CVE & Exploit Intelligence Database

Updated 3h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

338,640 CVEs tracked 53,321 with exploits 4,733 exploited in wild 1,543 CISA KEV 3,938 Nuclei templates 49,006 vendors 42,664 researchers

42,493 results Clear all

CVE-2010-1195 EPSS 0.00

ikiwiki <2.53.5, <3.20100312 - XSS

Cross-site scripting (XSS) vulnerability in the htmlscrubber component in ikiwiki 2.x before 2.53.5 and 3.x before 3.20100312 allows remote attackers to inject arbitrary web script or HTML via a crafted data:image/svg+xml URI.

CWE-79 Mar 31, 2010

CVE-2010-0449 EPSS 0.01

HP Soa Registry Foundation - XSS

Cross-site scripting (XSS) vulnerability in HP SOA Registry Foundation 6.63 and 6.64 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

CWE-79 Mar 31, 2010

CVE-2010-0132 EPSS 0.01

Cross-site scripting (XSS) vulnerability in ViewVC 1.1 before 1.1.5 and 1.0 before 1.0.11, when the regular expression search functionality is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to "search_re input," a different vulnerability than CVE-2010-0736.

CWE-79 Mar 31, 2010

CVE-2010-1218 EPSS 0.00

TYPO3 mm_forum <1.8.2 - XSS

Cross-site scripting (XSS) vulnerability in the mm_forum extension 1.8.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Mar 30, 2010

CVE-2010-0452 EPSS 0.01

HP Project And Portfolio Management Center < 7.1 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in HP Project and Portfolio Management Center (PPMC, formerly Mercury IT Governance) 7.1 through SP10 and 7.5 through SP3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Mar 29, 2010

CVE-2009-4746 1 PoC Analysis EPSS 0.00

Dreamlevels DreamPoll 3.1 - XSS

Cross-site scripting (XSS) vulnerability in index.php in Dreamlevels DreamPoll 3.1 allows remote attackers to inject arbitrary web script or HTML via the recordsPerPage parameter in a poll_default login action.

CWE-79 Mar 26, 2010

CVE-2009-4744 EPSS 0.00

Exponent CMS <0.97-GA20090213 - XSS

Cross-site scripting (XSS) vulnerability in the Contact module in Exponent CMS 0.97-GA20090213 allows remote attackers to inject arbitrary web script or HTML via the email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CWE-79 Mar 26, 2010

CVE-2009-4743 2 PoCs Analysis EPSS 0.02

AfterLogic WebMail Pro <4.7.10 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in history-storage.aspx in AfterLogic WebMail Pro 4.7.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) HistoryStorageObjectName and (2) HistoryKey parameters.

CWE-79 Mar 26, 2010

CVE-2009-4505 EPSS 0.00

OpenCMS OAMP Comments Module 1.0.1 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in OpenCMS OAMP Comments Module 1.0.1 allow remote attackers to inject arbitrary web script or HTML via the name field in a comment, and other unspecified vectors.

CWE-79 Mar 26, 2010

CVE-2010-0171 EPSS 0.01

Mozilla Firefox < 2.0.2 - XSS

Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allow remote attackers to perform cross-origin keystroke capture, and possibly conduct cross-site scripting (XSS) attacks, by using the addEventListener and setTimeout functions in conjunction with a wrapped object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2007-3736.

CWE-79 Mar 25, 2010

CVE-2010-0170 EPSS 0.00

Mozilla Firefox - XSS

Mozilla Firefox 3.6 before 3.6.2 does not offer plugins the expected window.location protection mechanism, which might allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via vectors that are specific to each affected plugin.

CWE-79 Mar 25, 2010

CVE-2010-1113 1 PoC Analysis EPSS 0.01

Web Server Creator - Web Portal 0.1 - XSS

Cross-site scripting (XSS) vulnerability in the forum page in Web Server Creator - Web Portal 0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to index.php.

CWE-79 Mar 25, 2010

CVE-2010-1112 1 PoC Analysis EPSS 0.00

KloNews 2.0 - XSS

Cross-site scripting (XSS) vulnerability in cat.php in KloNews 2.0 allows remote attackers to inject arbitrary web script or HTML via the cat parameter.

CWE-79 Mar 25, 2010

CVE-2010-1111 2 PoCs Analysis EPSS 0.01

Jokes Complete Website - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Jokes Complete Website allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to joke.php and the (2) searchingred parameter to results.php.

CWE-79 Mar 25, 2010

CVE-2010-1108 EPSS 0.00

Drupal 5.x-6.x - XSS

Cross-site scripting (XSS) vulnerability in the Control Panel module 5.x through 5.x-1.5 and 6.x through 6.x-1.2 for Drupal allows remote authenticated users, with "administer blocks" privileges, to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Mar 25, 2010

CVE-2010-1107 EPSS 0.00

Drupal 5.x-6.x - XSS

Cross-site scripting (XSS) vulnerability in the Recent Comments module 5.x through 5.x-1.2 and 6.x through 6.x-1.0 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a "custom block title interface."

CWE-79 Mar 25, 2010

CVE-2010-1105 EPSS 0.00

AdvertisementManager <3.6 - XSS

Cross-site scripting (XSS) vulnerability in cgi/index.php in AdvertisementManager 3.1.0 and 3.6 allows remote attackers to inject arbitrary web script or HTML via the usr parameter.

CWE-79 Mar 25, 2010

CVE-2010-1104 EPSS 0.00

Zope <2.8.12-2.12.3 - XSS

Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages.

CWE-79 Mar 25, 2010

CVE-2009-2907 1 PoC Analysis EPSS 0.00

Springsource Application Management Suite < 2.0.0 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in SpringSource tc Server 6.0.20.B and earlier, Application Management Suite (AMS) before 2.0.0.SR4, Hyperic HQ Open Source before 4.2.x, Hyperic HQ 4.0 Enterprise before 4.0.3.2, and Hyperic HQ 4.1 Enterprise before 4.1.2.1 allow remote attackers to inject arbitrary web script or HTML via the description field and unspecified "input fields."

CWE-79 Mar 24, 2010

CVE-2010-1095 1 PoC Analysis EPSS 0.00

Tracking Requirements & Use Cases <0.11.0 - XSS

Cross-site scripting (XSS) vulnerability in login_reset_password_page.php in Tracking Requirements & Use Cases (TRUC) 0.11.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CWE-79 Mar 24, 2010