Exploit Intelligence Platform

Updated 4h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

339,175 CVEs tracked 53,341 with exploits 4,746 exploited in wild 1,546 CISA KEV 3,943 Nuclei templates 49,090 vendors 42,769 researchers

42,551 results Clear all

CVE-2012-3528 EPSS 0.01

Typo3 < 4.5.19 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Sep 05, 2012

CVE-2012-2068 EPSS 0.00

Tiger-fish Fancy Slide < 6.x-2.6 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in fancy_slide.module in the Fancy Slide module before 6.x-2.7 for Drupal allow remote authenticated users with the administer fancy_slide permission to inject arbitrary web script or HTML via the (1) node_title or (2) nodequeue_title parameter.

CWE-79 Sep 05, 2012

CVE-2012-2066 EPSS 0.01

Fckeditor - XSS

Cross-site scripting (XSS) vulnerability in the FCKeditor module 6.x-2.x before 6.x-2.3 and the CKEditor module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.7 for Drupal allows remote authenticated users or remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Sep 05, 2012

CVE-2012-2065 EPSS 0.00

Freso Languageicons - XSS

Cross-site scripting (XSS) vulnerability in the Language Icons module 6.x-2.x before 6.x-2.1 and 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with administer languages permissions to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Sep 05, 2012

CVE-2012-2064 EPSS 0.00

Mark Theunissen Views Lang Switch < 7.x-1.1 - XSS

Cross-site scripting (XSS) vulnerability in theme/views_lang_switch.theme.inc in the Views Language Switcher module before 7.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via the q parameter.

CWE-79 Sep 05, 2012

CVE-2012-1613 1 PoC Analysis EPSS 0.02

Coppermine-gallery Coppermine Photo Gallery < 1.5.18 - XSS

Cross-site scripting (XSS) vulnerability in edit_one_pic.php in Coppermine Photo Gallery before 1.5.20 allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the keywords parameter.

CWE-79 Sep 04, 2012

CVE-2012-1606 EPSS 0.00

Typo3 < 4.4.14 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in the Backend component in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Sep 04, 2012

CVE-2012-4745 1 PoC Analysis EPSS 0.05

Acuity CMS 2.6.2 - XSS

Cross-site scripting (XSS) vulnerability in admin/login.asp in Acuity CMS 2.6.2 allows remote attackers to inject arbitrary web script or HTML via the UserName parameter.

CWE-79 Aug 31, 2012

CVE-2012-4744 EPSS 0.00

Zeroboard 0.5 - XSS

Cross-site scripting (XSS) vulnerability in ssearch.php in the Siche search module 0.5 for Zeroboard allows remote attackers to inject arbitrary web script or HTML via the search parameter.

CWE-79 Aug 31, 2012

CVE-2012-4740 EPSS 0.00

PacketFence <3.3.0 - XSS

Cross-site scripting (XSS) vulnerability in the captive portal in PacketFence before 3.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Aug 31, 2012

CVE-2012-2117 EPSS 0.01

Yaniv Aran-shamir Gigya - XSS

Cross-site scripting (XSS) vulnerability in the Gigya - Social optimization module 6.x before 6.x-3.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Aug 31, 2012

CVE-2012-2083 EPSS 0.00

Fusion < 6.x-1.12 - XSS

Cross-site scripting (XSS) vulnerability in the fusion_core_preprocess_page function in fusion_core/template.php in the Fusion module before 6.x-1.13 for Drupal allows remote attackers to inject arbitrary web script or HTML via the q parameter.

CWE-79 Aug 31, 2012

CVE-2011-4950 EPSS 0.01

Egroupware < 1.8.001.20110421 - XSS

Cross-site scripting (XSS) vulnerability in phpgwapi/js/jscalendar/test.php in EGroupware Enterprise Line (EPL) before 11.1.20110804-1 and EGroupware Community Edition before 1.8.001.20110805 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

CWE-79 Aug 31, 2012

CVE-2011-5150 1 PoC Analysis EPSS 0.02

Spamtitan < 5.07 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5.07 and possibly earlier allow remote attackers or authenticated users to inject arbitrary web script or HTML via the (1) ipaddress or (2) domain parameter to setup-network.php, different vectors than CVE-2011-5149. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CWE-79 Aug 31, 2012

CVE-2011-5149 1 PoC Analysis EPSS 0.04

Spamtitan < 5.08 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5.08 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) testaddr or (2) testpass parameter to auth-settings.php; (3) hostname, (4) domainname, or (5) mailserver parameter to setup-relay.php; or (6) subnetmask or (7) defaultroute parameter to setup-network.php.

CWE-79 Aug 31, 2012

CVE-2011-5143 EPSS 0.00

OBM Open Business Management < 2.3.20 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Open Business Management (OBM) 2.3.20 and probably earlier allow remote attackers to inject arbitrary web script or HTML via the (1) tf_name, (2) tf_delegation, and (3) tf_ip parameters to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CWE-79 Aug 31, 2012

CVE-2011-5142 EPSS 0.00

OBM Open Business Management < 2.4.0 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Open Business Management (OBM) 2.4.0-rc13 and probably earlier allow remote attackers to inject arbitrary web script or HTML via the (1) tf_delegation, (2) tf_ip, or (3) tf_name parameter in a search action to host/host_index.php; (4) login parameter to obm.php; or (5) tf_user parameter in a search action to group/group_index.php.

CWE-79 Aug 31, 2012

CVE-2011-5138 EPSS 0.00

Cross-site scripting (XSS) vulnerability in member.php in tForum b0.915 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a viewprofile action.

CWE-79 Aug 31, 2012

CVE-2012-4739 2 PoCs Analysis EPSS 0.06

Barracuda SSL VPN <2.2.2.203 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Barracuda SSL VPN before 2.2.2.203 (2012-07-05) allow remote attackers to inject arbitrary web script or HTML via the (1) policyLaunching, (2) resourcePrefix, or (3) actionPath parameter in showUserResourceCategories.do; (4) list or (5) path parameter to fileSystem.do; or (6) return-To parameter to launchAgent.do.

CWE-79 Aug 31, 2012

CVE-2012-2872 EPSS 0.00

Google Chrome <21.0.1180.89 - XSS

Cross-site scripting (XSS) vulnerability in an SSL interstitial page in Google Chrome before 21.0.1180.89 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Aug 31, 2012