Exploit Intelligence Platform

CVE-2011-5160 2 PoCs Analysis EPSS 0.00

Open-emr Openemr - XSS

Cross-site scripting (XSS) vulnerability in setup.php in OpenEMR 4 allows remote attackers to inject arbitrary web script or HTML via the site parameter.

CWE-79 Sep 09, 2012

CVE-2011-5159 EPSS 0.00

Geeklog < 1.7.1 - XSS

Cross-site scripting (XSS) vulnerability in admin/configuration.php in Geeklog before 1.7.1sr1 allows remote attackers to inject arbitrary web script or HTML via the sub_group parameter, a different vulnerability than CVE-2011-4942.

CWE-79 Sep 09, 2012

CVE-2011-4942 EPSS 0.00

Geeklog < 1.7.1 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in admin/configuration.php in Geeklog before 1.7.1sr1 allow remote attackers to inject arbitrary web script or HTML via the (1) subgroup or (2) conf_group parameters. NOTE: this vulnerability might require a user-assisted attack or a bypass of a CSRF protection mechanism.

CWE-79 Sep 09, 2012

CVE-2012-3255 EPSS 0.01

HP Business Availability Center <8.07 - XSS

Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 8.07 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Sep 08, 2012

CVE-2012-4873 1 PoC Analysis EPSS 0.01

GNUBoard <4.34.21 - XSS

Cross-site scripting (XSS) vulnerability in the file_download function in GNUBoard before 4.34.21 allows remote attackers to inject arbitrary web script or HTML via the filename parameter.

CWE-79 Sep 06, 2012

CVE-2012-4872 EPSS 0.00

Kayako Fusion <4.40.985 - XSS

Cross-site scripting (XSS) vulnerability in Tickets/Submit in Kayako Fusion before 4.40.985 allows remote attackers to inject arbitrary web script or HTML via certain vectors, possibly a crafted ticket description.

CWE-79 Sep 06, 2012

CVE-2012-4871 1 PoC Analysis EPSS 0.06

LiteSpeed Web Server 4.1.11 - XSS

Cross-site scripting (XSS) vulnerability in service/graph_html.php in the administrator panel in LiteSpeed Web Server 4.1.11 allows remote attackers to inject arbitrary web script or HTML via the gtitle parameter.

CWE-79 Sep 06, 2012

CVE-2012-1612 EPSS 0.00

Joomla! - XSS

Cross-site scripting (XSS) vulnerability in the update manager in Joomla! 2.5.x before 2.5.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Sep 06, 2012

CVE-2012-1469 2 PoCs Analysis EPSS 0.33

PKP Open Journal Systems < 2.3.6 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Open Journal Systems before 2.3.7 allow remote attackers and remote authenticated users to inject arbitrary web script or HTML via the (1) editor or (2) callback parameters to lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/ibrowser.php in the iBrowser plugin, (3) authors[][url] parameter to index.php, or (4) Bio Statement or (5) Abstract of Submission fields to the stripUnsafeHtml function in lib/pkp/classes/core/String.inc.php.

CWE-79 Sep 06, 2012

CVE-2012-0822 EPSS 0.00

Joomla! <1.7.4 - XSS

Cross-site scripting (XSS) vulnerability in Joomla! 1.6 and 1.7.x before 1.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0820.

CWE-79 Sep 06, 2012

CVE-2012-0820 EPSS 0.00

Joomla! <1.7.4 - XSS

Cross-site scripting (XSS) vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0822.

CWE-79 Sep 06, 2012

CVE-2012-1110 3 PoCs Analysis EPSS 0.17

Etano <1.22 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Etano 1.22 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user, (2) email, (3) email2, (4) f17_zip, or (5) agree parameter to join.php; (6) PATH_INFO, (7) st, (8) f17_city, (9) f17_country, (10) f17_state, (11) f17_zip, (12) f19, (13) wphoto, (14) search, or (15) v parameter to search.php; (16) PATH_INFO or (17) st parameter to photo_search.php; or (18) return parameter to photo_view.php.

CWE-79 Sep 06, 2012

CVE-2012-4870 1 PoC Analysis EPSS 0.11

FreePBX <2.9 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) context parameter to panel/index_amp.php or (2) panel/dhtml/index.php; (3) clid or (4) clidname parameters to panel/flash/mypage.php; (5) PATH_INFO to admin/views/freepbx_reload.php; or (6) login parameter to recordings/index.php.

CWE-79 Sep 06, 2012

CVE-2012-2741 1 PoC Analysis EPSS 0.11

phpList <2.10.18 - XSS

Cross-site scripting (XSS) vulnerability in public_html/lists/admin/ in phpList before 2.10.18 allows remote attackers to inject arbitrary web script or HTML via the num parameter in a reconcileusers action.

CWE-79 Sep 06, 2012

CVE-2012-4397 EPSS 0.00

Owncloud < 4.0.0 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) calendar displayname to part.choosecalendar.rowfields.php or (2) part.choosecalendar.rowfields.shared.php in apps/calendar/templates/; or (3) unspecified vectors to apps/contacts/lib/vcard.php.

CWE-79 Sep 05, 2012

CVE-2012-4396 EPSS 0.01

Owncloud < 4.0.1 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) file names to apps/user_ldap/settings.php; (2) url or (3) title parameter to apps/bookmarks/ajax/editBookmark.php; (4) tag or (5) page parameter to apps/bookmarks/ajax/updateList.php; (6) identity to apps/user_openid/settings.php; (7) stack name in apps/gallery/lib/tiles.php; (8) root parameter to apps/gallery/templates/index.php; (9) calendar displayname in apps/calendar/templates/part.import.php; (10) calendar uri in apps/calendar/templates/part.choosecalendar.rowfields.php; (11) title, (12) location, or (13) description parameter in apps/calendar/lib/object.php; (14) certain vectors in core/js/multiselect.js; or (15) artist, (16) album, or (17) title comments parameter in apps/media/lib_scanner.php.

CWE-79 Sep 05, 2012

CVE-2012-4395 EPSS 0.00

Owncloud < 4.0.2 - XSS

Cross-site scripting (XSS) vulnerability in index.php in ownCloud before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the redirect_url parameter.

CWE-79 Sep 05, 2012

CVE-2012-4394 EPSS 0.00

Owncloud < 4.0.4 - XSS

Cross-site scripting (XSS) vulnerability in apps/files/js/filelist.js in ownCloud before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter.

CWE-79 Sep 05, 2012

CVE-2012-3551 1 PoC Analysis EPSS 0.04

Dell Crowbar < 1.4 - XSS

Cross-site scripting (XSS) vulnerability in crowbar_framework/app/views/support/index.html.haml in the Crowbar barclamp in Crowbar, possibly 1.4 and earlier, allows remote attackers to inject arbitrary web script or HTML via the file parameter to /utils.

CWE-79 Sep 05, 2012

CVE-2012-3531 EPSS 0.00

Typo3 < 4.5.19 - XSS

Cross-site scripting (XSS) vulnerability in the Install Tool in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Sep 05, 2012

Investigate

Ecosystems

Reference Indexes

Recent Blog Posts

CVEForge Labs

KEV Gaps