Exploit Intelligence Platform

CVE-2012-1653 EPSS 0.00

Collectivecolors Taxonomy View Integrator Module - XSS

Cross-site scripting (XSS) vulnerability in the Taxonomy Views Integrator (TVI) module 6.x-1.x before 6.x-1.3 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, related to "views pages."

CWE-79 Sep 19, 2012

CVE-2012-1652 EPSS 0.00

WIM Leers Hierarchical Select - XSS

Cross-site scripting (XSS) vulnerability in the Hierarchical Select module 6.x-3.x before 6.x-3.8 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via unspecified vectors related to "the vocabulary's help text."

CWE-79 Sep 19, 2012

CVE-2012-1651 EPSS 0.00

Thinkleft Submenu Tree < 6.x-1.4 - XSS

Cross-site scripting (XSS) vulnerability in the Submenu Tree module before 6.x-1.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Sep 19, 2012

CVE-2012-2586 1 PoC Analysis EPSS 0.00

Mailtraq 2.17.3.3150 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Mailtraq 2.17.3.3150 allow remote attackers to inject arbitrary web script or HTML via an e-mail message subject with (1) a JavaScript alert function used in conjunction with the fromCharCode method or (2) a SCRIPT element; an e-mail message body with (3) a crafted SRC attribute of an IFRAME element, (4) a data: URL in the CONTENT attribute of an HTTP-EQUIV="refresh" META element, or (5) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an IMG element; or an e-mail message Date header with (6) a JavaScript alert function used in conjunction with the fromCharCode method, (7) a SCRIPT element, (8) a CSS expression property in the STYLE attribute of an arbitrary element, (9) a crafted SRC attribute of an IFRAME element, or (10) a data: URL in the CONTENT attribute of an HTTP-EQUIV="refresh" META element.

CWE-79 Sep 19, 2012

CVE-2012-2578 1 PoC Analysis EPSS 0.00

SmarterMail 9.2 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in SmarterMail 9.2 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a JavaScript alert function used in conjunction with the fromCharCode method, (2) a SCRIPT element, (3) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element, or (4) an innerHTML attribute within an XML document.

CWE-79 Sep 19, 2012

CVE-2012-0272 EPSS 0.01

Novell GroupWise 8.0 - XSS

Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 8.0 before Support Pack 3 allows remote attackers to inject arbitrary web script or HTML via the merge parameter.

CWE-79 Sep 19, 2012

CVE-2012-1660 EPSS 0.00

Nathan Haug Webform - XSS

Multiple cross-site scripting (XSS) vulnerabilities in components/select.inc in the Webform module 6.x-3.x before 6.x-3.17 and 7.x-3.x before 7.x-3.17 for Drupal, when the "Select (or other)" module is enabled, allow remote authenticated users with the create webform content permission to inject arbitrary web script or HTML via vectors related to (1) checkboxes or (2) radios.

CWE-79 Sep 18, 2012

CVE-2012-1659 EPSS 0.00

Ariel Barreiro Noderecommendation - XSS

Cross-site scripting (XSS) vulnerability in the Node Recommendation module 6.x-1.x before 6.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Sep 18, 2012

CVE-2012-1658 EPSS 0.00

Fourkitchens ED Readmore - XSS

Cross-site scripting (XSS) vulnerability in the Read More Link module 6.x-3.x before 6.x-3.1 for Drupal allows remote authenticated users with the access administration pages permission to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Sep 18, 2012

CVE-2012-1657 EPSS 0.00

Fourkitchens Block Class - XSS

Cross-site scripting (XSS) vulnerability in block_class.module in the Block Class module before 7.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the class name.

CWE-79 Sep 18, 2012

CVE-2012-1654 EPSS 0.00

Alex Barth Data - XSS

Multiple cross-site scripting (XSS) vulnerabilities in the Data module 6.x-1.x before 6.x-1.0 and 7.x-1.x before 7.x-1.0-alpha3 for Drupal allow remote authenticated users with the administer data tables permission to inject arbitrary web script or HTML via the title parameter in (1) data.views.inc and (2) data_ui/data_ui.admin.inc.

CWE-79 Sep 18, 2012

CVE-2012-3031 EPSS 0.01

Siemens WinCC 7.0 SP3- - XSS

Multiple cross-site scripting (XSS) vulnerabilities in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allow remote attackers to inject arbitrary web script or HTML via a (1) GET parameter, (2) POST parameter, or (3) Referer HTTP header.

CWE-79 Sep 18, 2012

CVE-2012-2060 EPSS 0.00

Nijskens RAF Admintools - XSS

Cross-site scripting (XSS) vulnerability in the Admin tools module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Sep 17, 2012

CVE-2012-2059 EPSS 0.00

Steve Lockwood Ticketyboo News Ticker - XSS

Cross-site scripting (XSS) vulnerability in the ticketyboo News Ticker module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Sep 17, 2012

CVE-2012-1899 EPSS 0.00

Nikola Posa Webfoliocms - XSS

Multiple cross-site scripting (XSS) vulnerabilities in webfolio/admin/users/edit in Webfolio CMS 1.1.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) First name, (2) Last name or (3) Email (required) fields.

CWE-79 Sep 17, 2012

CVE-2012-4968 EPSS 0.00

SilverStripe <2.3.13 & <2.4.7 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe 2.3.x before 2.3.13 and 2.4.x before 2.4.7 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted string to the AbsoluteLinks, (2) BigSummary, (3) ContextSummary, (4) EscapeXML, (5) FirstParagraph, (6) FirstSentence, (7) Initial, (8) LimitCharacters, (9) LimitSentences, (10) LimitWordCount, (11) LimitWordCountXML, (12) Lower, (13) LowerCase, (14) NoHTML, (15) Summary, (16) Upper, (17) UpperCase, or (18) URL method in a template, different vectors than CVE-2012-0976.

CWE-79 Sep 17, 2012

CVE-2010-4823 EPSS 0.01

SilverStripe <2.3.10-2.4.4 - XSS

Cross-site scripting (XSS) vulnerability in the httpError method in sapphire/core/control/RequestHandler.php in SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4, when custom error handling is not used, allows remote attackers to inject arbitrary web script or HTML via "missing URL actions."

CWE-79 Sep 17, 2012

CVE-2012-2995 1 PoC Analysis EPSS 0.33

Trend Micro InterScan Messaging Security Suite 7.1 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro InterScan Messaging Security Suite 7.1-Build_Win32_1394 allow remote attackers to inject arbitrary web script or HTML via (1) the wrsApprovedURL parameter to addRuleAttrWrsApproveUrl.imss or (2) the src parameter to initUpdSchPage.imss.

CWE-79 Sep 17, 2012

CVE-2012-2575 1 PoC Analysis EPSS 0.00

NetWin SurgeMail 6.0a4 - XSS

Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 6.0a4 allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IFRAME element in the body of an HTML e-mail message.

CWE-79 Sep 17, 2012

CVE-2012-4928 1 PoC Analysis EPSS 0.03

Oxwall 1.1.1 - XSS

Cross-site scripting (XSS) vulnerability in ow_updates/index.php in Oxwall 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the plugin parameter.

CWE-79 Sep 15, 2012

Investigate

Ecosystems

Reference Indexes

Recent Blog Posts

CVEForge Labs

KEV Gaps