CVE & Exploit Intelligence Database

CVE-2010-2715 1 PoC Analysis EPSS 0.00

Cross-site scripting (XSS) vulnerability in photos/index.php in TCW PHP Album 1.0 allows remote attackers to inject arbitrary web script or HTML via the album parameter.

CWE-79 Jul 13, 2010

CVE-2010-2700 1 PoC Analysis EPSS 0.00

Cross-site scripting (XSS) vulnerability in index.php in Edge PHP Clickbank Affiliate Marketplace Script (CBQuick) allows remote attackers to inject arbitrary web script or HTML via the search parameter.

CWE-79 Jul 12, 2010

CVE-2010-2698 1 PoC Analysis EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in Sijio Community Software allow remote authenticated users to inject arbitrary web script or HTML via the title parameter when (1) editing a new blog, (2) adding an album, or (3) editing an album. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CWE-79 Jul 12, 2010

CVE-2010-2697 1 PoC Analysis EPSS 0.00

Cross-site scripting (XSS) vulnerability in Sijio Community Software allows remote authenticated users to inject arbitrary web script or HTML via the title parameter when adding a new blog, related to edit_blog/index.php. NOTE: some of these details are obtained from third party information.

CWE-79 Jul 12, 2010

CVE-2010-2692 EPSS 0.00

Cross-site scripting (XSS) vulnerability in 2daybiz Custom T-Shirt Design Script allows remote attackers to inject arbitrary web script or HTML via a review comment.

CWE-79 Jul 12, 2010

CVE-2009-4934 1 PoC Analysis EPSS 0.01

Cross-site scripting (XSS) vulnerability in index.php in Online Photo Pro 2.0 allows remote attackers to inject arbitrary web script or HTML via the section parameter.

CWE-79 Jul 12, 2010

CVE-2009-4930 EPSS 0.00

Cross-site scripting (XSS) vulnerability in the twbkwbis.P_SecurityQuestion (aka Change Security Question) page in SunGard Banner Student System 7.4 allows remote attackers to inject arbitrary web script or HTML via the New Question field.

CWE-79 Jul 12, 2010

CVE-2009-4926 5 PoCs Analysis EPSS 0.01

Multiple cross-site scripting (XSS) vulnerabilities in Online Contact Manager (formerly EContact PRO) 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) showGroup parameter to (a) index.php and the (2) id parameter to (b) view.php, (c) email.php, (d) edit.php, and (e) delete.php.

CWE-79 Jul 12, 2010

CVE-2010-2675 1 PoC Analysis EPSS 0.00

Cross-site scripting (XSS) vulnerability in index.php in TSOKA:CMS 1.1, 1.9, and 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter in an articolo action.

CWE-79 Jul 08, 2010

CVE-2010-2671 EPSS 0.01

Cross-site scripting (XSS) vulnerability in advancedsearch.php in eZ Publish 3.7.0 through 4.2.0 allows remote attackers to inject arbitrary web script or HTML via the subTreeItem parameter.

CWE-79 Jul 08, 2010

CVE-2010-2669 1 PoC Analysis EPSS 0.02

Cross-site scripting (XSS) vulnerability in admin/editors/text/editor-body.php in Orbis CMS 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter.

CWE-79 Jul 08, 2010

CVE-2010-2665 EPSS 0.01

Cross-site scripting (XSS) vulnerability in Opera before 10.54 on Windows and Mac OS X, and before 10.11 on UNIX platforms, allows remote attackers to inject arbitrary web script or HTML via a data: URI, related to incorrect detection of the "opening site."

CWE-79 Jul 08, 2010

CVE-2010-2654 1 PoC Analysis EPSS 0.03

Multiple cross-site scripting (XSS) vulnerabilities on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allow remote attackers to inject arbitrary web script or HTML via the (1) INDEX or (2) IPADDR parameter to private/cindefn.php, (3) the domain parameter to private/power_management_policy_options.php, the slot parameter to (4) private/pm_temp.php or (5) private/power_module.php, (6) the WEBINDEX parameter to private/blade_leds.php, or (7) the SLOT parameter to private/ipmi_bladestatus.php.

CWE-79 Jul 08, 2010

CVE-2010-2479 EPSS 0.00

Cross-site scripting (XSS) vulnerability in HTML Purifier before 4.1.1, as used in Mahara and other products, when the browser is Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Jul 06, 2010

CVE-2010-1667 EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Jul 06, 2010

CVE-2010-1328 EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in TornadoStore 1.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) tipo or (2) destino parameter to login_registrese.php3 in the Services section, (3) the rubro parameter to precios.php3 in the Products section, (4) the arti parameter to recomenda_articulo.php3 in the Products section, (5) the descrip parameter in a profile action to control/abm_det.php3 in the e-Commerce section, (6) the tit parameter in a delivery_courier action to control/abm_list.php3 in the e-Commerce section, or (7) the tit parameter in an usuario action to control/abm_det.php3 in the e-Commerce section.

CWE-79 Jul 06, 2010

CVE-2009-4924 EPSS 0.00

Dan Pascu python-cjson 1.0.5 does not properly handle a ['/'] argument to cjson.encode, which makes it easier for remote attackers to conduct certain cross-site scripting (XSS) attacks involving Firefox and the end tag of a SCRIPT element.

CWE-79 Jul 02, 2010

CVE-2010-2480 EPSS 0.00

Mako before 0.3.4 relies on the cgi.escape function in the Python standard library for cross-site scripting (XSS) protection, which makes it easier for remote attackers to conduct XSS attacks via vectors involving single-quote characters and a JavaScript onLoad event handler for a BODY element.

CWE-79 Jul 02, 2010

CVE-2010-2617 1 PoC Analysis EPSS 0.01

Cross-site scripting (XSS) vulnerability in bible.php in PHP Bible Search allows remote attackers to inject arbitrary web script or HTML via the chapter parameter.

CWE-79 Jul 02, 2010

CVE-2010-2615 1 PoC Analysis EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in admin/admin.php in Grafik CMS 1.1.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) page_menu and (2) description parameters in an edit_page action.

CWE-79 Jul 02, 2010