Exploit Intelligence Platform – 370K+ CVEs, Ranked Exploits & EPSS Scores

CVE-2011-4511 EPSS 0.00

Siemens Wincc Flexible < v11 - XSS

Cross-site scripting (XSS) vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4510.

CWE-79 Feb 03, 2012

CVE-2011-4510 EPSS 0.00

Siemens Wincc Flexible < v11 - XSS

Cross-site scripting (XSS) vulnerability in the HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and 2008 before SP3; WinCC V11 (aka TIA portal) before SP2 Update 1; the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flexible Runtime allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4511.

CWE-79 Feb 03, 2012

CVE-2012-0979 EPSS 0.00

TWiki - XSS

Cross-site scripting (XSS) vulnerability in TWiki allows remote attackers to inject arbitrary web script or HTML via the organization field in a profile, involving (1) registration or (2) editing of the user.

CWE-79 Feb 02, 2012

CVE-2012-0976 EPSS 0.00

SilverStripe 2.4.6 - XSS

Cross-site scripting (XSS) vulnerability in admin/EditForm in SilverStripe 2.4.6 allows remote authenticated users with Content Authors privileges to inject arbitrary web script or HTML via the Title parameter. NOTE: some of these details are obtained from third party information.

CWE-79 Feb 02, 2012

CVE-2012-0975 EPSS 0.00

Image Hosting Script DPI <1.3 - XSS

Cross-site scripting (XSS) vulnerability in misc.php in Image Hosting Script DPI 1.0, 1.3, and earlier allows remote attackers to inject arbitrary web script or HTML via the showseries parameter.

CWE-79 Feb 02, 2012

CVE-2012-0446 EPSS 0.00

Mozilla Firefox <9.0 - Mozilla Firefox <9.0 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to inject arbitrary web script or HTML via a (1) web page or (2) Firefox extension, related to improper enforcement of XPConnect security restrictions for frame scripts that call untrusted objects.

CWE-79 Feb 01, 2012

CVE-2012-0782 1 PoC Analysis EPSS 0.01

WordPress <3.3.1 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dbhost, (2) dbname, or (3) uname parameter. NOTE: the vendor disputes the significance of this issue; also, it is unclear whether this specific XSS scenario has security relevance

CWE-79 Jan 30, 2012

CVE-2011-5073 1 PoC Analysis EPSS 0.00

Sitracker Support Incident Tracker < 3.64 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Support Incident Tracker (aka SiT!) before 3.65 allow remote attackers to inject arbitrary web script or HTML via the (1) mode parameter to contact_support.php; (2) contractid parameter to contract_add_service.php; (3) user parameter to edit_backup_users.php; (4) id parameter to edit_escalation_path.php; the Referer to (5) forgotpwd.php, (6) an approvalpage action to billable_incidents.php, or (7) transactions.php; (8) action parameter to inbox.php; (9) search_string parameter in a findcontact action to incident_add.php; table1 parameter to (10) report_customers.php, (11) report_incidents_by_engineer.php, (12) report_incidents_by_site.php, or (13) report_marketing.php; or the (14) startdate or (15) enddate parameter to report_incidents_by_vendor.php.

CWE-79 Jan 29, 2012

CVE-2012-0936 EPSS 0.00

OpenNMS <1.8.17-1.10.1 - XSS

Cross-site scripting (XSS) vulnerability in web/springframework/security/SecurityAuthenticationEventOnmsEventBuilder.java in OpenNMS 1.8.x before 1.8.17, 1.9.93 and earlier, and 1.10.x before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via the Username field, related to login.

CWE-79 Jan 29, 2012

CVE-2012-0933 1 PoC Analysis EPSS 0.02

Acidcat CMS <3.5.6 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Acidcat CMS 3.5.1, 3.5.2, 3.5.6, and possibly earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin_colors.asp, (2) admin_config.asp, and (3) admin_cat_add.asp in admin/.

CWE-79 Jan 29, 2012

CVE-2012-0932 1 PoC Analysis EPSS 0.04

Lead Capture Page System - XSS

Cross-site scripting (XSS) vulnerability in admin/login.php in Lead Capture Page System allows remote attackers to inject arbitrary web script or HTML via the message parameter.

CWE-79 Jan 29, 2012

CVE-2011-5070 EPSS 0.01

Sitracker Support Incident Tracker - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Support Incident Tracker (aka SiT!) 3.65 allow remote attackers to inject arbitrary web script or HTML via (1) the file name to incident_attachments.php; (2) unspecified vectors in link_add.php, possibly involving origref, linkref, linktype parameters, which are not properly handled in the clean_int function in lib/base.inc.php, or the redirect parameter, which is not properly handled in the html_redirect function in lib/html.inc.php; and (3) unspecified vectors in translate.php.

CWE-79 Jan 29, 2012

CVE-2011-3830 EPSS 0.00

Support Incident Tracker 3.65 - XSS

Cross-site scripting (XSS) vulnerability in search.php in Support Incident Tracker (aka SiT!) 3.65 allows remote attackers to inject arbitrary web script or HTML via the search_string parameter.

CWE-79 Jan 29, 2012

CVE-2012-0930 6.1 MEDIUM EPSS 0.01

Schneider Electric Modicon Quantum PLC - XSS

Cross-site scripting (XSS) vulnerability in Schneider Electric Modicon Quantum PLC allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Jan 28, 2012

CVE-2012-0312 EPSS 0.00

osCommerce <R9-2.3.1 - XSS

Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J before R9, and osCommerce Online Merchant before 2.3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Jan 26, 2012

CVE-2012-0311 EPSS 0.00

osCommerce 2.2MS1J - XSS

Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J before R9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Jan 26, 2012

CVE-2011-1940 EPSS 0.00

phpMyAdmin <3.3.10.1-3.4.1 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.3.x before 3.3.10.1 and 3.4.x before 3.4.1 allow remote attackers to inject arbitrary web script or HTML via a crafted table name that triggers improper HTML rendering on a Tracking page, related to (1) libraries/tbl_links.inc.php and (2) tbl_tracking.php.

CWE-79 Jan 26, 2012

CVE-2012-0919 EPSS 0.00

Hitachi IT Operations Director <3.00.06 - XSS

Cross-site scripting (XSS) vulnerability in Hitachi IT Operations Director 02-50-01 through 02-50-07, 03-00 through 03-00-04, and possibly other versions before 03-00-06, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Jan 24, 2012

CVE-2012-0917 EPSS 0.00

Hitachi IT Operations Analyzer - XSS

Cross-site scripting (XSS) vulnerability in Hitachi IT Operations Analyzer 02-01, 02-51 through 02-51-01, and 02-53 through 02-53-02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Jan 24, 2012

CVE-2012-0914 EPSS 0.01

Drupal <6.x-3.10, <7.x-3.0 - XSS

Cross-site scripting (XSS) vulnerability in display_renderers/panels_renderer_editor.class.php in the admin view in the Panels module 6.x-2.x before 6.x-3.10 and 7.x-3.x before 7.x-3.0 for Drupal allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the Region title.

CWE-79 Jan 24, 2012

CVE & Exploit Intelligence Database

Investigate

Ecosystems

Reference Indexes

Recent Blog Posts

CVEForge Labs

KEV Gaps