CVE & Exploit Intelligence Database

CVE-2009-3196 1 PoC Analysis EPSS 0.01

Cross-site scripting (XSS) vulnerability in index.php in JCE-Tech PHP Video Script allows remote attackers to inject arbitrary web script or HTML via the key parameter.

CWE-79 Sep 15, 2009

CVE-2009-3195 2 PoCs Analysis EPSS 0.01

Multiple cross-site scripting (XSS) vulnerabilities in JCE-Tech Auction RSS Content Script 3.0 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) rss.php and (2) search.php.

CWE-79 Sep 15, 2009

CVE-2009-3194 1 PoC Analysis EPSS 0.01

Cross-site scripting (XSS) vulnerability in index.php in JCE-Tech SearchFeed Script allows remote attackers to inject arbitrary web script or HTML via the search parameter.

CWE-79 Sep 15, 2009

CVE-2009-3192 EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in index.php in LinkorCMS 1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the searchstr parameter in a search action; or the (2) nikname, (3) realname, (4) homepage, or (5) city parameter in a registration action.

CWE-79 Sep 15, 2009

CVE-2009-3191 1 PoC Analysis EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in PAD Site Scripts 3.6 allow remote attackers to inject arbitrary web script or HTML via the cat parameter to (1) rss.php and (2) opml.php.

CWE-79 Sep 15, 2009

CVE-2009-3189 1 PoC Analysis EPSS 0.01

Cross-site scripting (XSS) vulnerability in search.php in DigiOz Guestbook 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the search_term parameter.

CWE-79 Sep 15, 2009

CVE-2009-3187 1 PoC Analysis EPSS 0.01

Cross-site scripting (XSS) vulnerability in gamelist.php in Stand Alone Arcade 1.1 allows remote attackers to inject arbitrary web script or HTML via the cat parameter.

CWE-79 Sep 15, 2009

CVE-2009-3186 3 PoCs Analysis EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in VideoGirls BiZ allow remote attackers to inject arbitrary web script or HTML via the (1) t parameter to forum.php, (2) profile_name parameter to profile.php, and (3) p parameter to view.php.

CWE-79 Sep 15, 2009

CVE-2009-2947 EPSS 0.00

Cross-site scripting (XSS) vulnerability in Xapian Omega before 1.0.16 allows remote attackers to inject arbitrary web script or HTML via unspecified CGI parameter values, which are sometimes included in exception messages.

CWE-79 Sep 14, 2009

CVE-2009-2814 EPSS 0.00

Cross-site scripting (XSS) vulnerability in the Wiki Server in Apple Mac OS X 10.5.8 allows remote attackers to inject arbitrary web script or HTML via a search request containing data that does not use UTF-8 encoding.

CWE-79 Sep 14, 2009

CVE-2008-7231 EPSS 0.00

Cross-site scripting (XSS) vulnerability in Meridio Document and Records Management before 4.3 SR1 allows remote authenticated users to inject arbitrary web script or HTML via the Title field in a (1) document (subGeneralProps:dmpvDocTitle:PROP_W_title) or (2) container (subGeneralProps:dmpvContainerTitle:PROP_W_title).

CWE-79 Sep 14, 2009

CVE-2008-7223 EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via (1) ftp/index.php, (2) viewer.php, (3) functions/other.php, (4) include/left_menu.class.php, or (5) plugins/stats/stats_view.php.

CWE-79 Sep 14, 2009

CVE-2008-7222 1 PoC Analysis EPSS 0.00

Cross-site scripting (XSS) vulnerability in system/admin.php in RunCMS 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the rank_title parameter in a RankForumAdd action.

CWE-79 Sep 14, 2009

CVE-2009-3171 1 PoC Analysis EPSS 0.03

Multiple cross-site scripting (XSS) vulnerabilities in Anantasoft Gazelle CMS 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user parameter to user.php or (2) lookup parameter to search.php.

CWE-79 Sep 11, 2009

CVE-2008-7213 1 PoC Analysis EPSS 0.01

Cross-site scripting (XSS) vulnerability in mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php in MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote attackers to inject arbitrary web script or HTML via the Command parameter.

CWE-79 Sep 11, 2009

CVE-2008-7206 EPSS 0.00

Unspecified vulnerability in Electronic Logbook (ELOG) before 2.7.2 has unknown impact and attack vectors when the "logbook contains HTML code," probably cross-site scripting (XSS).

CWE-79 Sep 11, 2009

CVE-2009-3162 1 PoC Analysis EPSS 0.00

Cross-site scripting (XSS) vulnerability in Multi Website 1.5 allows remote attackers to inject arbitrary web script or HTML via the search parameter in a search action to the default URI.

CWE-79 Sep 10, 2009

CVE-2009-3157 EPSS 0.00

Cross-site scripting (XSS) vulnerability in the Calendar module 6.x before 6.x-2.2 for Drupal allows remote authenticated users, with "create new content types" privileges, to inject arbitrary web script or HTML via the title of a content type.

CWE-79 Sep 10, 2009

CVE-2009-3156 EPSS 0.01

Cross-site scripting (XSS) vulnerability in the Date Tools sub-module in the Date module 6.x before 6.x-2.3 for Drupal allows remote authenticated users, with "use date tools" or "administer content types" privileges, to inject arbitrary web script or HTML via a "Content type label" field.

CWE-79 Sep 10, 2009

CVE-2009-3155 1 PoC Analysis EPSS 0.02

Cross-site scripting (XSS) vulnerability in gmap.php in the Almond Classifieds (com_aclassf) component 7.5 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the addr parameter.

CWE-79 Sep 10, 2009