CVE & Exploit Intelligence Database

CVE-2009-2454 EPSS 0.00

Cross-site scripting (XSS) vulnerability in Citrix Web Interface 4.6, 5.0, and 5.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Jul 14, 2009

CVE-2009-2448 EPSS 0.00

Cross-site scripting (XSS) vulnerability in ogp_show.php in Online Guestbook Pro 5.1 allows remote attackers to inject arbitrary web script or HTML via the search_choice parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CWE-79 Jul 13, 2009

CVE-2009-2447 EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in ogp_show.php in Online Guestbook Pro 5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) search or (2) display parameter.

CWE-79 Jul 13, 2009

CVE-2009-2442 1 PoC Analysis EPSS 0.01

Cross-site scripting (XSS) vulnerability in public/index.php in Linea21 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the search parameter in a resultats-recherche action.

CWE-79 Jul 13, 2009

CVE-2009-2441 1 PoC Analysis EPSS 0.01

Cross-site scripting (XSS) vulnerability in ogp_show.php in Online Guestbook Pro 5.1 allows remote attackers to inject arbitrary web script or HTML via the entry parameter.

CWE-79 Jul 13, 2009

CVE-2009-2440 1 PoC Analysis EPSS 0.01

Cross-site scripting (XSS) vulnerability in index.php in JNM Guestbook 3.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter.

CWE-79 Jul 13, 2009

CVE-2009-2438 1 PoC Analysis EPSS 0.01

Cross-site scripting (XSS) vulnerability in index.php in the search module in ClanSphere 2009.0 and 2009.0.2 allows remote attackers to inject arbitrary web script or HTML via the text parameter in a list action. NOTE: this might overlap CVE-2008-1399.

CWE-79 Jul 13, 2009

CVE-2009-2437 1 PoC Analysis EPSS 0.01

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Rentventory 1.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) username (aka Login) and (2) password parameters in a login action.

CWE-79 Jul 13, 2009

CVE-2009-2424 1 PoC Analysis EPSS 0.00

Cross-site scripting (XSS) vulnerability in search.php in Ebay Clone 2009 allows remote attackers to inject arbitrary web script or HTML via the mode parameter.

CWE-79 Jul 10, 2009

CVE-2009-1724 1 PoC Analysis EPSS 0.02

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary web script or HTML via vectors related to parent and top objects.

CWE-79 Jul 09, 2009

CVE-2009-2401 1 PoC Analysis EPSS 0.02

Cross-site scripting (XSS) vulnerability in PHPEcho CMS 2.0-rc3 allows remote attackers to inject arbitrary web script or HTML via a forum post.

CWE-79 Jul 09, 2009

CVE-2009-2391 1 PoC Analysis EPSS 0.00

Cross-site scripting (XSS) vulnerability in text.php in Virtuenetz Virtue Online Test Generator allows remote attackers to inject arbitrary web script or HTML via the tid parameter.

CWE-79 Jul 09, 2009

CVE-2009-2380 EPSS 0.00

Cross-site scripting (XSS) vulnerability in includes/functions.php in 4images 1.7 through 1.7.7 allows remote attackers to inject arbitrary web script or HTML via vectors related to the url variable.

CWE-79 Jul 08, 2009

CVE-2009-2376 EPSS 0.00

Cross-site scripting (XSS) vulnerability in the Html::textarea function in application/libraries/Html.php in TangoCMS 2.x before 2.3.0 allows remote attackers to inject arbitrary web script or HTML via the value parameter, related to the Contact module.

CWE-79 Jul 08, 2009

CVE-2009-2373 EPSS 0.00

Cross-site scripting (XSS) vulnerability in the Forum module in Drupal 6.x before 6.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Jul 08, 2009

CVE-2009-2370 EPSS 0.00

Cross-site scripting (XSS) vulnerability in Advanced Forum 5.x before 5.x-1.1 and 6.x before 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Jul 08, 2009

CVE-2009-2360 1 PoC Analysis EPSS 0.01

Cross-site scripting (XSS) vulnerability in passwd/main.php in the Passwd module before 3.1.1 for Horde allows remote attackers to inject arbitrary web script or HTML via the backend parameter.

CWE-79 Jul 08, 2009

CVE-2009-2352 1 PoC Analysis EPSS 0.01

Google Chrome 1.0.154.48 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header, a related issue to CVE-2009-1312. NOTE: it was later reported that 2.0.172.28, 2.0.172.37, and 3.0.193.2 Beta are also affected.

CWE-79 Jul 07, 2009

CVE-2009-2351 EPSS 0.00

Opera 9.52 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header, a related issue to CVE-2009-1312. NOTE: it was later reported that 10.00 Beta 3 Build 1699 is also affected.

CWE-79 Jul 07, 2009

CVE-2009-2350 1 PoC Analysis EPSS 0.13

Microsoft Internet Explorer 6.0.2900.2180 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header or (2) specifying the content of a Refresh header, a related issue to CVE-2009-1312.

CWE-79 Jul 07, 2009