CVE & Exploit Intelligence Database

CVE-2009-2893 1 PoC Analysis EPSS 0.01

Multiple cross-site scripting (XSS) vulnerabilities in index.php in XZero Community Classifieds 4.97.8 allow remote attackers to inject arbitrary web script or HTML via (1) the postevent parameter in a post action or (2) the _xzcal_y parameter.

CWE-79 Aug 20, 2009

CVE-2009-2890 1 PoC Analysis EPSS 0.02

Cross-site scripting (XSS) vulnerability in results.php in PHP Scripts Now Riddles allows remote attackers to inject arbitrary web script or HTML via the searchquery parameter.

CWE-79 Aug 20, 2009

CVE-2009-2889 1 PoC Analysis EPSS 0.01

Cross-site scripting (XSS) vulnerability in index.php in PHP Scripts Now Hangman allows remote attackers to inject arbitrary web script or HTML via the letters parameter.

CWE-79 Aug 20, 2009

CVE-2009-2887 EPSS 0.00

Cross-site scripting (XSS) vulnerability in bios.php in PHP Scripts Now President Bios allows remote attackers to inject arbitrary web script or HTML via the rank parameter.

CWE-79 Aug 20, 2009

CVE-2009-2884 1 PoC Analysis EPSS 0.01

Cross-site scripting (XSS) vulnerability in bios.php in PHP Scripts Now World's Tallest Buildings allows remote attackers to inject arbitrary web script or HTML via the rank parameter.

CWE-79 Aug 20, 2009

CVE-2009-2882 4 PoCs Analysis EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in PG MatchMaking allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) browse_ladies.php and (2) browse_men.php, the (3) gender parameter to search.php, and the (4) id parameter to services.php.

CWE-79 Aug 20, 2009

CVE-2008-6988 1 PoC Analysis EPSS 0.06

Multiple cross-site scripting (XSS) vulnerabilities in Easy Photo Gallery (aka Ezphotogallery) 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) galleryid parameter to gallery.php, and the (2) size or (3) imageid parameters to show.php.

CWE-79 Aug 19, 2009

CVE-2008-6982 1 PoC Analysis NUCLEI EPSS 0.09

Cross-site scripting (XSS) vulnerability in index.php in devalcms 1.4a allows remote attackers to inject arbitrary web script or HTML via the currentpath parameter.

CWE-79 Aug 19, 2009

CVE-2008-6979 1 PoC Analysis EPSS 0.00

Cross-site scripting (XSS) vulnerability in as_archives.php in phpAdultSite CMS, possibly 2.3.2, allows remote attackers to inject arbitrary web script or HTML via the results_per_page parameter to index.php. NOTE: some of these details are obtained from third party information. NOTE: this issue might be resultant from a separate SQL injection vulnerability.

CWE-79 Aug 19, 2009

CVE-2008-6977 2 PoCs Analysis EPSS 0.08

Cross-site scripting (XSS) vulnerability in album.asp in Full Revolution aspWebAlbum 3.2 allows remote attackers to inject arbitrary web script or HTML via the message parameter in a summary action.

CWE-79 Aug 19, 2009

CVE-2009-1877 EPSS 0.01

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-1875.

CWE-79 Aug 18, 2009

CVE-2009-1875 EPSS 0.01

Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion 8.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-1877.

CWE-79 Aug 18, 2009

CVE-2009-1874 EPSS 0.01

Multiple cross-site scripting (XSS) vulnerabilities in the Management Console in Adobe JRun 4.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Aug 18, 2009

CVE-2009-1872 EXPLOITED 4 PoCs Analysis NUCLEI EPSS 0.09

Multiple cross-site scripting (XSS) vulnerabilities in Adobe ColdFusion Server 8.0.1, 8, and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the startRow parameter to administrator/logviewer/searchlog.cfm, or the query string to (2) wizards/common/_logintowizard.cfm, (3) wizards/common/_authenticatewizarduser.cfm, or (4) administrator/enter.cfm.

CWE-79 Aug 18, 2009

CVE-2009-2851 1 PoC Analysis EPSS 0.03

Cross-site scripting (XSS) vulnerability in the administrator interface in WordPress before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via a comment author URL.

CWE-79 Aug 18, 2009

CVE-2009-2785 EPSS 0.01

Multiple cross-site scripting (XSS) vulnerabilities in PHP Open Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to buy.php and the id parameter to (2) contact.php and (3) tellafriend.php.

CWE-79 Aug 17, 2009

CVE-2009-2783 1 PoC Analysis EPSS 0.07

Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.3.3 allow remote attackers to inject arbitrary web script or HTML via the (1) op parameter to modules/pm/viewpmsg.php and (2) query string to modules/profile/user.php.

CWE-79 Aug 17, 2009

CVE-2009-2780 6 PoCs Analysis EPSS 0.03

Multiple cross-site scripting (XSS) vulnerabilities in 68 Classifieds 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to category.php, view parameter to (2) login.php and (3) viewlisting.php, page parameter to (4) searchresults.php and (5) toplistings.php, and (6) member parameter to viewmember.php.

CWE-79 Aug 17, 2009

CVE-2009-2778 1 PoC Analysis EPSS 0.00

Cross-site scripting (XSS) vulnerability in visitor/view.php in GarageSales Script allows remote attackers to inject arbitrary web script or HTML via the key parameter. NOTE: some of these details are obtained from third party information.

CWE-79 Aug 14, 2009

CVE-2009-2772 2 PoCs Analysis EPSS 0.04

Multiple cross-site scripting (XSS) vulnerabilities in PG Roommate Finder Solution allow remote attackers to inject arbitrary web script or HTML via the part parameter to (1) quick_search.php and (2) viewprofile.php.

CWE-79 Aug 14, 2009