CVE & Exploit Intelligence Database

Updated 2h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

338,527 CVEs tracked 53,314 with exploits 4,732 exploited in wild 1,543 CISA KEV 3,934 Nuclei templates 48,968 vendors 42,617 researchers

42,489 results Clear all

CVE-2008-6838 1 PoC Analysis EPSS 0.01

Cross-site scripting (XSS) vulnerability in search.php in Zoph 0.7.2.1 allows remote attackers to inject arbitrary web script or HTML via the _off parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CWE-79 Jun 27, 2009

CVE-2008-6835 EPSS 0.00

Peter Wolanin Openid - XSS

Cross-site scripting (XSS) vulnerability in OpenID 5.x before 5.x-1.2, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Jun 27, 2009

CVE-2009-2228 1 PoC Analysis EPSS 0.02

Kasseler CMS - XSS

Cross-site scripting (XSS) vulnerability in engine.php in Kasseler CMS allows remote attackers to inject arbitrary web script or HTML via the url parameter in a redirect action.

CWE-79 Jun 26, 2009

CVE-2009-2226 EPSS 0.00

Let's PHP! Tree BBS <2004-11-23 - XSS

Cross-site scripting (XSS) vulnerability in Let's PHP! Tree BBS 2004/11/23 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Jun 26, 2009

CVE-2009-2221 EPSS 0.00

PHP-I-BOARD <1.2 - XSS

Cross-site scripting (XSS) vulnerability in PHP-I-BOARD 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Jun 26, 2009

CVE-2009-2219 1 PoC Analysis EPSS 0.00

phpCollegeExchange 0.1.5c - XSS

Multiple cross-site scripting (XSS) vulnerabilities in phpCollegeExchange 0.1.5c allow remote attackers to inject arbitrary web script or HTML via the (1) _SESSION[handle] parameter to (a) home.php, (b) books/allbooks.php, or (c) books/home.php; or the (2) home parameter to (d) i_head.php or (e) i_nav.php, or (f) allbooks.php, (g) home.php, or (h) i_nav.php in books/.

CWE-79 Jun 25, 2009

CVE-2009-2217 EPSS 0.00

NBBC <1.4.2 - XSS

Cross-site scripting (XSS) vulnerability in NBBC before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via an invalid URL in a BBCode img tag.

CWE-79 Jun 25, 2009

CVE-2009-2216 6.1 MEDIUM 1 PoC Analysis EPSS 0.03

DirectAdmin <1.33.6 - XSS

Cross-site scripting (XSS) vulnerability in CMD_REDIRECT in DirectAdmin 1.33.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the URI in a view=advanced request.

CWE-79 Jun 25, 2009

CVE-2009-2215 EPSS 0.00

URD <0.6.2 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in URD before 0.6.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to the fatal_error page and unspecified other components.

CWE-79 Jun 25, 2009

CVE-2009-2211 EPSS 0.00

IBM Rational ClearQuest <7.0.0.6, <7.0.1.5 - XSS

Cross-site scripting (XSS) vulnerability in the CQWeb server in IBM Rational ClearQuest 7.0.0 before 7.0.0.6 and 7.0.1 before 7.0.1.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Jun 25, 2009

CVE-2009-1202 EPSS 0.00

Cisco Adaptive Security Appliance - XSS

WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass certain protection mechanisms involving URL rewriting and HTML rewriting, and conduct cross-site scripting (XSS) attacks, by modifying the first hex-encoded character in a /+CSCO+ URI, aka Bug ID CSCsy80705.

CWE-79 Jun 25, 2009

CVE-2009-1201 1 PoC Analysis EPSS 0.05

Cisco Adaptive Security Appliance - XSS

Eval injection vulnerability in the csco_wrap_js function in /+CSCOL+/cte.js in WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass a DOM wrapper and conduct cross-site scripting (XSS) attacks by setting CSCO_WebVPN['process'] to the name of a crafted function, aka Bug ID CSCsy80694.

CWE-79 Jun 25, 2009

CVE-2009-2181 1 PoC Analysis EPSS 0.00

Campsite 3.3.0 RC1 - XSS

Cross-site scripting (XSS) vulnerability in admin-files/templates/list_dir.php in Campsite 3.3.0 RC1 allows remote attackers to inject arbitrary web script or HTML via the listbasedir parameter.

CWE-79 Jun 23, 2009

CVE-2009-2178 1 PoC Analysis EPSS 0.00

phpDatingClub 3.7 - XSS

Cross-site scripting (XSS) vulnerability in website.php in phpDatingClub 3.7 allows remote attackers to inject arbitrary web script or HTML via the page parameter.

CWE-79 Jun 23, 2009

CVE-2009-2172 1 PoC Analysis EPSS 0.00

Radio and TV Player <vBulletin - XSS

Cross-site scripting (XSS) vulnerability in forum/radioandtv.php in the Radio and TV Player addon for vBulletin allows remote registered users to inject arbitrary web script or HTML via the station parameter.

CWE-79 Jun 23, 2009

CVE-2009-2170 EPSS 0.00

Mahara <1.0.12, <1.1.5 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 before 1.0.12 and 1.1 before 1.1.5 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.

CWE-79 Jun 23, 2009

CVE-2009-2163 1 PoC Analysis EPSS 0.01

Sitecore CMS <6.0.2 - XSS

Cross-site scripting (XSS) vulnerability in login/default.aspx in Sitecore CMS before 6.0.2 Update-1 090507 allows remote attackers to inject arbitrary web script or HTML via the sc_error parameter.

CWE-79 Jun 22, 2009

CVE-2009-2162 EPSS 0.01

XOOPS MANIAC PukiWikiMod <1.6.6.2 - XSS

Cross-site scripting (XSS) vulnerability in the XOOPS MANIAC PukiWikiMod module 1.6.6.2 and earlier for XOOPS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Jun 22, 2009

CVE-2009-2156 1 PoC Analysis EPSS 0.01

TorrentTrader Classic 1.09 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in TorrentTrader Classic 1.09 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Title field to requests.php, related to viewrequests.php; and (2) the Torrent Name field to torrents-upload.php, related to the logging of torrent uploads; and allow remote attackers to inject arbitrary web script or HTML via (3) the ttversion parameter to themes/default/footer.php, the (4) SITENAME and (5) CURUSER[username] parameters to themes/default/header.php, (6) the todayactive parameter to visitorstoday.php, (7) the activepeople parameter to visitorsnow.php, (8) the faq_categ[999][title] parameter to faq.php, and (9) the keepget parameter to torrents-details.php.

CWE-79 Jun 22, 2009

CVE-2009-2155 EPSS 0.01

WebNMS Free Edition 5 - XSS

Cross-site scripting (XSS) vulnerability in report/ReportViewAction.do in WebNMS Free Edition 5 allows remote attackers to inject arbitrary web script or HTML via the type parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CWE-79 Jun 22, 2009