE-2012-2552 EPSS 0.44

Microsoft SQL Server - XSS

Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Reflected XSS Vulnerability."

CWE-79 Oct 09, 2012

CVE-2012-2520 EXPLOITED EPSS 0.24

Microsoft InfoPath <2010 - XSS

Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."

CWE-79 Oct 09, 2012

CVE-2012-5349 1 PoC Analysis EPSS 0.05

Pay With Tweet <1.2 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in pay.php in the Pay With Tweet plugin before 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) title, or (3) dl parameter.

CWE-79 Oct 09, 2012

CVE-2012-5346 1 PoC Analysis EPSS 0.01

WordPress WP Live.php <1.2.1 - XSS

Cross-site scripting (XSS) vulnerability in wp-live.php in the WP Live.php module 1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. NOTE: some of these details are obtained from third party information.

CWE-79 Oct 09, 2012

Investigate

Ecosystems

Reference Indexes

Recent Blog Posts

CVEForge Labs

KEV Gaps