CVE & Exploit Intelligence Database

Updated 3h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

339,076 CVEs tracked 53,339 with exploits 4,745 exploited in wild 1,546 CISA KEV 3,941 Nuclei templates 49,076 vendors 42,752 researchers

42,546 results Clear all

CVE-2012-3389 EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in mod/lti/typessettings.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) lti_typename or (2) lti_toolurl parameter.

CWE-79 Jul 23, 2012

CVE-2009-5031 EPSS 0.01

Trustwave Modsecurity < 2.5.11 - XSS

ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks via a single quote in a request parameter in the Content-Disposition field of a request with a multipart/form-data Content-Type header.

CWE-79 Jul 22, 2012

CVE-2012-2365 EPSS 0.00

Moodle <2.0.9-2.2.3 - XSS

Cross-site scripting (XSS) vulnerability in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via the idnumber field to cohort/edit.php.

CWE-79 Jul 21, 2012

CVE-2012-2364 EPSS 0.00

Moodle <2.0.9-2.2.3 - XSS

Cross-site scripting (XSS) vulnerability in lib/filelib.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via an assignment submission with zip compression, leading to text/html rendering during a "download all" action.

CWE-79 Jul 21, 2012

CVE-2012-2362 EPSS 0.00

Moodle <1.9.18 - XSS

Cross-site scripting (XSS) vulnerability in blog/lib.php in the blog implementation in Moodle 1.9.x before 1.9.18, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via a crafted parameter to blog/index.php.

CWE-79 Jul 21, 2012

CVE-2012-2361 EPSS 0.00

Moodle <2.0.9-2.2.3 - XSS

Cross-site scripting (XSS) vulnerability in admin/webservice/forms.php in the web services implementation in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via the name field (aka the service name) to admin/webservice/service.php.

CWE-79 Jul 21, 2012

CVE-2012-2360 EPSS 0.00

Moodle <2.0.9-2.2.3 - XSS

Cross-site scripting (XSS) vulnerability in the Wiki subsystem in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted string that is inserted into a page title.

CWE-79 Jul 21, 2012

CVE-2012-2955 1 PoC Analysis EPSS 0.04

IBM Lotus Protector <2.8 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allow remote attackers to inject arbitrary web script or HTML via the query string.

CWE-79 Jul 20, 2012

CVE-2011-4591 EPSS 0.00

Cross-site scripting (XSS) vulnerability in the print_object function in lib/datalib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3, when a developer debugging script is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors involving object states.

CWE-79 Jul 20, 2012

CVE-2012-1965 EPSS 0.01

Mozilla Firefox - XSS

Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not properly establish the security context of a feed: URL, which allows remote attackers to bypass unspecified cross-site scripting (XSS) protection mechanisms via a feed:javascript: URL.

CWE-79 Jul 18, 2012

CVE-2012-1957 EPSS 0.01

Mozilla Firefox < 2.10 - XSS

An unspecified parser-utility class in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly handle EMBED elements within description elements in RSS feeds, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a feed.

CWE-79 Jul 18, 2012

CVE-2012-2021 EPSS 0.01

HP Assetmanager - XSS

Multiple cross-site scripting (XSS) vulnerabilities in HP AssetManager 5.20, 5.21, 5.22, and 9.30 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Jul 16, 2012

CVE-2011-4290 EPSS 0.00

Moodle 1.9.x <1.9.12 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in lib/weblib.php in Moodle 1.9.x before 1.9.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to URL encoding.

CWE-79 Jul 16, 2012

CVE-2011-4286 EPSS 0.00

Moodle <2.0.2 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in the media-filter implementation in filter/mediaplugin/filter.php in Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) Flash Video (aka FLV) files and (2) YouTube videos.

CWE-79 Jul 16, 2012

CVE-2011-4282 EPSS 0.00

Moodle 2.0.x <2.0.2 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in the course-tags functionality in tag/coursetags_more.php in Moodle 2.0.x before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) sort or (2) show parameter.

CWE-79 Jul 16, 2012

CVE-2011-4280 1 PoC Analysis EPSS 0.02

Spike PHPCoverage <2.0.2 - XSS

Cross-site scripting (XSS) vulnerability in the Spike PHPCoverage (aka spikephpcoverage) library, as used in Moodle 2.0.x before 2.0.2 and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Jul 16, 2012

CVE-2011-4278 EPSS 0.00

Moodle <2.0.2 - XSS

Cross-site scripting (XSS) vulnerability in the tag autocomplete functionality in Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Jul 16, 2012

CVE-2012-2278 EPSS 0.00

EMC Rsa Authentication Manager < 7.1 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in the (1) Self-Service Console and (2) Security Console in EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID Appliance 3.0 before SP4 P14 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Jul 13, 2012

CVE-2012-0283 EPSS 0.01

DokuWiki <2012-01-25b - XSS

Cross-site scripting (XSS) vulnerability in the tpl_mediaFileList function in inc/template.php in DokuWiki before 2012-01-25b allows remote attackers to inject arbitrary web script or HTML via the ns parameter in a medialist action to lib/exe/ajax.php.

CWE-79 Jul 13, 2012

CVE-2012-4000 1 PoC Analysis EPSS 0.03

Fckeditor < 2.6.7 - XSS

Cross-site scripting (XSS) vulnerability in the print_textinputs_var function in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor 2.6.7 and earlier allows remote attackers to inject arbitrary web script or HTML via textinputs array parameters.

CWE-79 Jul 12, 2012