Exploit Intelligence Platform – 370K+ CVEs, Ranked Exploits & EPSS Scores

CVE-2009-3592 1 PoC Analysis EPSS 0.01

Qtmsoft X-cart - XSS

Cross-site scripting (XSS) vulnerability in customer/home.php in Qualiteam X-Cart allows remote attackers to inject arbitrary web script or HTML via the email parameter in a subscribed action, a different vector than CVE-2005-1823.

CWE-79 Oct 08, 2009

CVE-2009-3579 EPSS 0.00

Mortbay Jetty - XSS

Cross-site scripting (XSS) vulnerability in the CookieDump.java sample application in Mort Bay Jetty 6.1.19 and 6.1.20 allows remote attackers to inject arbitrary web script or HTML via the Value parameter in a GET request to cookie/.

CWE-79 Oct 07, 2009

CVE-2009-3567 EPSS 0.00

Kayako Esupport < 3.60.04 - XSS

Cross-site scripting (XSS) vulnerability in modules/tickets/functions_ticketsui.php in Kayako SupportSuite and eSupport 3.60.04 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the staff control panel, a different vector than CVE-2007-1145.

CWE-79 Oct 06, 2009

CVE-2009-3562 1 PoC Analysis EPSS 0.01

Xerver - XSS

Cross-site scripting (XSS) vulnerability in Xerver HTTP Server 4.32 allows remote attackers to inject arbitrary web script or HTML via the currentPath parameter in a chooseDirectory action.

CWE-79 Oct 05, 2009

CVE-2009-3540 EPSS 0.00

Yourfreeworld Ultra Classifieds Pro - XSS

Cross-site scripting (XSS) vulnerability in listads.php in YourFreeWorld Ultra Classifieds Pro allows remote attackers to inject arbitrary web script or HTML via the cn parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CWE-79 Oct 02, 2009

CVE-2009-3539 2 PoCs Analysis EPSS 0.01

Yourfreeworld Ultra Classifieds Pro - XSS

Multiple cross-site scripting (XSS) vulnerabilities in YourFreeWorld Ultra Classifieds Pro allow remote attackers to inject arbitrary web script or HTML via the (1) cname parameter to subclass.php and the (2) sn parameter to listads.php.

CWE-79 Oct 02, 2009

CVE-2009-3530 1 PoC Analysis EPSS 0.00

Radscripts Radbids - XSS

Cross-site scripting (XSS) vulnerability in storefront.php in RadScripts RadBids Gold 4 allows remote attackers to inject arbitrary web script or HTML via the mode parameter.

CWE-79 Oct 02, 2009

CVE-2009-3521 EPSS 0.00

IBM Tivoli Composite Application Manager For Wesbsphere - XSS

Multiple cross-site scripting (XSS) vulnerabilities in the Visualization Engine (VE) in IBM Tivoli Composite Application Manager for WebSphere (ITCAM) 6.1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Oct 01, 2009

CVE-2009-3513 3 PoCs Analysis EPSS 0.00

Pilotgroup PG Etraining - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Pilot Group (PG) eTraining allow remote attackers to inject arbitrary web script or HTML via (1) the cat_id parameter to courses_login.php, the id parameter to (2) news_read.php or (3) lessons_login.php, or (4) the cur parameter in a start action to lessons_login.php.

CWE-79 Oct 01, 2009

CVE-2009-3512 3 PoCs Analysis EPSS 0.01

Phplemon Myweight - XSS

Multiple cross-site scripting (XSS) vulnerabilities in MyWeight 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) date parameter to user_addfood.php, info parameter to (2) user_forgot_pwd_form.php and (3) user_login.php, and (4) return parameter to user_login.php.

CWE-79 Oct 01, 2009

CVE-2009-3509 1 PoC Analysis EPSS 0.02

Cj-design CJ Dynamic Poll - XSS

Cross-site scripting (XSS) vulnerability in admin/admin_index.php in CJ Dynamic Poll PRO 2.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

CWE-79 Oct 01, 2009

CVE-2009-3506 1 PoC Analysis EPSS 0.01

Jean-michel Wyttenbach Cmsphp - XSS

Multiple cross-site scripting (XSS) vulnerabilities in CMSphp 0.21 allow remote attackers to inject arbitrary web script or HTML via the (1) cook_user parameter to index.php and the (2) name parameter to modules.php.

CWE-79 Oct 01, 2009

CVE-2009-3496 1 PoC Analysis EPSS 0.01

Vastal Dvd Zone - XSS

Cross-site scripting (XSS) vulnerability in view_mag.php in Vastal I-Tech DVD Zone allows remote attackers to inject arbitrary web script or HTML via the mag_id parameter.

CWE-79 Sep 30, 2009

CVE-2009-3493 2 PoCs Analysis EPSS 0.01

Zenas Paobacheca Guestbook - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Zenas PaoBacheca Guestbook 2.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) scrivi.php and (2) index.php.

CWE-79 Sep 30, 2009

CVE-2009-3488 EPSS 0.00

RON Jerome Bibliography - XSS

Cross-site scripting (XSS) vulnerability in the Bibliography (aka Biblio) module 6.x-1.6 for Drupal allows remote authenticated users, with certain content-creation privileges, to inject arbitrary web script or HTML via the Title field, probably a different vulnerability than CVE-2009-3479.

CWE-79 Sep 30, 2009

CVE-2009-3487 2 PoCs Analysis EPSS 0.00

Juniper Junos - XSS

Multiple cross-site scripting (XSS) vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via (1) the JEXEC_OUTID parameter in a JEXEC_MODE_RELAY_OUTPUT action to the jexec program; the (2) act, (3) refresh-time, or (4) ifid parameter to scripter.php; (5) the revision parameter in a rollback action to the configuration program; the m[] parameter to the (6) monitor, (7) manage, (8) events, (9) configuration, or (10) alarms program; (11) the m[] parameter to the default URI; (12) the m[] parameter in a browse action to the default URI; (13) the wizard-next parameter in an https action to the configuration program; or the (14) Contact Information, (15) System Description, (16) Local Engine ID, (17) System Location, or (18) System Name Override SNMP parameter, related to the configuration program.

CWE-79 Sep 30, 2009

CVE-2009-3486 2 PoCs Analysis EPSS 0.00

Juniper Junos - XSS

Multiple cross-site scripting (XSS) vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via the host parameter to (1) the pinghost program, reachable through the diagnose program; or (2) the traceroute program, reachable through the diagnose program; or (3) the probe-limit parameter to the configuration program; the (4) wizard-ids or (5) pager-new-identifier parameter in a firewall-filters action to the configuration program; (6) the cos-physical-interface-name parameter in a cos-physical-interfaces-edit action to the configuration program; the (7) wizard-args or (8) wizard-ids parameter in an snmp action to the configuration program; the (9) username or (10) fullname parameter in a users action to the configuration program; or the (11) certname or (12) certbody parameter in a local-cert (aka https) action to the configuration program.

CWE-79 Sep 30, 2009

CVE-2009-3485 1 PoC Analysis EPSS 0.02

Juniper Junos - XSS

Cross-site scripting (XSS) vulnerability in the J-Web interface in Juniper JUNOS 8.5R1.14 and 9.0R1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI.

CWE-79 Sep 30, 2009

CVE-2009-3479 EPSS 0.00

Drupal - XSS

Cross-site scripting (XSS) vulnerability in Bibliography (Biblio) 5.x before 5.x-1.17 and 6.x before 6.x-1.6, a module for Drupal, allows remote attackers, with "create content displayed by the Bibliography module" permissions, to inject arbitrary web script or HTML via a title.

CWE-79 Sep 30, 2009

CVE-2009-3469 1 PoC Analysis EPSS 0.03

IBM Lotus Connections - XSS

Cross-site scripting (XSS) vulnerability in profiles/html/simpleSearch.do in IBM Lotus Connections 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter.

CWE-79 Sep 29, 2009

CVE & Exploit Intelligence Database

Investigate

Ecosystems

Reference Indexes

Recent Blog Posts

CVEForge Labs

KEV Gaps