CVE & Exploit Intelligence Database

CVE-2009-2613 EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in DataCheck Solutions LinkPal 1.x allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) z_loginfailed.asp, (2) z_admin_login.asp, (3) z_forgot.asp, and possibly unspecified other components. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CWE-79 Jul 27, 2009

CVE-2009-2610 EPSS 0.00

Cross-site scripting (XSS) vulnerability in the Links Related module in the Links Package 5.x before 5.x-1.13 and 6.x before 6.x-1.2, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via the title field.

CWE-79 Jul 27, 2009

CVE-2008-6876 EPSS 0.00

Cross-site scripting (XSS) vulnerability in login.php in EsPartenaires 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: the EsContacts 1.0 issue is covered in CVE-2008-2037.

CWE-79 Jul 24, 2009

CVE-2009-2595 1 PoC Analysis EPSS 0.01

Cross-site scripting (XSS) vulnerability in productSearch.html in Censura 2.0.4 and 2.1.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter in a ProductSearch action.

CWE-79 Jul 24, 2009

CVE-2009-2594 1 PoC Analysis EPSS 0.02

Cross-site scripting (XSS) vulnerability in censura.php in Censura 1.16.04 allows remote attackers to inject arbitrary web script or HTML via the itemid parameter in a details action.

CWE-79 Jul 24, 2009

CVE-2009-2589 EPSS 0.01

Multiple cross-site scripting (XSS) vulnerabilities in Hutscripts PHP Website Script allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) feedback.php, (2) index.php, and (3) lostpassword.php.

CWE-79 Jul 24, 2009

CVE-2009-2588 3 PoCs Analysis EPSS 0.02

Multiple cross-site scripting (XSS) vulnerabilities in Hotscripts Type PHP Clone Script allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) feedback.php, (2) index.php, and (3) lostpassword.php.

CWE-79 Jul 24, 2009

CVE-2009-2587 6 PoCs Analysis EPSS 0.02

Multiple cross-site scripting (XSS) vulnerabilities in DragDropCart allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to assets/js/ddcart.php, the (2) prefix parameter to includes/ajax/getstate.php, the search parameter to (3) index.php and (4) search.php, the (5) redirect parameter to login.php, and the (6) product parameter to productdetail.php.

CWE-79 Jul 24, 2009

CVE-2009-2586 1 PoC Analysis EPSS 0.01

Cross-site scripting (XSS) vulnerability in articles.php in EDGEPHP EZArticles allows remote attackers to inject arbitrary web script or HTML via the title parameter.

CWE-79 Jul 24, 2009

CVE-2009-2581 EPSS 0.00

Cross-site scripting (XSS) vulnerability in modifier.php in EditeurScripts EsNews 1.2 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

CWE-79 Jul 23, 2009

CVE-2008-6868 EPSS 0.00

Cross-site scripting (XSS) vulnerability in default/login.php in EditeurScripts EsBaseAdmin 2.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: the EsContacts 1.0 issue is covered in CVE-2008-2037.

CWE-79 Jul 23, 2009

CVE-2009-2472 EPSS 0.01

Mozilla Firefox before 3.0.12 does not always use XPCCrossOriginWrapper when required during object construction, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted document, related to a "cross origin wrapper bypass."

CWE-79 Jul 22, 2009

CVE-2009-2571 1 PoC Analysis EPSS 0.01

Multiple cross-site scripting (XSS) vulnerabilities in index.php in VerliAdmin 0.3.7 and 0.3.8 allow remote attackers to inject arbitrary web script or HTML via (1) the URI, (2) the q parameter, (3) the nick parameter, or (4) the nick parameter in a bantest action.

CWE-79 Jul 22, 2009

CVE-2009-2569 1 PoC Analysis EPSS 0.02

Multiple cross-site scripting (XSS) vulnerabilities in Verlihub Control Panel (VHCP) 1.7e allow remote attackers to inject arbitrary web script or HTML via (1) the nick parameter in a login action to index.php or (2) the URI in a news request to index.html.

CWE-79 Jul 22, 2009

CVE-2009-2565 EPSS 0.00

Cross-site scripting (XSS) vulnerability in Perl CGI's By Mrs. Shiromuku shiromuku(fs6)DIARY 2.40 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Jul 21, 2009

CVE-2009-2551 1 PoC Analysis EPSS 0.03

Multiple cross-site scripting (XSS) vulnerabilities in ScriptsEz Easy Image Downloader allow remote attackers to inject arbitrary web script or HTML via the id parameter in a detail action to (1) main.php and possibly (2) demo_page.php.

CWE-79 Jul 20, 2009

CVE-2009-2492 EPSS 0.00

Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart Movable Type before 4.261 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2009-2480.

CWE-79 Jul 17, 2009

CVE-2009-2480 EPSS 0.01

Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart Movable Type 4.24, and 4.25 when global templates are not initialized, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Jul 16, 2009

CVE-2009-2048 EPSS 0.00

Cross-site scripting (XSS) vulnerability in the Administration interface in Cisco Customer Response Solutions (CRS) before 7.0(1) SR2 in Cisco Unified Contact Center Express (aka CCX) server allows remote authenticated users to inject arbitrary web script or HTML into the CCX database via unspecified vectors.

CWE-79 Jul 16, 2009

CVE-2009-2455 EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in webadmin/admin.php in @mail 5.6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) type and (2) func parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CWE-79 Jul 14, 2009