CVE & Exploit Intelligence Database

CVE-2010-1504 EPSS 0.00

Cross-site scripting (XSS) vulnerability in Google Chrome before 4.1.249.1059 allows remote attackers to inject arbitrary web script or HTML via vectors related to a chrome://downloads URI.

CWE-79 Apr 23, 2010

CVE-2010-1503 EPSS 0.00

Cross-site scripting (XSS) vulnerability in Google Chrome before 4.1.249.1059 allows remote attackers to inject arbitrary web script or HTML via vectors related to a chrome://net-internals URI.

CWE-79 Apr 23, 2010

CVE-2010-1497 1 PoC Analysis EPSS 0.05

Cross-site scripting (XSS) vulnerability in download_proc.php in dl_stats before 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.

CWE-79 Apr 23, 2010

CVE-2009-4804 EPSS 0.00

Cross-site scripting (XSS) vulnerability in the Calendar Base (cal) extension before 1.1.1 for TYPO3, when Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via "search parameters."

CWE-79 Apr 23, 2010

CVE-2010-1486 1 PoC Analysis EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in _invoice.asp in CactuShop before 6.155 allow remote attackers to inject arbitrary web script or HTML via the (1) billing address or (2) shipping address.

CWE-79 Apr 22, 2010

CVE-2009-4786 EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in Pligg before 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to (1) admin/admin_config.php, (2) admin/admin_modules.php, (3) delete.php, (4) editlink.php, (5) submit.php, (6) submit_groups.php, (7) user_add_remove_links.php, and (8) user_settings.php.

CWE-79 Apr 21, 2010

CVE-2009-4782 1 PoC Analysis EPSS 0.01

Multiple cross-site scripting (XSS) vulnerabilities in Theeta CMS, possibly 0.01, allow remote attackers to inject arbitrary web script or HTML via the (1) start, (2) forum, and (3) cat parameters to community/thread.php; (4) start and (5) cat parameters to community/forum.php; and (6) start parameter to blog/index.php.

CWE-79 Apr 21, 2010

CVE-2009-4780 1 PoC Analysis EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in index.php in phpMyFAQ before 2.5.5 allow remote attackers to inject arbitrary web script or HTML via (1) the lang parameter in a sitemap action, (2) the search parameter in a search action, (3) the tagging_id parameter in a search action, (4) the highlight parameter in an artikel action, (5) the artlang parameter in an artikel action, (6) the letter parameter in a sitemap action, (7) the lang parameter in a show action, (8) the cat parameter in a show action, (9) the newslang parameter in a news action, (10) the artlang parameter in a send2friend action, (11) the cat parameter in a send2friend action, (12) the id parameter in a send2friend action, (13) the srclang parameter in a translate action, (14) the id parameter in a translate action, (15) the cat parameter in a translate action, (16) the cat parameter in an add action, or (17) the question parameter in an add action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CWE-79 Apr 21, 2010

CVE-2010-1489 EPSS 0.22

The XSS Filter in Microsoft Internet Explorer 8 does not properly perform neutering for the SCRIPT tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, a different issue than CVE-2009-4074.

CWE-79 Apr 20, 2010

CVE-2010-0997 EPSS 0.00

Cross-site scripting (XSS) vulnerability in 107_plugins/content/content_manager.php in the Content Management plugin in e107 before 0.7.20, when the personal content manager is enabled, allows user-assisted remote authenticated users to inject arbitrary web script or HTML via the content_heading parameter.

CWE-79 Apr 20, 2010

CVE-2010-1164 EXPLOITED EPSS 0.01

Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA 3.12 through 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) element or (2) defaultColor parameter to the Colour Picker page; the (3) formName parameter, (4) element parameter, or (5) full name field to the User Picker page; the (6) formName parameter, (7) element parameter, or (8) group name field to the Group Picker page; the (9) announcement_preview_banner_st parameter to unspecified components, related to the Announcement Banner Preview page; unspecified vectors involving the (10) groupnames.jsp, (11) indexbrowser.jsp, (12) classpath-debug.jsp, (13) viewdocument.jsp, or (14) cleancommentspam.jsp page; the (15) portletKey parameter to runportleterror.jsp; the (16) URI to issuelinksmall.jsp; the (17) afterURL parameter to screenshot-redirecter.jsp; or the (18) HTTP Referrer header to 500page.jsp, as exploited in the wild in April 2010.

CWE-79 Apr 20, 2010

CVE-2009-4767 1 PoC Analysis EPSS 0.01

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Plohni Shoutbox 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) input_name and (2) input_text parameters. NOTE: some of these details are obtained from third party information.

CWE-79 Apr 20, 2010

CVE-2010-1464 EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in WebAsyst Shop-Script FREE allow remote attackers to inject arbitrary web script or HTML via the (1) currency_id_left, (2) currency_id_right, (3) darkcolor, (4) lightcolor, (5) middlecolor, and (6) w parameters.

CWE-79 Apr 16, 2010

CVE-2010-1427 EPSS 0.00

Cross-site scripting (XSS) vulnerability in the SearchHighlight plugin in MODx Evolution before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to AjaxSearch.

CWE-79 Apr 15, 2010

CVE-2010-0432 3 PoCs Analysis EPSS 0.44

Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open For Business Project (aka OFBiz) 09.04 and earlier, as used in Opentaps, Neogia, and Entente Oya, allow remote attackers to inject arbitrary web script or HTML via (1) the productStoreId parameter to control/exportProductListing, (2) the partyId parameter to partymgr/control/viewprofile (aka partymgr/control/login), (3) the start parameter to myportal/control/showPortalPage, (4) an invalid URI beginning with /facility/control/ReceiveReturn (aka /crmsfa/control/ReceiveReturn or /cms/control/ReceiveReturn), (5) the contentId parameter (aka the entityName variable) to ecommerce/control/ViewBlogArticle, (6) the entityName parameter to webtools/control/FindGeneric, or the (7) subject or (8) content parameter to an unspecified component under ecommerce/control/contactus.

CWE-79 Apr 15, 2010

CVE-2010-0190 EPSS 0.01

Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Apr 14, 2010

CVE-2010-1371 EPSS 0.00

Cross-site scripting (XSS) vulnerability in signup.asp in Pre Classified Listings ASP allows remote attackers to inject arbitrary web script or HTML via the address parameter.

CWE-79 Apr 13, 2010

CVE-2010-1367 EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in admin/admin_login.php in Uiga Fan Club, as downloaded on 20100310, allow remote attackers to inject arbitrary web script or HTML via the (1) admin_name and (2) admin_password parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CWE-79 Apr 13, 2010

CVE-2010-1362 EPSS 0.00

Cross-site scripting (XSS) vulnerability in the Own Term module 6.x-1.0 for Drupal allows remote authenticated users, with "create additional terms" privileges, to inject arbitrary web script or HTML via the term description field in a term listing page.

CWE-79 Apr 13, 2010

CVE-2010-1361 1 PoC Analysis EPSS 0.01

Cross-site scripting (XSS) vulnerability in shop/USER_ARTIKEL_HANDLING_AUFRUF.php in PHPepperShop 2.5 allows remote attackers to inject arbitrary web script or HTML via the darstellen parameter.

CWE-79 Apr 13, 2010