Exploit Intelligence Platform – 370K+ CVEs, Ranked Exploits & EPSS Scores

CVE-2009-1715 EPSS 0.02

Apple Safari < 4.0_beta - XSS

Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to script execution with incorrect privileges.

CWE-79 Jun 10, 2009

CVE-2009-1714 EPSS 0.01

Apple Safari < 4.0_beta - XSS

Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in Apple Safari before 4.0 allows user-assisted remote attackers to inject arbitrary web script or HTML, and read local files, via vectors related to the improper escaping of HTML attributes.

CWE-79 Jun 10, 2009

CVE-2009-1702 EPSS 0.01

Apple Safari < 3.2.2 - XSS

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper handling of Location and History objects.

CWE-79 Jun 10, 2009

CVE-2009-1695 EPSS 0.01

Apple Safari < 4.0_beta - XSS

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving access to frame contents after completion of a page transition.

CWE-79 Jun 10, 2009

CVE-2009-0239 EPSS 0.31

Windows Search 4.0 - XSS

Cross-site scripting (XSS) vulnerability in Windows Search 4.0 for Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted file that appears in a preview in a search result, aka "Script Execution in Windows Search Vulnerability."

CWE-79 Jun 10, 2009

CVE-2009-1691 EPSS 0.01

Apple Safari < 4.0_beta - XSS

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to insufficient access control for standard JavaScript prototypes in other domains.

CWE-79 Jun 10, 2009

CVE-2009-1689 EPSS 0.01

Apple Safari < 4.0_beta - XSS

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving submission of a form to the about:blank URL, leading to security-context replacement.

CWE-79 Jun 10, 2009

CVE-2009-1688 EPSS 0.01

Apple Safari < 4.0_beta - XSS

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to determining a security context through an approach that is not the "HTML 5 standard method."

CWE-79 Jun 10, 2009

CVE-2009-1685 EPSS 0.01

Apple Safari < 4.0_beta - XSS

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML by overwriting the document.implementation property of (1) an embedded document or (2) a parent document.

CWE-79 Jun 10, 2009

CVE-2009-1684 1 PoC Analysis EPSS 0.02

Apple Safari < 4.0_beta - XSS

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via an event handler that triggers script execution in the context of the next loaded document.

CWE-79 Jun 10, 2009

CVE-2009-2020 1 PoC Analysis EPSS 0.01

Virtue News Manager - XSS

Cross-site scripting (XSS) vulnerability in news_detail.php in Virtue News Manager allows remote attackers to inject arbitrary web script or HTML via the nid parameter.

CWE-79 Jun 09, 2009

CVE-2009-2009 EPSS 0.00

Dokeos 1.8.5 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) curdirpath parameter to main/document/slideshow.php and the (2) file parameter to main/exercice/testheaderpage.php.

CWE-79 Jun 08, 2009

CVE-2009-2006 EPSS 0.01

Dokeos 1.8.5 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) search_term parameter to main/auth/courses.php; the (2) frm_title and (3) frm_content parameters in a new personal agenda item action; the (4) title and (5) tutor_name parameters in a new course action; and the (6) student and (7) course parameters to main/mySpace/myStudents.php. NOTE: vectors 2 and 3 might only be exploitable via a separate CSRF vulnerability.

CWE-79 Jun 08, 2009

CVE-2008-6831 EPSS 0.00

Atlassian Jira - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA Enterprise Edition 3.13 allow remote attackers to inject arbitrary web script or HTML via the (1) fullname (Full Name) parameter in the ViewProfile page or (2) returnUrl parameter in a form, as demonstrated using secure/AddComment!default.jspa (aka "Add Comment").

CWE-79 Jun 08, 2009

CVE-2009-1951 1 PoC Analysis EPSS 0.01

PropertyMax Pro FREE 0.3 - XSS

Cross-site scripting (XSS) vulnerability in index.php in PropertyMax Pro FREE 0.3 allows remote attackers to inject arbitrary web script or HTML via the pl parameter in a mi action.

CWE-79 Jun 05, 2009

CVE-2009-1942 EPSS 0.00

Drupal Quiz <6.x-2.2, <6.x-3.0 - XSS

Cross-site scripting (XSS) vulnerability in the Quiz module 5.x, 6.x-2.x before 6.x-2.2, and 6.x-3.x before 6.x-3.0, a module for Drupal, allows remote authenticated users, with create quizzes or quiz questions access, to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Jun 05, 2009

CVE-2009-1940 EPSS 0.00

Joomla! <1.5.11 - XSS

Cross-site scripting (XSS) vulnerability in the administrator panel in the com_users core component for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Jun 05, 2009

CVE-2009-1939 EPSS 0.00

Joomla! <1.5.11 - XSS

Cross-site scripting (XSS) vulnerability in the JA_Purity template for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Jun 05, 2009

CVE-2009-1938 1 PoC Analysis EPSS 0.00

Joomla! <1.5.11 - XSS

Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to database output and the frontend administrative panel.

CWE-79 Jun 05, 2009

CVE-2009-1937 EPSS 0.00

LightNEasy <2.2.2 - XSS

Cross-site scripting (XSS) vulnerability in the comment posting feature in LightNEasy 2.2.1 "no database" (aka flat) and 2.2.2 SQLite allows remote attackers to inject arbitrary web script or HTML via the (1) commentname (aka Author), (2) commentemail (aka Email), and (3) commentmessage (aka Comment) parameters. NOTE: some of these details are obtained from third party information.

CWE-79 Jun 05, 2009

CVE & Exploit Intelligence Database

Investigate

Ecosystems

Reference Indexes

Recent Blog Posts

CVEForge Labs

KEV Gaps