Exploit Intelligence Platform – 370K+ CVEs, Ranked Exploits & EPSS Scores

CVE-2011-2463 EPSS 0.01

Adobe Coldfusion - XSS

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving the cfform tag.

CWE-79 Dec 14, 2011

CVE-2011-4814 1 PoC Analysis EPSS 0.05

Dolibarr Erp/crm < 3.1.0 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 3.1.0 RC and probably earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) admin/boxes.php, (3) comm/clients.php, (4) commande/index.php; and the optioncss parameter to (5) admin/ihm.php and (6) user/home.php.

CWE-79 Dec 14, 2011

CVE-2011-4812 1 PoC Analysis EPSS 0.00

BST Bestshoppro - XSS

Cross-site scripting (XSS) vulnerability in nowosci.php in BestShopPro allows remote attackers to inject arbitrary web script or HTML via the str parameter.

CWE-79 Dec 14, 2011

CVE-2011-4809 1 PoC Analysis EPSS 0.00

Joomlaextensions Com Hmcommunity < 1.0 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in the HM Community (com_hmcommunity) component before 1.01 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) language[], (2) university[], (3) persent[], (4) company_name[], (5) designation[], (6) music[], (7) books[], (8) movies[], (9) games[], (10) syp[], (11) ft[], and (12) fa[] parameters in a save task for a profile to index.php. NOTE: some of these details are obtained from third party information.

CWE-79 Dec 14, 2011

CVE-2011-4806 1 PoC Analysis EPSS 0.00

Phpalbum < 0.4.1.16 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in main.php in phpAlbum 0.4.1.16 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) var1 and (2) keyword parameters.

CWE-79 Dec 14, 2011

CVE-2011-4805 EPSS 0.00

SAP Crystal Reports Server - XSS

Cross-site scripting (XSS) vulnerability in pubDBLogon.jsp in SAP Crystal Report Server 2008 allows remote attackers to inject arbitrary web script or HTML via the service parameter.

CWE-79 Dec 14, 2011

CVE-2011-1992 EPSS 0.18

Microsoft Internet Explorer 8 - XSS

The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to read content from a different (1) domain or (2) zone via a "trial and error" attack, aka "XSS Filter Information Disclosure Vulnerability."

CWE-79 Dec 14, 2011

CVE-2011-4346 EPSS 0.00

Red Hat Network Satellite 5.4.1 - XSS

Cross-site scripting (XSS) vulnerability in the web interface in Red Hat Network (RHN) Satellite 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via the Description field of the asset tag in a Custom Info page.

CWE-79 Dec 10, 2011

CVE-2011-4709 1 PoC Analysis EPSS 0.08

Hotaru Search Plugin - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Hotaru.php in the Search plugin 1.3 for Hotaru CMS allow remote attackers to inject arbitrary web script or HTML via the (1) SITE_NAME parameter to admin_index.php, or the (2) return and (3) search parameters to index.php. NOTE: some of these details are obtained from third party information.

CWE-79 Dec 08, 2011

CVE-2011-4708 EPSS 0.00

IBM Rational Asset Manager < 7.5.0.2 - XSS

Cross-site scripting (XSS) vulnerability in IBM Rational Asset Manager before 7.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Dec 08, 2011

CVE-2011-4707 EPSS 0.00

SAP Netweaver - XSS

Multiple cross-site scripting (XSS) vulnerabilities in the Virus Scan Interface in SAP Netweaver allow remote attackers to inject arbitrary web script or HTML via the (1) instname parameter to the VsiTestScan servlet and (2) name parameter to the VsiTestServlet servlet.

CWE-79 Dec 08, 2011

CVE-2011-4265 EPSS 0.00

phpWebSite <1.0.0 - XSS

Cross-site scripting (XSS) vulnerability in phpWebSite before 1.0.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Dec 08, 2011

CVE-2011-4264 EPSS 0.00

Etomite <1.1 - XSS

Cross-site scripting (XSS) vulnerability in Etomite before 1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Dec 08, 2011

CVE-2011-4054 EPSS 0.01

CA SiteMinder <R6 SP6, R12 SP3 - XSS

Cross-site scripting (XSS) vulnerability in login.fcc in CA SiteMinder R6 SP6 before CR7 and R12 SP3 before CR8 allows remote attackers to inject arbitrary web script or HTML via the postpreservationdata parameter.

CWE-79 Dec 08, 2011

CVE-2011-4680 EPSS 0.00

Vtiger Crm < 5.1.0 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in the customer portal in vtiger CRM before 5.2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Dec 07, 2011

CVE-2011-4263 EPSS 0.00

Schneider Electric PowerChute <8.5 - XSS

Cross-site scripting (XSS) vulnerability in Schneider Electric PowerChute Business Edition before 8.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Dec 07, 2011

CVE-2011-4552 EPSS 0.00

Oneclickorgs One Click Orgs < 1.2.2 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in One Click Orgs before 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the description field of (1) a new vote or (2) the eject member proposal feature.

CWE-79 Dec 06, 2011

CVE-2011-4670 2 PoCs Analysis EPSS 0.36

Vtiger Crm < 5.2.1 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 5.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) viewname parameter in a CalendarAjax action, (2) activity_mode parameter in a DetailView action, (3) contact_id and (4) parent_id parameters in an EditView action, (5) day, (6) month, (7) subtab, (8) view, and (9) viewOption parameters in the index action, and (10) start parameter in the ListView action to the Calendar module; (11) return_action and (12) return_module parameters in the EditView action, and (13) query parameter in an index action to the Campaigns module; (14) return_url and (15) workflow_id parameters in an editworkflow action to the com_vtiger_workflow module; (16) display_view parameter in an index action to the Dashboard module; (17) closingdate_end, (18) closingdate_start, (19) date_closed, (20) owner, (21) leadsource, (22) sales_stage, and (23) type parameters in a ListView action to the Potentials module; (24) folderid parameter in a SaveandRun action to the Reports module; (25) returnaction and (26) groupId parameters in a createnewgroup action, (27) mode and (28) parent parameters in a createrole action, (29) src_module in a ModuleManager action, (30) mode and (31) profile_id parameters in a profilePrivileges action, and (32) roleid parameter in a RoleDetailView to the Settings module; and (33) action parameter to the Home module and (34) module parameter to phprint.php.

CWE-79 Dec 02, 2011

CVE-2011-4035 EPSS 0.02

Schneider Electric Vijeo Historian <4.30 - XSS

Cross-site scripting (XSS) vulnerability in Schneider Electric Vijeo Historian 4.30 and earlier, CitectHistorian 4.30 and earlier, and CitectSCADAReports 4.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Dec 02, 2011

CVE-2011-4544 4 PoCs Analysis EPSS 0.02

Prestashop < 1.4.0.6 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Prestashop before 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) address or (2) relativ_base_dir parameter to modules/mondialrelay/googlemap.php; the (3) relativ_base_dir, (4) Pays, (5) Ville, (6) CP, (7) Poids, (8) Action, or (9) num parameter to prestashop/modules/mondialrelay/googlemap.php; (10) the num_mode parameter to modules/mondialrelay/kit_mondialrelay/RechercheDetailPointRelais_ajax.php; (11) the Expedition parameter to modules/mondialrelay/kit_mondialrelay/SuiviExpedition_ajax.php; or the (12) folder or (13) name parameter to admin/ajaxfilemanager/ajax_save_text.php.

CWE-79 Dec 01, 2011

CVE & Exploit Intelligence Database

Investigate

Ecosystems

Reference Indexes

Recent Blog Posts

CVEForge Labs

KEV Gaps