CVE & Exploit Intelligence Database

CVE-2009-3453 EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Quickr 8.1.0 services for WebSphere Portal allow remote attackers to inject arbitrary web script or HTML via the filename of a .odt file in a Lotus Quickr place, related to the Library template.

CWE-79 Sep 29, 2009

CVE-2009-3450 EPSS 0.01

Multiple cross-site scripting (XSS) vulnerabilities in WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allow remote attackers to inject arbitrary web script or HTML via parameters with names beginning with __ (underscore underscore) sequences, which are incompatible with an XSS protection mechanism provided by Microsoft ASP.NET.

CWE-79 Sep 29, 2009

CVE-2009-3444 1 PoC Analysis EPSS 0.00

Cross-site scripting (XSS) vulnerability in email.php in e107 0.7.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header in a news.1 (aka news to email) action.

CWE-79 Sep 28, 2009

CVE-2009-3440 1 PoC Analysis EPSS 0.01

Cross-site scripting (XSS) vulnerability in Open Source Security Information Management (OSSIM) before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the option parameter to the default URI (aka the main menu).

CWE-79 Sep 28, 2009

CVE-2009-3437 EPSS 0.00

Cross-site scripting (XSS) vulnerability in the live preview feature in the Markdown Preview module 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via "Markdown input."

CWE-79 Sep 28, 2009

CVE-2009-3435 EPSS 0.00

Cross-site scripting (XSS) vulnerability in the variable editor in the Devel module 5.x before 5.x-1.2 and 6.x before 6.x-1.18, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a variable name.

CWE-79 Sep 28, 2009

CVE-2009-3427 EPSS 0.00

Cross-site scripting (XSS) vulnerability in Kayako SupportSuite 3.50.06 allows remote attackers to inject arbitrary web script or HTML via the subject field in a ticket.

CWE-79 Sep 25, 2009

CVE-2009-3420 1 PoC Analysis EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in index.php in the Publisher module 2.0 for Miniweb allow remote attackers to inject arbitrary web script or HTML via the (1) begin parameter and the (2) PATH_INFO.

CWE-79 Sep 25, 2009

CVE-2009-3368 1 PoC Analysis EPSS 0.03

Cross-site scripting (XSS) vulnerability in the Hotel Booking Reservation System (aka HBS or com_hbssearch) component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the adult parameter in a showhoteldetails action to index.php.

CWE-79 Sep 24, 2009

CVE-2009-3367 1 PoC Analysis EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in An image gallery 1.0 allow remote attackers to inject arbitrary web script or HTML via the path parameter to (1) index.php and (2) main.php, and the (3) show parameter to main.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CWE-79 Sep 24, 2009

CVE-2009-3363 EPSS 0.00

Cross-site scripting (XSS) vulnerability in the BUEditor module 5.x before 5.x-1.2 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via input to the "plain textarea editor."

CWE-79 Sep 24, 2009

CVE-2009-3360 3 PoCs Analysis EPSS 0.02

Multiple cross-site scripting (XSS) vulnerabilities in Datemill 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) return parameter to photo_view.php, and st parameter to (2) photo_search.php and (3) search.php.

CWE-79 Sep 24, 2009

CVE-2009-3359 2 PoCs Analysis EPSS 0.01

Multiple cross-site scripting (XSS) vulnerabilities in Match Agency BiZ 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) important parameter to edit_profile.php and (2) pid parameter to report.php.

CWE-79 Sep 24, 2009

CVE-2009-3355 1 PoC Analysis EPSS 0.01

Cross-site scripting (XSS) vulnerability in profile.php in Datetopia Buy Dating Site 1.0 allows remote attackers to inject arbitrary web script or HTML via the s_r parameter.

CWE-79 Sep 24, 2009

CVE-2009-3348 1 PoC Analysis EPSS 0.00

Cross-site scripting (XSS) vulnerability in Datavore Gyro 5.0 allows remote attackers to inject arbitrary web script or HTML via the cid parameter in a cat action to the home component.

CWE-79 Sep 24, 2009

CVE-2009-3328 1 PoC Analysis EPSS 0.00

Cross-site scripting (XSS) vulnerability in sign.php in WX-Guestbook 1.1.208 allows remote attackers to inject arbitrary web script or HTML via the sName parameter (aka the name field). NOTE: some of these details are obtained from third party information.

CWE-79 Sep 23, 2009

CVE-2009-3320 1 PoC Analysis EPSS 0.01

Cross-site scripting (XSS) vulnerability in scrivi.php in Zenas PaoLink (aka Pao-Link) 1.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

CWE-79 Sep 23, 2009

CVE-2009-3311 1 PoC Analysis EPSS 0.01

Cross-site scripting (XSS) vulnerability in index.php in RSSMediaScript allows remote attackers to inject arbitrary web script or HTML via the page parameter.

CWE-79 Sep 23, 2009

CVE-2009-3283 EPSS 0.00

Cross-site scripting (XSS) vulnerability in phpspot PHP BBS, PHP Image Capture BBS, PHP & CSS BBS, PHP BBS CE, PHP_RSS_Builder, and webshot, dated before 20090914, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to cookies.

CWE-79 Sep 22, 2009

CVE-2009-2742 EPSS 0.00

Cross-site scripting (XSS) vulnerability in Eclipse Help in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27 allows remote attackers to inject arbitrary web script or HTML via unspecified input.

CWE-79 Sep 21, 2009