CVE & Exploit Intelligence Database

Updated 1h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

338,716 CVEs tracked 53,323 with exploits 4,733 exploited in wild 1,543 CISA KEV 3,939 Nuclei templates 49,017 vendors 42,676 researchers

42,501 results Clear all

CVE-2010-2858 1 PoC Analysis EPSS 0.04

SimpNews <2.47.03 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in news.php in SimpNews 2.47.03 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) layout and (2) sortorder parameters.

CWE-79 Jul 25, 2010

CVE-2010-2856 1 PoC Analysis EPSS 0.01

osCSS <1.2.2 - XSS

Cross-site scripting (XSS) vulnerability in admin/currencies.php in osCSS 1.2.2, and probably earlier versions, allows remote attackers to inject arbitrary web script or HTML via the page parameter.

CWE-79 Jul 25, 2010

CVE-2010-2854 EPSS 0.00

Event Horizon EVH 1.1.10 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in modfile.php in Event Horizon (EVH) 1.1.10, when magic_quotes_gpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) YourEmail and (2) VerificationNumber parameters, which are not properly handled in a forced SQL error message. NOTE: some of these details are obtained from third party information.

CWE-79 Jul 25, 2010

CVE-2010-2852 EPSS 0.00

RunCms 2.1 - XSS

Cross-site scripting (XSS) vulnerability in modules/headlines/magpierss/scripts/magpie_debug.php in RunCms 2.1, when the Headlines module is enabled, allows remote attackers to inject arbitrary web script or HTML via the url parameter.

CWE-79 Jul 25, 2010

CVE-2010-2849 EPSS 0.01

nubuilder <10.07.12 - XSS

Cross-site scripting (XSS) vulnerability in productionnu2/nuedit.php in nuBuilder 10.04.20, and possibly other versions before 10.07.12, allows remote attackers to inject arbitrary web script or HTML via the f parameter.

CWE-79 Jul 25, 2010

CVE-2010-2846 1 PoC Analysis EPSS 0.02

InterJoomla ArtForms 2.1b7.2 - XSS

Cross-site scripting (XSS) vulnerability in the InterJoomla ArtForms (com_artforms) component 2.1b7.2 RC2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the afmsg parameter to index.php.

CWE-79 Jul 25, 2010

CVE-2010-2844 1 PoC Analysis EPSS 0.02

Newanz NewsOffice <2.0.18 - XSS

Cross-site scripting (XSS) vulnerability in news_show.php in Newanz NewsOffice 2.0.18 allows remote attackers to inject arbitrary web script or HTML via the n-cat parameter.

CWE-79 Jul 25, 2010

CVE-2009-4956 EPSS 0.00

Wapplersystems WS Stats < 0.1.1 - XSS

Cross-site scripting (XSS) vulnerability in the Visitor Tracking (ws_stats) extension before 0.1.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Jul 22, 2010

CVE-2009-4953 EPSS 0.00

Stefan Geith SG Userdata < 0.90.300 - XSS

Cross-site scripting (XSS) vulnerability in the Userdata Create/Edit (sg_userdata) extension before 0.91.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Jul 22, 2010

CVE-2009-4948 EPSS 0.00

Joachim Ruhs Locator < 1.2.6 - XSS

Cross-site scripting (XSS) vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Jul 22, 2010

CVE-2010-1969 EPSS 0.01

HP Virtual Connect Enterprise Manager - XSS

Cross-site scripting (XSS) vulnerability in HP Virtual Connect Enterprise Manager for Windows before 6.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

CWE-79 Jul 22, 2010

CVE-2009-4944 EPSS 0.00

Atutor Acollab - XSS

Multiple cross-site scripting (XSS) vulnerabilities in ATRC ACollab 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) address parameter to profile.php or the (2) description parameter to events/add_event.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CWE-79 Jul 22, 2010

CVE-2009-4941 EPSS 0.00

Atutor Acollab - XSS

Cross-site scripting (XSS) vulnerability in sign_in.php in ATRC ACollab 1.2 allows remote attackers to inject arbitrary web script or HTML via the f parameter.

CWE-79 Jul 22, 2010

CVE-2009-4939 2 PoCs Analysis EPSS 0.03

Impactsoftcompany Adpeeps - XSS

Multiple cross-site scripting (XSS) vulnerabilities in index.php in AdPeeps 8.5d1 allow remote attackers to inject arbitrary web script or HTML via the (1) uid parameter, (2) uid parameter in a login_lookup action, (3) uid parameter in an adminlogin action, (4) campaignid parameter in a createcampaign action, (5) type parameter in a view_account_stats action, (6) period parameter in a view_account_stats action, (7) uid parameter in a view_adrates action, (8) accname parameter in an account_confirmation action, (9) loginpass parameter in an account_confirmation action, (10) e9 parameter in a setup_account action, (11) from parameter in an email_advertisers action, (12) message parameter in an email_advertisers action, (13) idno parameter in an edit_ad_package action, (14) Advertiser Name field, (15) First Name field, (16) Last Name field, (17) Address field, (18) Phone Number field, (19) Password Hint field, or (20) URL field; and (21) allow remote authenticated users to inject arbitrary web script or HTML via an unspecified form associated with a view_adrates action.

CWE-79 Jul 22, 2010

CVE-2009-4937 1 PoC Analysis EPSS 0.00

Spirate Small Pirate - XSS

Cross-site scripting (XSS) vulnerability in Small Pirate (SPirate) 2.1 allows remote attackers to inject arbitrary web script or HTML via an onmouseover action in an img BBCode tag within a url BBCode tag.

CWE-79 Jul 22, 2010

CVE-2010-2724 EPSS 0.00

Drupal Hierarchical Select <6.x-3.2 - XSS

Cross-site scripting (XSS) vulnerability in the Hierarchical Select module 5.x before 5.x-3.2 and 6.x before 6.x-3.2 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web script or HTML via unspecified vectors in the hierarchical_select form.

CWE-79 Jul 13, 2010

CVE-2010-2723 EPSS 0.00

LISTSERV 15-16 - XSS

Cross-site scripting (XSS) vulnerability in LISTSERV 15 and 16 allows remote attackers to inject arbitrary web script or HTML via the T parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CWE-79 Jul 13, 2010

CVE-2010-2722 EPSS 0.00

RightInPoint Lyrics Script 3.0 - XSS

Cross-site scripting (XSS) vulnerability in index.php in RightInPoint Lyrics Script 3.0 allows remote attackers to inject arbitrary web script or HTML via the artist_id parameter, which is not properly handled in a forced SQL error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CWE-79 Jul 13, 2010

CVE-2010-2718 EPSS 0.01

CruxSoftware CruxPA 2.00 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in CruxSoftware CruxPA 2.00, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) txtusername parameter to login.php, (2) todo parameter to newtodo.php, and unspecified vectors to (3) newtelephone.php and (4) newappointment.php.

CWE-79 Jul 13, 2010

CVE-2010-2717 EPSS 0.00

CruxCMS 3.0 - XSS

Cross-site scripting (XSS) vulnerability in manager/login.php in CruxSoftware CruxCMS 3.0, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the txtusername parameter.

CWE-79 Jul 13, 2010