CVE & Exploit Intelligence Database

CVE-2009-4685 1 PoC Analysis EPSS 0.01

Cross-site scripting (XSS) vulnerability in celebrities.php in PHP Scripts Now Astrology allows remote attackers to inject arbitrary web script or HTML via the day parameter.

CWE-79 Mar 10, 2010

CVE-2009-4684 1 PoC Analysis EPSS 0.01

Cross-site scripting (XSS) vulnerability in index.php in EZodiak allows remote attackers to inject arbitrary web script or HTML via the sign parameter.

CWE-79 Mar 10, 2010

CVE-2009-4682 1 PoC Analysis EPSS 0.02

Cross-site scripting (XSS) vulnerability in vote.php in Good/Bad Vote allows remote attackers to inject arbitrary web script or HTML via the id parameter in a vote action.

CWE-79 Mar 10, 2010

CVE-2009-4681 1 PoC Analysis EPSS 0.03

Cross-site scripting (XSS) vulnerability in search.php in phpDirectorySource 1.x allows remote attackers to inject arbitrary web script or HTML via the st parameter.

CWE-79 Mar 10, 2010

CVE-2010-0949 EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in Natychmiast CMS allow remote attackers to inject arbitrary web script or HTML via the id_str parameter to (1) index.php and (2) a_index.php.

CWE-79 Mar 10, 2010

CVE-2010-0947 EPSS 0.00

Cross-site scripting (XSS) vulnerability in post.aspx in Max Network Technology BBSMAX 3.0, 4.1, and 4.2 allows remote attackers to inject arbitrary web script or HTML via the action parameter.

CWE-79 Mar 10, 2010

CVE-2010-0941 EPSS 0.01

Multiple cross-site scripting (XSS) vulnerabilities in eTek Systems Hit Counter 2.0 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php, (2) inc/login.php, (3) admin/index.php, and (4) admin/forgot.php.

CWE-79 Mar 08, 2010

CVE-2010-0940 EPSS 0.00

Cross-site scripting (XSS) vulnerability in guestbook.php in Simple PHP Guestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via the action parameter.

CWE-79 Mar 08, 2010

CVE-2010-0938 EPSS 0.00

Cross-site scripting (XSS) vulnerability in todooforum.php in Todoo Forum 2.0 allows remote attackers to inject arbitrary web script or HTML via the id_forum parameter in a post action.

CWE-79 Mar 08, 2010

CVE-2010-0936 2 PoCs Analysis EPSS 0.01

Cross-site scripting (XSS) vulnerability in auth.asp on the D-LINK DKVM-IP8 with firmware 2282_dlinkA4_p8_20071213 allows remote attackers to inject arbitrary web script or HTML via the nickname parameter.

CWE-79 Mar 08, 2010

CVE-2009-4678 1 PoC Analysis EPSS 0.02

Cross-site scripting (XSS) vulnerability in index.php in Winn Guestbook 2.4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

CWE-79 Mar 08, 2010

CVE-2009-4677 EPSS 0.00

Cross-site scripting (XSS) vulnerability in search.php in phpFK PHP Forum ohne 7.0.4 allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CWE-79 Mar 08, 2010

CVE-2010-0927 EPSS 0.00

Cross-site scripting (XSS) vulnerability in help/readme.nsf/Header in the Help component in IBM Lotus Domino 7.x before 7.0.4 and 8.x before 8.0.2 allows remote attackers to inject arbitrary web script or HTML via the BaseTarget parameter in an OpenPage action. NOTE: this may overlap CVE-2010-0920.

CWE-79 Mar 05, 2010

CVE-2009-4662 EPSS 0.01

Cross-site scripting (XSS) vulnerability in the WebAccess component in Novell GroupWise 7.0 before 7.03 HP4 and 8.0 before 8.0 SP1 allows remote attackers to inject arbitrary web script or HTML via the User.Theme.index parameter.

CWE-79 Mar 03, 2010

CVE-2010-0920 EPSS 0.00

Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 allows remote attackers to inject arbitrary web script or HTML via vectors related to lack of "XSS/CSRF Get Filter and Referer Check fixes."

CWE-79 Mar 03, 2010

CVE-2010-0804 1 PoC Analysis EPSS 0.01

Cross-site scripting (XSS) vulnerability in index.php in iBoutique 4.0 allows remote attackers to inject arbitrary web script or HTML via the key parameter in a products action.

CWE-79 Mar 02, 2010

CVE-2010-0797 EPSS 0.00

Cross-site scripting (XSS) vulnerability in the T3BLOG extension 0.6.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Mar 02, 2010

CVE-2010-0726 EPSS 0.01

Cross-site scripting (XSS) vulnerability in the tb-send.rb (TrackBack transmission) plugin in tDiary 2.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors, possibly related to the (1) plugin_tb_url and (2) plugin_tb_excerpt parameters.

CWE-79 Mar 02, 2010

CVE-2010-0754 1 PoC Analysis EPSS 0.08

Cross-site scripting (XSS) vulnerability in index.php/Special/Main/Templates in WikyBlog 1.7.2 and 1.7.3 rc2 allows remote attackers to inject arbitrary web script or HTML via the which parameter in a copy action.

CWE-79 Feb 27, 2010

CVE-2010-0725 1 PoC Analysis EPSS 0.03

Cross-site scripting (XSS) vulnerability in showimg.php in Arab Cart 1.0.2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.

CWE-79 Feb 26, 2010