Exploit Intelligence Platform – 370K+ CVEs, Ranked Exploits & EPSS Scores

CVE-2011-4312 EPSS 0.01

Review Board <1.5.7, <1.6.3 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in the commenting system in Review Board before 1.5.7 and 1.6.x before 1.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) diff viewer or (2) screenshot component.

CWE-79 Nov 24, 2011

CVE-2011-4332 EPSS 0.00

Joomla! <1.6.3 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.6.3 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Nov 23, 2011

CVE-2010-5054 EPSS 0.00

JAMWiki <0.8.4 - XSS

Cross-site scripting (XSS) vulnerability in Special:Login in JAMWiki before 0.8.4 allows remote attackers to inject arbitrary web script or HTML via the message parameter.

CWE-79 Nov 23, 2011

CVE-2010-5052 1 PoC Analysis EPSS 0.00

GetSimple CMS 2.01 - XSS

Cross-site scripting (XSS) vulnerability in admin/components.php in GetSimple CMS 2.01 allows remote attackers to inject arbitrary web script or HTML via the val[] parameter.

CWE-79 Nov 23, 2011

CVE-2010-5051 1 PoC Analysis EPSS 0.00

RazorCMS 1.0 - XSS

Cross-site scripting (XSS) vulnerability in admin/core/admin_func.php in razorCMS 1.0 stable allows remote attackers to inject arbitrary web script or HTML via the content parameter in an edit action to admin/index.php.

CWE-79 Nov 23, 2011

CVE-2010-5050 EPSS 0.00

ManageEngine ADManager Plus 4.4.0 - XSS

Cross-site scripting (XSS) vulnerability in jsp/admin/tools/remote_share.jsp in ManageEngine ADManager Plus 4.4.0 allows remote attackers to inject arbitrary web script or HTML via the computerName parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CWE-79 Nov 23, 2011

CVE-2010-5048 1 PoC Analysis EPSS 0.04

JoomlaTune JComments <2.1.0.0 - XSS

Cross-site scripting (XSS) vulnerability in admin.jcomments.php in the JoomlaTune JComments (com_jcomments) component 2.1.0.0 for Joomla! allows remote authenticated users to inject arbitrary web script or HTML via the name parameter to index.php.

CWE-79 Nov 23, 2011

CVE-2010-5046 1 PoC Analysis EPSS 0.06

ecoCMS - XSS

Cross-site scripting (XSS) vulnerability in admin.php in ecoCMS allows remote attackers to inject arbitrary web script or HTML via the p parameter.

CWE-79 Nov 23, 2011

CVE-2011-4465 EPSS 0.00

IBM Lotus Mobile Connect - XSS

Cross-site scripting (XSS) vulnerability in IBM Lotus Mobile Connect (LMC) 6.1.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to a hidden redirect URL.

CWE-79 Nov 19, 2011

CVE-2011-2770 EPSS 0.00

Robert Luberda Man2html - XSS

Cross-site scripting (XSS) vulnerability in man2html.cgi.c in man2html 1.6, and possibly other version, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to error messages.

CWE-79 Nov 17, 2011

CVE-2011-4156 EPSS 0.02

HP Network Node Manager i <9.1x - XSS

Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 9.0x and 9.1x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4155.

CWE-79 Nov 16, 2011

CVE-2011-4155 EPSS 0.02

HP Network Node Manager i <9.1x - XSS

Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 9.0x and 9.1x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4156.

CWE-79 Nov 16, 2011

CVE-2011-2771 EPSS 0.00

Mahara < 1.4.0 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Mahara before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) URI attributes and (2) the External Feed component, as demonstrated by the guid element in an RSS feed.

CWE-79 Nov 15, 2011

CVE-2011-4436 EPSS 0.01

Dell Kace K2000 Systems Deployment Appliance - XSS

Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface on the Dell KACE K2000 System Deployment Appliance allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Nov 12, 2011

CVE-2011-3985 EPSS 0.00

Plume <1.2.3 - XSS

Cross-site scripting (XSS) vulnerability in Plume before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Nov 09, 2011

CVE-2011-3999 EPSS 0.00

Iwate Portal Bar - XSS

Cross-site scripting (XSS) vulnerability in the RSS/Atom feed-reader implementation in Iwate Portal Bar allows remote attackers to inject arbitrary web script or HTML via a crafted feed.

CWE-79 Nov 09, 2011

CVE-2011-3998 EPSS 0.00

Apple WebObjects <5.2 - XSS

Cross-site scripting (XSS) vulnerability in Apple WebObjects 5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Nov 09, 2011

CVE-2011-3648 EPSS 0.00

Mozilla Firefox <3.6.24, 4.x-7.0 & Thunderbird <3.1.6, 5.0-7.0 - XSS

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 allows remote attackers to inject arbitrary web script or HTML via crafted text with Shift JIS encoding.

CWE-79 Nov 09, 2011

CVE-2011-4277 EPSS 0.01

CourseForum ProjectForum 7.0.1.3038 - XSS

Cross-site scripting (XSS) vulnerability in CourseForum ProjectForum 7.0.1.3038 allows remote attackers to inject arbitrary web script or HTML via a crafted name of an object within a more object on a wiki page.

CWE-79 Nov 03, 2011

CVE-2011-3986 EPSS 0.00

Pligg <1.2.0 - XSS

Cross-site scripting (XSS) vulnerability in Pligg before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Nov 03, 2011

CVE & Exploit Intelligence Database

Investigate

Ecosystems

Reference Indexes

Recent Blog Posts

CVEForge Labs

KEV Gaps