Exploit Intelligence Platform – 370K+ CVEs, Ranked Exploits & EPSS Scores

CVE-2010-2988 EPSS 0.00

Cisco UWN <7.0.98.0 - XSS

Cross-site scripting (XSS) vulnerability in Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCtf35333.

CWE-79 Aug 10, 2010

CVE-2010-2987 EPSS 0.00

Cisco WCS <7.0.164 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Wireless Control System (WCS) 7.x before 7.0.164, as used in Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCtg33854.

CWE-79 Aug 10, 2010

CVE-2010-2986 EPSS 0.00

Cisco WCS <6.0.194.0-7.0.164 - XSS

Cross-site scripting (XSS) vulnerability in webacs/QuickSearchAction.do in the search feature in the web interface in Cisco Wireless Control System (WCS) before 6.0(194.0) and 7.x before 7.0.164 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter, aka Bug ID CSCtf14288.

CWE-79 Aug 10, 2010

CVE-2010-2985 EPSS 0.00

IBM WebSphere Service Registry and Repository 6.3 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere Service Registry and Repository (WSRR) 6.3 allow remote attackers to inject arbitrary web script or HTML via (1) the searchTerm parameter to ServiceRegistry/HelpSearch.do or (2) the queryItems[0].value parameter to ServiceRegistry/QueryWizardProcessStep1.do.

CWE-79 Aug 10, 2010

CVE-2010-2574 EPSS 0.00

Mantisbt - XSS

Cross-site scripting (XSS) vulnerability in manage_proj_cat_add.php in MantisBT 1.2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the name parameter in an Add Category action.

CWE-79 Aug 10, 2010

CVE-2010-2796 EPSS 0.01

phpCAS <1.1.2 - XSS

Cross-site scripting (XSS) vulnerability in phpCAS before 1.1.2, when proxy mode is enabled, allows remote attackers to inject arbitrary web script or HTML via a callback URL.

CWE-79 Aug 05, 2010

CVE-2009-2696 EPSS 0.01

Apache Tomcat - XSS

Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter, related to "invalid HTML." NOTE: this is due to a missing fix for CVE-2009-0781.

CWE-79 Aug 05, 2010

CVE-2010-2790 EPSS 0.00

Zabbix <1.8.3rc1 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in the formatQuery function in frontends/php/include/classes/class.curl.php in Zabbix before 1.8.3rc1 allow remote attackers to inject arbitrary web script or HTML via the (1) filter_set, (2) show_details, (3) filter_rst, or (4) txt_select parameters to the triggers page (tr_status.php). NOTE: some of these details are obtained from third party information.

CWE-79 Aug 05, 2010

CVE-2010-2970 EPSS 0.01

MoinMoin 1.9.x <1.9.3 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/SlideShow.py, (2) action/anywikidraw.py, and (3) action/language_setup.py, a similar issue to CVE-2010-2487.

CWE-79 Aug 05, 2010

CVE-2010-2969 EPSS 0.01

MoinMoin <1.9.3 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, and 1.9.x before 1.9.3, allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) action/LikePages.py, (2) action/chart.py, and (3) action/userprofile.py, a similar issue to CVE-2010-2487.

CWE-79 Aug 05, 2010

CVE-2010-2487 EPSS 0.01

Moinmoin < 1.7.3 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 and earlier, 1.8.x before 1.8.8, and 1.9.x before 1.9.3 allow remote attackers to inject arbitrary web script or HTML via crafted content, related to (1) Page.py, (2) PageEditor.py, (3) PageGraphicalEditor.py, (4) action/CopyPage.py, (5) action/Load.py, (6) action/RenamePage.py, (7) action/backup.py, (8) action/login.py, (9) action/newaccount.py, and (10) action/recoverpass.py.

CWE-79 Aug 05, 2010

CVE-2010-2536 EPSS 0.00

Adjam Rekonq < 0.5.0 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in rekonq 0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) a URL associated with a nonexistent domain name, related to webpage.cpp, aka a "universal XSS" issue; (2) unspecified vectors related to webview.cpp; and the about: views for (3) favorites, (4) bookmarks, (5) closed tabs, and (6) history.

CWE-79 Aug 02, 2010

CVE-2009-4976 EPSS 0.00

URS Wolfer Kwebkitpart - XSS

Cross-site scripting (XSS) vulnerability in webkitpart.cpp in kwebkitpart allows remote attackers to inject arbitrary web script or HTML via a URL associated with a nonexistent domain name, related to a "universal XSS" issue, a similar vulnerability to CVE-2010-2536.

CWE-79 Aug 02, 2010

CVE-2009-4975 EPSS 0.00

Nokia Qtdemobrowser - XSS

Cross-site scripting (XSS) vulnerability in webview.cpp in QtDemoBrowser allows remote attackers to inject arbitrary web script or HTML via a URL associated with a nonexistent domain name, related to a "universal XSS" issue, a similar vulnerability to CVE-2010-2536.

CWE-79 Aug 02, 2010

CVE-2010-2917 1 PoC Analysis EPSS 0.06

AJ Square AJ Article 3.0 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in index.php in AJ Square AJ Article 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) emailid, (2) fname, (3) lname, (4) company, (5) address1, (6) address2, (7) city, (8) state, (9) zipcode, (10) phone, and (11) fax parameters in an update action. NOTE: some of these details are obtained from third party information.

CWE-79 Jul 30, 2010

CVE-2010-2914 EPSS 0.00

Nessus <1.2.4 - XSS

Cross-site scripting (XSS) vulnerability in nessusd_www_server.nbin in the Nessus Web Server plugin 1.2.4 for Nessus allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Jul 30, 2010

CVE-2010-1778 EPSS 0.00

Apple Safari < 5.0 - XSS

Cross-site scripting (XSS) vulnerability in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via an RSS feed.

CWE-79 Jul 30, 2010

CVE-2010-2904 EPSS 0.01

SAP NetWeaver <7.02 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in the System Landscape Directory (SLD) component 6.4 through 7.02 in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter to testsdic and the (2) helpstring parameter to paramhelp.jsp.

CWE-79 Jul 28, 2010

CVE-2009-4972 EPSS 0.00

Kelvin MO Simpleid < 0.6.4 - XSS

Cross-site scripting (XSS) vulnerability in index.php (aka the log in page) in SimpleID before 0.6.5 allows remote attackers to inject arbitrary web script or HTML via the s parameter.

CWE-79 Jul 28, 2010

CVE-2009-4963 EPSS 0.00

Typo3 Commerce Extension < 0.9.8 - XSS

Cross-site scripting (XSS) vulnerability in the Commerce extension before 0.9.9 for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Jul 28, 2010

CVE & Exploit Intelligence Database

Investigate

Ecosystems

Reference Indexes

Recent Blog Posts

CVEForge Labs

KEV Gaps