Exploit Intelligence Platform – 370K+ CVEs, Ranked Exploits & EPSS Scores

CVE-2011-1158 EPSS 0.01

Mark Pilgrim Feedparser < 5.0.1 - XSS

Cross-site scripting (XSS) vulnerability in feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via an unexpected URI scheme, as demonstrated by a javascript: URI.

CWE-79 Apr 11, 2011

CVE-2011-1157 EPSS 0.01

Mark Pilgrim Feedparser < 5.0.1 - XSS

Cross-site scripting (XSS) vulnerability in feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via malformed XML comments.

CWE-79 Apr 11, 2011

CVE-2009-5065 1 PoC Analysis EPSS 0.07

Mark Pilgrim Feedparser < 4.1 - XSS

Cross-site scripting (XSS) vulnerability in feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) before 5.0 allows remote attackers to inject arbitrary web script or HTML via vectors involving nested CDATA stanzas.

CWE-79 Apr 11, 2011

CVE-2011-1671 1 PoC Analysis EPSS 0.08

Tracks <2.0 - XSS

Cross-site scripting (XSS) vulnerability in app/controllers/todos_controller.rb in Tracks 1.7.2, 2.0RC2, and 2.0devel allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to todos/tag/. NOTE: some of these details are obtained from third party information.

CWE-79 Apr 10, 2011

CVE-2011-1670 2 PoCs Analysis EPSS 0.09

InTerra Blog Machine <1.84 - XSS

Cross-site scripting (XSS) vulnerability in actions/add.php in InTerra Blog Machine 1.84, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the subject parameter to post_url/edit.

CWE-79 Apr 10, 2011

CVE-2011-1668 1 PoC Analysis EPSS 0.04

AR Web Content Manager <2.3 - XSS

Cross-site scripting (XSS) vulnerability in search.php in AR Web Content Manager (AWCM) 2.1, 2.2, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the search parameter.

CWE-79 Apr 10, 2011

CVE-2011-1662 EPSS 0.00

Drupal 6.x - XSS

Cross-site scripting (XSS) vulnerability in Translation Management module 6.x before 6.x-1.21 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Apr 10, 2011

CVE-2011-1660 EPSS 0.00

GrapeCity Data Dynamics Reports <1.6.2084.14 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in the DataDynamics.Reports.Web class library in GrapeCity Data Dynamics Reports before 1.6.2084.14 allow remote attackers to inject arbitrary web script or HTML via (1) the reportName or (2) uniqueId parameter to CoreViewerInit.js, or the (3) uniqueId or (4) traceLevel parameter to CoreController.js, as reachable by CoreHandler.ashx.

CWE-79 Apr 10, 2011

CVE-2011-0462 EPSS 0.00

Novell Opensuse Build Service < 2.1.5.1 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in the login page in the webui component in SUSE openSUSE Build Service (OBS) before 2.1.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Apr 10, 2011

CVE-2010-4783 1 PoC Analysis EPSS 0.04

PHP Web Scripts Easy Banner Free 2009.05.18 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in index.php in PHP Web Scripts Easy Banner Free 2009.05.18, when magic_quotes_gpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) siteurl and (2) urlbanner parameters.

CWE-79 Apr 07, 2011

CVE-2010-4779 EPSS 0.00

WPtouch <1.9.20 - XSS

Cross-site scripting (XSS) vulnerability in lib/includes/auth.inc.php in the WPtouch plugin 1.9.19.4 and 1.9.20 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wptouch_settings parameter to include/adsense-new.php. NOTE: some of these details are obtained from third party information.

CWE-79 Apr 07, 2011

CVE-2011-1558 EPSS 0.00

IBM Web Interface for Content Management <1.0.4 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in the IBM Web Interface for Content Management (aka WEBi) 1.0.4 before FP3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-1242.

CWE-79 Apr 05, 2011

CVE-2011-0893 EPSS 0.01

HP Operations - XSS

Cross-site scripting (XSS) vulnerability in HP Operations 9.10 on UNIX platforms allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Apr 04, 2011

CVE-2010-4778 EPSS 0.00

Horde IMP <4.3.8 - Horde Groupware Webmail Edition <1.2.7 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allow remote attackers to inject arbitrary web script or HTML via the (1) username (aka fmusername), (2) password (aka fmpassword), or (3) server (aka fmserver) field in a fetchmail_prefs_save action, related to the Fetchmail configuration, a different issue than CVE-2010-3695. NOTE: some of these details are obtained from third party information.

CWE-79 Apr 04, 2011

CVE-2010-3693 EPSS 0.01

Horde Groupware < 1.2.6 - XSS

Cross-site scripting (XSS) vulnerability in Horde Dynamic IMP (DIMP) before 1.1.5, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via vectors related to displaying mailbox names.

CWE-79 Apr 04, 2011

CVE-2010-3447 EPSS 0.01

Horde Gollem <1.1.2 - XSS

Cross-site scripting (XSS) vulnerability in view.php in the file viewer in Horde Gollem before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the file parameter in a view_file action.

CWE-79 Apr 04, 2011

CVE-2010-3695 1 PoC Analysis EPSS 0.01

Horde Imp < 4.3.7 - XSS

Cross-site scripting (XSS) vulnerability in fetchmailprefs.php in Horde IMP before 4.3.8, and Horde Groupware Webmail Edition before 1.2.7, allows remote attackers to inject arbitrary web script or HTML via the fm_id parameter in a fetchmail_prefs_save action, related to the Fetchmail configuration.

CWE-79 Mar 31, 2011

CVE-2011-0892 EPSS 0.01

HP Diagnostics - XSS

Cross-site scripting (XSS) vulnerability in HP Diagnostics 7.5x and 8.0x before 8.05.54.225 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

CWE-79 Mar 29, 2011

CVE-2011-0728 EPSS 0.00

Michael Hudson-doyle Loggerhead < 1.18 - XSS

Cross-site scripting (XSS) vulnerability in templatefunctions.py in Loggerhead before 1.18.1 allows remote authenticated users to inject arbitrary web script or HTML via a filename, which is not properly handled in a revision view.

CWE-79 Mar 29, 2011

CVE-2011-1524 1 PoC Analysis EPSS 0.21

Symantec LiveUpdate Administrator <2.3 - XSS

Cross-site scripting (XSS) vulnerability in the management login GUI page in Symantec LiveUpdate Administrator (LUA) before 2.3 allows remote attackers to inject arbitrary web script or HTML via the username field, as demonstrated by injecting an IFRAME element into the event log, a different vulnerability than CVE-2011-0545.

CWE-79 Mar 28, 2011

CVE & Exploit Intelligence Database

Investigate

Ecosystems

Reference Indexes

Recent Blog Posts

CVEForge Labs

KEV Gaps