CVE & Exploit Intelligence Database

Updated 3h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

338,933 CVEs tracked 53,338 with exploits 4,743 exploited in wild 1,546 CISA KEV 3,941 Nuclei templates 49,062 vendors 42,736 researchers

42,532 results Clear all

CVE-2012-0477 EPSS 0.01

Mozilla Firefox <11 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to inject arbitrary web script or HTML via the (1) ISO-2022-KR or (2) ISO-2022-CN character set.

CWE-79 Apr 25, 2012

CVE-2012-0474 EPSS 0.01

Mozilla Firefox <11.0 - XSS

Cross-site scripting (XSS) vulnerability in the docshell implementation in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script or HTML via vectors related to short-circuited page loads, aka "Universal XSS (UXSS)."

CWE-79 Apr 25, 2012

CVE-2012-0471 EPSS 0.01

Mozilla Firefox <12 - XSS

Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allows remote attackers to inject arbitrary web script or HTML via a multibyte character set.

CWE-79 Apr 25, 2012

CVE-2012-1575 EPSS 0.01

Trevor Mckay Cumin < r5237 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Cumin before r5238 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) widgets or (2) pages.

CWE-79 Apr 22, 2012

CVE-2012-1113 EPSS 0.01

Gallery 2 <2.3.2, Gallery 3 <3.0.3 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in the administration subsystem in Gallery 2 before 2.3.2 and 3 before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Apr 22, 2012

CVE-2012-0740 EPSS 0.00

IBM Tivoli Directory Server <6.2.0.22, <6.3.0.11 - XSS

Cross-site scripting (XSS) vulnerability in the Web Admin Tool in IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.22 and 6.3 before 6.3.0.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Apr 22, 2012

CVE-2012-2234 1 PoC Analysis EPSS 0.03

Teampass < 2.1.5 - XSS

Cross-site scripting (XSS) vulnerability in sources/users.queries.php in TeamPass before 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the login parameter in an add_new_user action.

CWE-79 Apr 22, 2012

CVE-2012-2404 EPSS 0.02

WordPress <3.3.2 - XSS

wp-comments-post.php in WordPress before 3.3.2 supports offsite redirects, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.

CWE-79 Apr 21, 2012

CVE-2012-2403 EPSS 0.03

WordPress <3.3.2 - XSS

wp-includes/formatting.php in WordPress before 3.3.2 attempts to enable clickable links inside attributes, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.

CWE-79 Apr 21, 2012

CVE-2012-2398 EPSS 0.00

ownCloud <3.0.3 - XSS

Cross-site scripting (XSS) vulnerability in files/ajax/download.php in ownCloud before 3.0.3 allows remote attackers to inject arbitrary web script or HTML via the files parameter, a different vulnerability than CVE-2012-2269.4.

CWE-79 Apr 20, 2012

CVE-2012-2269 EPSS 0.01

Owncloud < 3.0.2 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary field to apps/contacts/ajax/addcard.php, (2) the parameter parameter to apps/contacts/ajax/addproperty.php, (3) the name parameter to apps/contacts/ajax/createaddressbook, (4) the file parameter to files/download.php, or the (5) name, (6) user, or (7) redirect_url parameter to files/index.php.

CWE-79 Apr 20, 2012

CVE-2012-0253 EPSS 0.02

Demand Media Pluck SiteLife <5.0.13 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Demand Media Pluck SiteLife before 5.0.13 allow remote attackers to inject arbitrary web script or HTML via (1) the jsonRequest parameter to Direct/Process, the (2) r or (3) cb parameter to Direct/jsonp.htm, or (4) the cb parameter to sys/jsonp.app/.htm.

CWE-79 Apr 18, 2012

CVE-2012-1979 1 PoC Analysis EPSS 0.01

Syndeocms < 3.0.01 - XSS

Cross-site scripting (XSS) vulnerability in starnet/index.php in SyndeoCMS 3.0.01 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the email parameter (aka Email address field) in an edit_user configuration action.

CWE-79 Apr 17, 2012

CVE-2012-1984 EPSS 0.00

Realnetworks Helix Server - XSS

Multiple cross-site scripting (XSS) vulnerabilities in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Apr 17, 2012

CVE-2012-1240 EPSS 0.00

Recruit Dokodemo Rikunabi 2013 < 1.0.0 - XSS

Cross-site scripting (XSS) vulnerability in the RECRUIT Dokodemo Rikunabi 2013 extension before 1.0.1 for Google Chrome allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Apr 16, 2012

CVE-2012-1807 EPSS 0.00

Koyo H0-ecom - XSS

Cross-site scripting (XSS) vulnerability in the web server in the ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and H4-ECOM100 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Apr 13, 2012

CVE-2012-2156 1 PoC Analysis EPSS 0.02

Plume-cms Plume Cms < 1.2.4 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Plume CMS 1.2.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the u_email parameter (aka Authors Email field) to manager/users.php, (2) the u_realname parameter (aka Authors Name field) to manager/users.php, or (3) the c_author parameter (aka Author field) in an ADD A COMMENT section.

CWE-79 Apr 11, 2012

CVE-2012-1992 EPSS 0.00

Cmsmadesimple Cms Made Simple < 1.10.3 - XSS

Cross-site scripting (XSS) vulnerability in admin/edituser.php in CMS Made Simple 1.10.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the email parameter (aka the Email Address field in the Edit User template).

CWE-79 Apr 11, 2012

CVE-2012-1036 EPSS 0.00

DotNetNuke <5.6.4, <6.1.0 - XSS

Cross-site scripting (XSS) vulnerability in the telerik HTML editor in DotNetNuke before 5.6.4 and 6.x before 6.1.0 allows remote attackers to inject arbitrary web script or HTML via a message.

CWE-79 Apr 11, 2012

CVE-2012-1030 EPSS 0.00

DotNetNuke 6.x-6.0.2 - XSS

Cross-site scripting (XSS) vulnerability in DotNetNuke 6.x through 6.0.2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted URL containing text that is used within a modal popup.

CWE-79 Apr 11, 2012