CVE & Exploit Intelligence Database

CVE-2009-3153 8 PoCs Analysis EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in x10 MP3 Search engine 1.6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) pic_id parameter to includes/video_ad.php, (2) category parameter to linkvideos_listing.php, id parameter to (3) templates/header1.php and (4) mp3/lyrics.php, key parameter to (5) video_listing.php and (6) adult/video_listing.php, and name parameter to (7) mp3/embed.php and (8) mp3/info.php.

CWE-79 Sep 10, 2009

CVE-2009-3152 1 PoC Analysis EPSS 0.01

Multiple cross-site scripting (XSS) vulnerabilities in becommunity/community/index.php in NTSOFT BBS E-Market Professional allow remote attackers to inject arbitrary web script or HTML via the (1) page, (2) bt_code, and (3) b_no parameters in a board view action.

CWE-79 Sep 10, 2009

CVE-2009-3147 EPSS 0.00

Cross-site scripting (XSS) vulnerability in showproduct.php in ReviewPost Pro vB3 allows remote attackers to inject arbitrary web script or HTML via the date parameter.

CWE-79 Sep 10, 2009

CVE-2009-3146 EPSS 0.00

Cross-site scripting (XSS) vulnerability in search_advance.php in ArticleFriend Script allows remote attackers to inject arbitrary web script or HTML via the SearchWd parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CWE-79 Sep 10, 2009

CVE-2008-7202 EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in OpenWebMail before 2.53 (Stable) allow remote attackers to inject arbitrary web script or HTML via unknown vectors.

CWE-79 Sep 10, 2009

CVE-2007-6729 EPSS 0.00

Cross-site scripting (XSS) vulnerability in the web management interface in the ZyXEL P-330W router allows remote attackers to inject arbitrary web script or HTML via the pingstr parameter and other unspecified vectors.

CWE-79 Sep 10, 2009

CVE-2009-3121 EPSS 0.00

Cross-site scripting (XSS) vulnerability in the Ajax Table module 5.x for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Sep 09, 2009

CVE-2009-3120 EPSS 0.00

Cross-site scripting (XSS) vulnerability in public/index.php in BIGACE Web CMS 2.6 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: some of these details are obtained from third party information.

CWE-79 Sep 09, 2009

CVE-2008-7184 1 PoC Analysis EPSS 0.00

Cross-site scripting (XSS) vulnerability in Diigo Toolbar and Diigolet allows remote attackers to inject arbitrary web script or HTML via a public comment.

CWE-79 Sep 08, 2009

CVE-2009-3105 EPSS 0.00

Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 211.241 for Domino 8.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR EZEL7UURYC.

CWE-79 Sep 08, 2009

CVE-2009-3009 EPSS 0.02

Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper.

CWE-79 Sep 08, 2009

CVE-2008-7175 EPSS 0.00

Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in NextGEN Gallery 0.96 and earlier plugin for Wordpress allows remote attackers to inject arbitrary web script or HTML via the picture description field in a page edit action.

CWE-79 Sep 08, 2009

CVE-2008-7171 1 PoC Analysis EPSS 0.02

Multiple cross-site scripting (XSS) vulnerabilities in Lightweight news portal (LNP) 1.0b allow remote attackers to inject arbitrary web script or HTML via the (1) photo parameter to show_photo.php, (2) potd parameter to show_potd.php, or (3) the Current question field in a vote action to admin.php.

CWE-79 Sep 08, 2009

CVE-2009-3067 EPSS 0.00

Cross-site scripting (XSS) vulnerability in index.php in Reservation Manager allows remote attackers to inject arbitrary web script or HTML via the resman_startdate parameter.

CWE-79 Sep 03, 2009

CVE-2009-3066 2 PoCs Analysis EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in PropertyWatchScript.com Property Watch 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) videoid parameter to tools/email.php and (2) redirect parameter to tools/login.php.

CWE-79 Sep 03, 2009

CVE-2009-3060 EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in Joker Board (aka JBoard) 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the notice parameter to editform.php, (2) the edit_user_message parameter to core/edit_user_message.php, or (3) the user_title parameter to inc/head.inc.php, reachable through any PHP script.

CWE-79 Sep 03, 2009

CVE-2009-3057 2 PoCs Analysis EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in AOM Software Beex 3 allow remote attackers to inject arbitrary web script or HTML via the navaction parameter to (1) news.php and (2) partneralle.php.

CWE-79 Sep 03, 2009

CVE-2008-7150 EPSS 0.00

Cross-site scripting (XSS) vulnerability in Refine by Taxonomy 5.x before 5.x-0.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a taxonomy term, which is not properly handled by refine_by_taxo when displaying tags.

CWE-79 Sep 01, 2009

CVE-2008-7147 EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in IntraLearn Software IntraLearn 2.1, and possibly other versions before 4.2.3, allow remote attackers to inject arbitrary web script or HTML via the (1) outline and (2) course parameters to library/description_link.cfm, or the (3) records_to_display and (4) the_start parameters to library/courses_catalog.cfm.

CWE-79 Sep 01, 2009

CVE-2008-7141 1 PoC Analysis EPSS 0.00

Cross-site scripting (XSS) vulnerability in setup.php in @lex Poll 2.1 allows remote attackers to inject arbitrary web script or HTML via the language_setup parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CWE-79 Sep 01, 2009