Exploit Intelligence Platform

CVE-2012-5343 1 PoC Analysis EPSS 0.09

Cross-site scripting (XSS) vulnerability in admin/login.php in Limny 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO, related to the "PHP_SELF" variable.

CWE-79 Oct 09, 2012

CVE-2012-5341 1 PoC Analysis EPSS 0.03

Multiple cross-site scripting (XSS) vulnerabilities in statistik.php in Otterware StatIt 4 allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter, (2) show parameter in a stat_tld action, or (3) order parameter in a stat_abfragen action.

CWE-79 Oct 09, 2012

CVE-2011-5209 1 PoC Analysis EPSS 0.08

Cross-site scripting (XSS) vulnerability in search/ in GraphicsClone Script, possibly 1.11, allows remote attackers to inject arbitrary web script or HTML via the term parameter.

CWE-79 Oct 09, 2012

CVE-2012-5330 1 PoC Analysis EPSS 0.01

Multiple cross-site scripting (XSS) vulnerabilities in asaanCart 0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to calc.php, (2) chat.php, (3) register.php, or (4) index.php in libs/smarty_ajax/; or the (5) page parameter to libs/smarty_ajax/index.php.

CWE-79 Oct 08, 2012

CVE-2012-5325 EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in the scr_do_redirect function in scr.php in the Shortcode Redirect plugin 1.0.01 and earlier for WordPress allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via the (1) url or (2) sec attributes in a redirect tag.

CWE-79 Oct 08, 2012

CVE-2012-0846 EPSS 0.01

Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the Location variable.

CWE-79 Oct 08, 2012

CVE-2012-5322 2 PoCs Analysis EPSS 0.09

Multiple cross-site scripting (XSS) vulnerabilities in Xavi X7968 allow remote attackers to inject arbitrary web script or HTML via the (1) pvcName parameter to webconfig/wan/confirm.html/confirm or (2) host_name_txtbox parameter to webconfig/lan/lan_config.html/local_lan_config.

CWE-79 Oct 08, 2012

CVE-2011-4928 EPSS 0.00

Cross-site scripting (XSS) vulnerability in the textile formatter in Redmine before 1.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Oct 08, 2012

CVE-2012-5316 EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in Barracuda Spam & Virus Firewall 600 Firmware 4.0.1.009 and earlier allow remote authenticated users to inject arbitrary web script or HTML via (1) Troubleshooting in the Trace route Device module or (2) LDAP Username in the LDAP Configuration module.

CWE-79 Oct 08, 2012

CVE-2012-5315 1 PoC Analysis EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in php ireport 1.0 allow remote attackers to inject arbitrary web script or HTML via the message parameter to (1) messages_viewer.php, (2) home.php, or (3) history.php.

CWE-79 Oct 08, 2012

CVE-2012-5314 EPSS 0.00

Cross-site scripting (XSS) vulnerability in ViewGit 0.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the f parameter.

CWE-79 Oct 08, 2012

CVE-2012-5307 EPSS 0.00

Cross-site scripting (XSS) vulnerability in servlet/traveler in IBM Lotus Notes Traveler before 8.5.3.3 Interim Fix 1, when Firefox is used, allows remote attackers to inject arbitrary web script or HTML via the redirectURL parameter, a different vulnerability than CVE-2012-4824 and CVE-2012-4825.

CWE-79 Oct 08, 2012

CVE-2012-4825 EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in servlet/traveler/ILNT.mobileconfig in IBM Lotus Notes Traveler before 8.5.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) userId or (2) address parameter in a getClientConfigFile action.

CWE-79 Oct 08, 2012

CVE-2010-5064 EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in Virtual War (aka VWar) 1.6.1 R2 allow remote attackers to inject arbitrary web script or HTML via (1) the Additional Information field to challenge.php, the (2) Additional Information or (3) Contact information field to joinus.php, (4) the War Report field to admin/admin.php in a finishwar action, or (5) the Nick field to profile.php.

CWE-79 Oct 08, 2012

CVE-2011-4910 EPSS 0.00

Cross-site scripting (XSS) vulnerability in Joomla! before 1.5.12 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

CWE-79 Oct 07, 2012

CVE-2011-4909 1 PoC Analysis EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.5.12 allow remote attackers to inject arbitrary web script or HTML via the HTTP_REFERER header to (1) components/com_content/views/article/tmpl/form.php, (2) components/com_user/controller.php, (3) plugins/system/legacy/html.php, or (4) templates/beez/html/com_content/article/form.php.

CWE-79 Oct 07, 2012

CVE-2010-5275 EPSS 0.00

Cross-site scripting (XSS) vulnerability in memcache_admin in the Memcache module 5.x before 5.x-1.10 and 6.x before 6.x-1.6 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Oct 07, 2012

CVE-2012-5305 EPSS 0.00

Cross-site scripting (XSS) vulnerability in CMD_DOMAIN in JBMC Software DirectAdmin 1.403 allows remote attackers to inject arbitrary web script or HTML via the domain parameter.

CWE-79 Oct 06, 2012

CVE-2012-1634 EPSS 0.00

Cross-site scripting (XSS) vulnerability in video_filter.codecs.inc in the Video Filter module 6.x-2.x and 7.x-2.x for Drupal allows remote attackers to inject arbitrary web script or HTML via the EMBEDLOOKUP parameter for Blip.tv links.

CWE-79 Oct 06, 2012

CVE-2012-1624 EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in the Lingotek module 6.x-1.x before 6.x-1.40 for Drupal allow remote authenticated users to inject arbitrary web script or HTML when (1) creating or (2) editing page content.

CWE-79 Oct 06, 2012