Exploit Intelligence Platform – 370K+ CVEs, Ranked Exploits & EPSS Scores

CVE-2011-3857 EPSS 0.00

WordPress Antisnews <1.10 - XSS

Cross-site scripting (XSS) vulnerability in the Antisnews theme before 1.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.

CWE-79 Sep 28, 2011

CVE-2011-3856 1 PoC Analysis EPSS 0.00

WordPress Elegant Grunge <1.0.4 - XSS

Cross-site scripting (XSS) vulnerability in the Elegant Grunge theme before 1.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.

CWE-79 Sep 28, 2011

CVE-2011-3855 1 PoC Analysis EPSS 0.00

WordPress F8 Lite <4.2.2 - XSS

Cross-site scripting (XSS) vulnerability in the F8 Lite theme before 4.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.

CWE-79 Sep 28, 2011

CVE-2011-3854 EPSS 0.00

ZenLite <4.4 - XSS

Cross-site scripting (XSS) vulnerability in the ZenLite theme before 4.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.

CWE-79 Sep 28, 2011

CVE-2011-3853 EPSS 0.00

WordPress Hybrid <0.10 - XSS

Cross-site scripting (XSS) vulnerability in the Hybrid theme before 0.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter.

CWE-79 Sep 28, 2011

CVE-2011-3852 1 PoC Analysis EPSS 0.00

WordPress EvoLve <1.2.6 - XSS

Cross-site scripting (XSS) vulnerability in the EvoLve theme before 1.2.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.

CWE-79 Sep 28, 2011

CVE-2011-3851 EPSS 0.00

WordPress News <0.2 - XSS

Cross-site scripting (XSS) vulnerability in the News theme before 0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter.

CWE-79 Sep 28, 2011

CVE-2011-3850 1 PoC Analysis EPSS 0.01

Atahualpa <3.6.8 - XSS

Cross-site scripting (XSS) vulnerability in the Atahualpa theme before 3.6.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.

CWE-79 Sep 28, 2011

CVE-2011-3689 EPSS 0.00

Wibu-Systems CodeMeter WebAdmin <4.30 - XSS

Cross-site scripting (XSS) vulnerability in Licenses.html in Wibu-Systems CodeMeter WebAdmin 3.30 and 4.30 allows remote attackers to inject arbitrary web script or HTML via the BoxSerial parameter.

CWE-79 Sep 27, 2011

CVE-2011-3687 EPSS 0.00

Sonexis ConferenceManager 9.2.11.0 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Sonexis ConferenceManager 9.2.11.0 allow remote attackers to inject arbitrary web script or HTML via (1) the txtConferenceID parameter to HostLogin.asp, (2) the txtConferenceID parameter to ParticipantLogin.asp, (3) the acp parameter to ForgotPIN.asp, or the (4) Description, (5) title, or (6) Heading parameter to Error.asp.

CWE-79 Sep 27, 2011

CVE-2011-3686 EPSS 0.00

Sonexis ConferenceManager 9.2.11.0-9.3.14.0 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in myAddressBook.asp in Sonexis ConferenceManager 9.2.11.0 and 9.3.14.0 allow remote attackers to inject arbitrary web script or HTML via the (1) fname, (2) lname, (3) email_edit, (4) email, (5) email2, (6) email3, (7) sms, (8) sms_id, or (9) work parameter.

CWE-79 Sep 27, 2011

CVE-2011-3684 EPSS 0.00

Tembria Server Monitor <6.0.5 Build 2252 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Tembria Server Monitor before 6.0.5 Build 2252 allow remote attackers to inject arbitrary web script or HTML via (1) the siteid parameter to logbook.asp, (2) the siteid parameter to monitor-events.asp, (3) the siteid parameter to reports-config-by-device.asp, (4) the siteid parameter to reports-config-by-monitor.asp, (5) the siteid parameter to reports-monitoring-queue.asp, (6) the action parameter to site-list.asp, the (7) siteid or (8) type parameter to event-history.asp, the (9) siteid or (10) type parameter to admin-history.asp, the (11) siteid or (12) id parameter to dashboard-view.asp, the (13) siteid or (14) dn parameter to device-events.asp, the (15) siteid or (16) submit parameter to device-finder.asp, the (17) siteid or (18) dn parameter to device-monitors.asp, the (19) siteid or (20) type parameter to device-views.asp, the (21) siteid or (22) type parameter to monitor-views.asp, the (23) siteid or (24) sel parameter to reports-list.asp, the (25) siteid, (26) action, or (27) sel parameter to monitor-list.asp, or the (28) siteid, (29) action, or (30) sel parameter to device-list.asp.

CWE-79 Sep 27, 2011

CVE-2010-4841 EPSS 0.00

ManageEngine EventLog Analyzer 6.1 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine EventLog Analyzer 6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) HOST_ID, (2) OS, (3) GROUP, (4) exportFile, (5) load, (6) type, or (7) tab parameter to INDEX.do, the (8) reported parameter to INDEX2.do, the (9) gId parameter to hostlist.do, the (10) newWindow parameter to globalSettings.do, or the (11) STATUS parameter to enableHost.do. Fixed in Build 9000.

CWE-79 Sep 27, 2011

CVE-2010-4852 1 PoC Analysis EPSS 0.02

Eclime 1.1.2b - XSS

Cross-site scripting (XSS) vulnerability in login.php in Eclime 1.1.2b allows remote attackers to inject arbitrary web script or HTML via the reason parameter in a fail action.

CWE-79 Sep 27, 2011

CVE-2010-4850 1 PoC Analysis EPSS 0.05

Diferior 8.03 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Diferior 8.03 allow remote attackers to inject arbitrary web script or HTML via the (1) post_content parameter to post/edit/2/p1.html, related to views/post.php; the (2) slogan parameter to admin/site/2.html, related to views/admin.php; or the (3) subcatname or (4) description parameter to admin/forum/create_sub.html, related to views/admin.php.

CWE-79 Sep 27, 2011

CVE-2010-4848 EPSS 0.00

AXScripts AxsLinks 0.3 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in addlink.php in AXScripts AxsLinks 0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) url or (2) title parameter.

CWE-79 Sep 27, 2011

CVE-2011-2544 1 PoC Analysis EPSS 0.04

Cisco Telepresence System 1000 Mxp < f9.1 - XSS

Cross-site scripting (XSS) vulnerability in the web interface in Cisco TelePresence System MXP Series F9.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a crafted Call ID, as demonstrated by resultant cross-site request forgery (CSRF) attacks that change passwords or cause a denial of service, aka Bug ID CSCtq46488.

CWE-79 Sep 23, 2011

CVE-2011-2444 EXPLOITED EPSS 0.01

Adobe Flash Player < 10.3.183.7 - XSS

Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to a "universal cross-site scripting issue," as exploited in the wild in September 2011.

CWE-79 Sep 22, 2011

CVE-2011-3578 EPSS 0.01

MantisBT <1.2.8 - XSS

Cross-site scripting (XSS) vulnerability in bug_actiongroup_ext_page.php in MantisBT before 1.2.8 allows remote attackers to inject arbitrary web script or HTML via the action parameter, related to bug_actiongroup_page.php, a different vulnerability than CVE-2011-3357.

CWE-79 Sep 21, 2011

CVE-2011-3358 EPSS 0.01

Mantisbt < 1.2.7 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before 1.2.8 allow remote attackers to inject arbitrary web script or HTML via the (1) os, (2) os_build, or (3) platform parameter to (a) bug_report_page.php or (b) bug_update_advanced_page.php, related to use of the Projax library.

CWE-79 Sep 21, 2011

CVE & Exploit Intelligence Database

Investigate

Ecosystems

Reference Indexes

Recent Blog Posts

CVEForge Labs

KEV Gaps