CVE & Exploit Intelligence Database

CVE-2009-4547 3 PoCs Analysis EPSS 0.02

Multiple cross-site scripting (XSS) vulnerabilities in ViArt CMS 3.x allow remote attackers to inject arbitrary web script or HTML via the (1) category_id parameter to forums.php, or the forum_id parameter to (2) forum.php or (3) forum_topic_new.php.

CWE-79 Jan 04, 2010

CVE-2009-4544 2 PoCs Analysis EPSS 0.01

Cross-site scripting (XSS) vulnerability in kbase/kbase.php in Cromosoft Technologies Facil Helpdesk 2.3 Lite allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

CWE-79 Jan 04, 2010

CVE-2009-4542 1 PoC Analysis EPSS 0.01

Cross-site scripting (XSS) vulnerability in newticket.php in IsolSoft Support Center 2.5 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

CWE-79 Jan 04, 2010

CVE-2009-4539 EPSS 0.00

Cross-site scripting (XSS) vulnerability in main.php in SQLiteManager 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter.

CWE-79 Jan 04, 2010

CVE-2009-4532 EPSS 0.00

Cross-site scripting (XSS) vulnerability in the Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module for Drupal, allows remote authenticated users, with webform creation privileges, to inject arbitrary web script or HTML via a field label.

CWE-79 Dec 31, 2009

CVE-2009-4525 EPSS 0.00

Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.9 and 6.x before 6.x-1.9, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via crafted data in a list of links.

CWE-79 Dec 31, 2009

CVE-2009-4524 EPSS 0.00

Cross-site scripting (XSS) vulnerability in the RealName module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via a realname (aka real name) element.

CWE-79 Dec 31, 2009

CVE-2009-4523 1 PoC Analysis EPSS 0.02

Cross-site scripting (XSS) vulnerability in index.php in Zainu 1.0 allows remote attackers to inject arbitrary web script or HTML via the searchSongKeyword parameter in a SearchSong action.

CWE-79 Dec 31, 2009

CVE-2009-4522 1 PoC Analysis EPSS 0.02

Cross-site scripting (XSS) vulnerability in search.5.html in BloofoxCMS 0.3.5 allows remote attackers to inject arbitrary web script or HTML via the search parameter to index.php. NOTE: some of these details are obtained from third party information.

CWE-79 Dec 31, 2009

CVE-2009-4521 1 PoC Analysis EPSS 0.04

Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.

CWE-79 Dec 31, 2009

CVE-2009-4518 EPSS 0.00

Cross-site scripting (XSS) vulnerability in the Insert Node module 5.x before 5.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via an inserted node.

CWE-79 Dec 31, 2009

CVE-2009-4516 EPSS 0.00

Cross-site scripting (XSS) vulnerability in the FAQ Ask module 5.x and 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Dec 31, 2009

CVE-2009-4514 EPSS 0.00

Cross-site scripting (XSS) vulnerability in the OpenSocial Shindig-Integrator module 5.x and 6.x before 6.x-2.1, a module for Drupal, allows remote authenticated users, with "create application" privileges, to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Dec 31, 2009

CVE-2009-4513 EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in the Workflow module 5.x before 5.x-2.4 and 6.x before 6.x-1.2, a module for Drupal, allow remote authenticated users, with "administer workflow" privileges, to inject arbitrary web script or HTML via the name of a (1) workflow or (2) workflow state.

CWE-79 Dec 31, 2009

CVE-2008-7250 EPSS 0.00

Cross-site scripting (XSS) vulnerability in Squid Analysis Report Generator (Sarg) 2.2.4 allows remote attackers to inject arbitrary web script or HTML via a JavaScript onload event in the User-Agent header, which is not properly handled when displaying the Squid proxy log. NOTE: this issue exists because of an incomplete fix for CVE-2008-1168.

CWE-79 Dec 30, 2009

CVE-2009-4478 1 PoC Analysis EPSS 0.03

Multiple cross-site scripting (XSS) vulnerabilities in Xstate Real Estate 1.0 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) home.html or (2) lands.html.

CWE-79 Dec 30, 2009

CVE-2009-4473 EPSS 0.01

Multiple cross-site scripting (XSS) vulnerabilities in WorkArea/ContentDesigner/ekformsiframe.aspx in Ektron CMS400.NET 7.6.1.53 and 7.6.6.47, and possibly 7.52 through 7.66sp2, allow remote attackers to inject arbitrary web script or HTML via the (1) css, (2) eca, (3) id, and (4) skin parameters. NOTE: some of these details are obtained from third party information.

CWE-79 Dec 30, 2009

CVE-2009-4469 1 PoC Analysis EPSS 0.01

Multiple cross-site scripting (XSS) vulnerabilities in pagenumber.inc.php in phpPowerCards 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, the (2) archiv parameter, and the (3) subcat parameter.

CWE-79 Dec 30, 2009

CVE-2009-4468 1 PoC Analysis EPSS 0.01

Cross-site scripting (XSS) vulnerability in misc.php in DeluxeBB 1.3 allows remote attackers to inject arbitrary web script or HTML via the page parameter.

CWE-79 Dec 30, 2009

CVE-2009-4464 1 PoC Analysis EPSS 0.03

Cross-site scripting (XSS) vulnerability in searchadvance.asp in Active Business Directory 2 allows remote attackers to inject arbitrary web script or HTML via the search parameter.

CWE-79 Dec 30, 2009