Exploit Intelligence Platform

CVE-2012-4667 EPSS 0.00

SquidClamav 5.x - XSS

Multiple cross-site scripting (XSS) vulnerabilities in SquidClamav 5.x before 5.8 allow remote attackers to inject arbitrary web script or HTML via the (1) url, (2) virus, (3) source, or (4) user parameter to (a) clwarn.cgi, (b) clwarn.cgi.de_DE, (c) clwarn.cgi.en_EN, (d) clwarn.cgi.fr_FR, (e) clwarn.cgi.pt_BR, or (f) clwarn.cgi.ru_RU in cgi-bin/.

CWE-79 Aug 25, 2012

CVE-2012-3508 1 PoC Analysis EPSS 0.10

Roundcube Webmail - XSS

Cross-site scripting (XSS) vulnerability in program/lib/washtml.php in Roundcube Webmail 0.8.0 allows remote attackers to inject arbitrary web script or HTML by using "javascript:" in an href attribute in the body of an HTML-formatted email.

CWE-79 Aug 25, 2012

CVE-2012-3507 EPSS 0.00

Roundcube Webmail < 0.7.3 - XSS

Cross-site scripting (XSS) vulnerability in program/steps/mail/func.inc in RoundCube Webmail before 0.8.0, when using the Larry skin, allows remote attackers to inject arbitrary web script or HTML via the email message subject.

CWE-79 Aug 25, 2012

CVE-2012-2984 1 PoC Analysis EPSS 0.02

Websense Content Gateway <7.7.3 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in monitor/m_overview.ink in Websense Content Gateway before 7.7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) menu or (2) item parameter.

CWE-79 Aug 24, 2012

CVE-2011-5115 EPSS 0.00

Dlguard < 4.6 - XSS

Cross-site scripting (XSS) vulnerability in DLGuard, possibly 4.6 and earlier, allows remote attackers to inject arbitrary web script or HTML via the searchCart parameter to index.php.

CWE-79 Aug 23, 2012

CVE-2011-5114 EPSS 0.00

Barraguard Barracuda Link Balancer Series Firmware - XSS

Multiple cross-site scripting (XSS) vulnerabilities in the Authoritative DNS - DNS Zones page in Barracuda Link Balancer 330 Firmware 1.3.2.005 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) zoneid or (2) scope parameter.

CWE-79 Aug 23, 2012

CVE-2011-5108 1 PoC Analysis EPSS 0.03

Adaptcms - XSS

Cross-site scripting (XSS) vulnerability in config.php in AdaptCMS 2.0.0 and 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Aug 23, 2012

CVE-2011-5107 1 PoC Analysis NUCLEI EPSS 0.02

Wordpress Alert Before You Post < 0.1.1 - XSS

Cross-site scripting (XSS) vulnerability in post_alert.php in Alert Before Your Post plugin, possibly 0.1.1 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the name parameter.

CWE-79 Aug 23, 2012

CVE-2011-5106 1 PoC Analysis NUCLEI EPSS 0.02

Fractalia Flexible Custom Post Type - XSS

Cross-site scripting (XSS) vulnerability in edit-post.php in the Flexible Custom Post Type plugin before 0.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter.

CWE-79 Aug 23, 2012

CVE-2011-5105 1 PoC Analysis EPSS 0.01

Zohocorp Manageengine Adselfservice Plus - XSS

Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in ZOHO ManageEngine ADSelfService Plus 4.5 Build 4521 allow remote attackers to inject arbitrary web script or HTML via the (1) searchType and (2) searchString parameters, a different vulnerability than CVE-2010-3274.

CWE-79 Aug 23, 2012

CVE-2011-5104 EPSS 0.00

Getshopped WP E-commerce < 3.8.7.1 - XSS

Cross-site scripting (XSS) vulnerability in wpsc-admin/display-sales-logs.php in WP e-Commerce plugin 3.8.7.1 and possibly earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the custom_text parameter. NOTE: some of these details are obtained from third party information.

CWE-79 Aug 23, 2012

CVE-2012-2582 1 PoC Analysis EPSS 0.03

OTRS Help Desk <2.4.13, OTRS ITSM <3.0.15 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.13, 3.0.x before 3.0.15, and 3.1.x before 3.1.9, and OTRS ITSM 2.1.x before 2.1.5, 3.0.x before 3.0.6, and 3.1.x before 3.1.6, allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element or (2) UTF-7 text in an HTTP-EQUIV="CONTENT-TYPE" META element.

CWE-79 Aug 23, 2012

CVE-2012-2687 EPSS 0.08

Apache HTTP Server <2.4.3 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.

CWE-79 Aug 22, 2012

CVE-2012-4597 EPSS 0.00

McAfee EWS <5.6.3-7.0.1 - XSS

Cross-site scripting (XSS) vulnerability in McAfee Email and Web Security (EWS) 5.5 through Patch 6 and 5.6 through Patch 3, and McAfee Email Gateway (MEG) 7.0.0 and 7.0.1, allows remote attackers to inject arbitrary web script or HTML via vectors related to the McAfee Security Appliance Management Console/Dashboard.

CWE-79 Aug 22, 2012

CVE-2012-4590 EPSS 0.00

McAfee EMM <10.0 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in About.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 might allow remote attackers to inject arbitrary web script or HTML via the (1) User Agent or (2) Connection variable.

CWE-79 Aug 22, 2012

CVE-2012-4580 EPSS 0.00

McAfee EWS <5.5.6 & MEG <7.0.1 - XSS

Cross-site scripting (XSS) vulnerability in McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 before Patch 3, and McAfee Email Gateway (MEG) 7.0 before Patch 1, allows remote attackers to inject arbitrary web script or HTML via vectors related to the McAfee Security Appliance Management Console/Dashboard.

CWE-79 Aug 22, 2012

CVE-2012-4579 EPSS 0.00

phpMyAdmin 3.5.x <3.5.2.2 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via a Table Operations (1) TRUNCATE or (2) DROP link for a crafted table name, (3) the Add Trigger popup within a Triggers page that references crafted table names, (4) an invalid trigger-creation attempt for a crafted table name, (5) crafted data in a table, or (6) a crafted tooltip label name during GIS data visualization, a different issue than CVE-2012-4345.

CWE-79 Aug 21, 2012

CVE-2012-4345 EPSS 0.00

Phpmyadmin < 3.4.11.1 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in the Database Structure page in phpMyAdmin 3.4.x before 3.4.11.1 and 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) a crafted table name during table creation, or a (2) Empty link or (3) Drop link for a crafted table name.

CWE-79 Aug 21, 2012

CVE-2012-3302 EPSS 0.00

IBM Lotus Domino <8.5.4 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Domino 7.x and 8.x before 8.5.4 allow remote attackers to inject arbitrary web script or HTML via (1) a URL accessed during use of the Mail template in the WebMail UI or (2) a URL accessed during use of Domino Help through the Domino HTTP server.

CWE-79 Aug 21, 2012

CVE-2012-3293 EPSS 0.00

IBM WebSphere Application Server <8.5.0.1 - XSS

Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.4, and 8.5.x before 8.5.0.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving FRAME elements, related to a cross-frame scripting (XFS) issue.

CWE-79 Aug 21, 2012

Investigate

Ecosystems

Reference Indexes

Recent Blog Posts

CVEForge Labs

KEV Gaps