Exploit Intelligence Platform – 370K+ CVEs, Ranked Exploits & EPSS Scores

CVE-2012-1068 EPSS 0.00

WP-RecentComments <2.0.7 - XSS

Cross-site scripting (XSS) vulnerability in the rc_ajax function in core.php in the WP-RecentComments plugin before 2.0.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter, related to AJAX paging.

CWE-79 Feb 14, 2012

CVE-2012-1066 EPSS 0.00

SmartyCMS 0.9.4 - XSS

Cross-site scripting (XSS) vulnerability in the template module in SmartyCMS 0.9.4 allows remote attackers to inject arbitrary web script or HTML via the title bar.

CWE-79 Feb 14, 2012

CVE-2011-5080 EPSS 0.00

Juergen Furrer Jftcaforms - XSS

Cross-site scripting (XSS) vulnerability in lib/class.tx_jftcaforms_tceFunc.php in the Additional TCA Forms (jftcaforms) extension before 0.2.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Feb 14, 2012

CVE-2012-1062 EPSS 0.00

ManageEngine Applications Manager <10.x - XSS

Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 9.x and 10.x allow remote attackers to inject arbitrary web script or HTML via the (1) period parameter to showHistoryData.do; (2) selectedNetwork, (3) network, or (4) group parameters to showresource.do; (5) header parameter to AlarmView.do; or (6) attName parameter to jsp/PopUp_Graph.jsp. NOTE: the Search.do/query vector is already covered by CVE-2008-1566, and the jsp/ThresholdActionConfiguration.jsp redirectto vector is already covered by CVE-2008-0474.

CWE-79 Feb 14, 2012

CVE-2012-1060 EPSS 0.00

Drupal Revisioning <6.x-3.14 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in revisioning_theme.inc in the Taxonomy module in the Revisioning module 6.x-3.13 and other versions before 6.x-3.14 for Drupal allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via the (1) tags or (2) term parameters.

CWE-79 Feb 14, 2012

CVE-2012-1059 1 PoC Analysis EPSS 0.08

OSCommerce Online Merchant 3.0.2 - XSS

Cross-site scripting (XSS) vulnerability in osCommerce/OM/Core/Site/Shop/Application/Cart/pages/main.php in OSCommerce Online Merchant 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the value_title parameter, as demonstrated using the "Front" field in the shirt module.

CWE-79 Feb 14, 2012

CVE-2012-0340 EPSS 0.00

Cisco IronPort Encryption <6.5.3 - XSS

Cross-site scripting (XSS) vulnerability in the management interface on the Cisco IronPort Encryption Appliance with software before 6.5.3 allows remote attackers to inject arbitrary web script or HTML via the header parameter to the default URI under admin/, aka bug ID 72410.

CWE-79 Feb 13, 2012

CVE-2012-1049 2 PoCs Analysis EPSS 0.06

ManageEngine ADManager Plus <5.2.5210 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ADManager Plus 5.2 Build 5210 allow remote attackers to inject arbitrary web script or HTML via the (1) domainName parameter to jsp/AddDC.jsp or (2) operation parameter to DomainConfig.do.

CWE-79 Feb 13, 2012

CVE-2012-1048 1 PoC Analysis EPSS 0.03

eFront Community++ <3.6.10 - XSS

Cross-site scripting (XSS) vulnerability in communityplusplus/www/administrator.php in eFront Community++ edition 3.6.10, and possibly other editions, allows remote attackers to inject arbitrary web script or HTML via the filter parameter.

CWE-79 Feb 12, 2012

CVE-2011-4341 1 PoC Analysis EPSS 0.02

Symphony CMS <2.2.4 - SQL Injection

Multiple SQL injection vulnerabilities in symphony/content/content.publish.php in Symphony CMS 2.2.3 and possibly other versions before 2.2.4 allow remote authenticated users with Author permissions to execute arbitrary SQL commands via the filter parameter to (1) symphony/publish/comments or (2) symphony/publish/images. NOTE: this issue can be leveraged to perform cross-site scripting (XSS) attacks via error messages. NOTE: some of these details are obtained from third party information.

CWE-79 Feb 12, 2012

CVE-2011-4340 1 PoC Analysis EPSS 0.01

Symphony CMS <2.2.4 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2.2.3 and possibly other versions before 2.2.4 allow remote authenticated users with Author privileges to inject arbitrary web script or HTML via (1) the profile parameter to extensions/profiledevkit/content/content.profile.php, as demonstrated via requests to (a) the default URI, (b) about/, or (c) drafts/; or (2) the filter parameter in symphony/lib/core/class.symphony.php, as demonstrated via requests to (d) symphony/publish/comments or (e) symphony/publish/images. NOTE: some of these details are obtained from third party information.

CWE-79 Feb 12, 2012

CVE-2012-0834 1 PoC Analysis EPSS 0.06

phpLDAPadmin <1.2.2 - XSS

Cross-site scripting (XSS) vulnerability in lib/QueryRender.php in phpLDAPadmin 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the base parameter in a query_engine action to cmd.php.

CWE-79 Feb 11, 2012

CVE-2012-1046 EPSS 0.00

IBM Cognos TM1 9.5.2 FP1 - XSS

Cross-site scripting (XSS) vulnerability in TM1 Web in IBM Cognos TM1 9.5.2 FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0696.

CWE-79 Feb 10, 2012

CVE-2011-4038 EPSS 0.02

Invensys Wonderware HMI Reports <3.42.835.0304 - XSS

Cross-site scripting (XSS) vulnerability in Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in Ocean Data Systems Dream Report before 4.0 and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

CWE-79 Feb 10, 2012

CVE-2012-1034 EPSS 0.00

EPiServer CMS <6R2 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in the admin interface in EPiServer CMS through 6R2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Feb 08, 2012

CVE-2012-1004 EPSS 0.00

Foswiki <1.1.5 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in UI/Register.pm in Foswiki before 1.1.5 allow remote authenticated users with CHANGE privileges to inject arbitrary web script or HTML via the (1) text, (2) FirstName, (3) LastName, (4) OrganisationName, (5) OrganisationUrl, (6) Profession, (7) Country, (8) State, (9) Address, (10) Location, (11) Telephone, (12) VoIP, (13) InstantMessagingIM, (14) Email, (15) HomePage, or (16) Comment parameter. NOTE: some of these details are obtained from third party information.

CWE-79 Feb 08, 2012

CVE-2012-1028 1 PoC Analysis EPSS 0.00

SimpleGroupware <0.743 - XSS

Cross-site scripting (XSS) vulnerability in bin/index.php in SimpleGroupware 0.742 and other versions before 0.743 allows remote attackers to inject arbitrary web script or HTML via the export parameter.

CWE-79 Feb 08, 2012

CVE-2012-1027 1 PoC Analysis EPSS 0.18

]project-open[ <3.5.0.2 - XSS

Cross-site scripting (XSS) vulnerability in account-closed.tcl in ]project-open[ (aka ]po[) 3.4.x, 3.5.0.1-2, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the message parameter to register/account-closed.

CWE-79 Feb 08, 2012

CVE-2012-1021 1 PoC Analysis EPSS 0.04

4images 1.7.10 - XSS

Cross-site scripting (XSS) vulnerability in admin/categories.php in 4images 1.7.10 allows remote attackers to inject arbitrary web script or HTML via the cat_parent_id parameter in an addcat action.

CWE-79 Feb 08, 2012

CVE-2012-1020 EPSS 0.00

NexorONE Online Banking - XSS

Multiple cross-site scripting (XSS) vulnerabilities in login.php in NexorONE Online Banking allow remote attackers to inject arbitrary web script or HTML via the (1) visitor_language parameter to register.php or (2) message parameter.

CWE-79 Feb 08, 2012

CVE & Exploit Intelligence Database

Investigate

Ecosystems

Reference Indexes

Recent Blog Posts

CVEForge Labs

KEV Gaps