CVE & Exploit Intelligence Database

Updated 40m ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

338,527 CVEs tracked 53,314 with exploits 4,732 exploited in wild 1,543 CISA KEV 3,934 Nuclei templates 48,968 vendors 42,617 researchers

42,489 results Clear all

CVE-2009-1934 EPSS 0.01

Sun Java System Web Server 6.1 - XSS

Cross-site scripting (XSS) vulnerability in the Reverse Proxy Plug-in in Sun Java System Web Server 6.1 before SP11 allows remote attackers to inject arbitrary web script or HTML via the query string in situations that result in a 502 Gateway error.

CWE-79 Jun 05, 2009

CVE-2009-1162 EPSS 0.01

Cisco Ironport Asyncos - XSS

Cross-site scripting (XSS) vulnerability in the Spam Quarantine login page in Cisco IronPort AsyncOS before 6.5.2 on Series C, M, and X appliances allows remote attackers to inject arbitrary web script or HTML via the referrer parameter.

CWE-79 Jun 05, 2009

CVE-2009-1908 EPSS 0.00

Skip <1.0.2 & <1.1RC - XSS

Cross-site scripting (XSS) vulnerability in Skip 1.0.2 and earlier, and 1.1RC2 and earlier 1.1RC versions, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Jun 04, 2009

CVE-2009-1907 1 PoC Analysis EPSS 0.03

Claroline 1.8.11 - XSS

Cross-site scripting (XSS) vulnerability in claroline/linker/notfound.php in Claroline 1.8.11 allows remote attackers to inject arbitrary web script or HTML via the Referer HTTP header.

CWE-79 Jun 04, 2009

CVE-2009-1881 EPSS 0.00

Mt312 Img-bbs - XSS

Cross-site scripting (XSS) vulnerability in MT312 IMG-BBS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to model.php with a timestamp before 20090521.

CWE-79 Jun 02, 2009

CVE-2009-1880 EPSS 0.00

Mt312 Rep-bbs - XSS

Cross-site scripting (XSS) vulnerability in MT312 REP-BBS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) model.php and (2) config.php with timestamps before 20090521.

CWE-79 Jun 02, 2009

CVE-2009-1849 EPSS 0.00

Paessler Prtg Traffic Grapher < 6.2.977 - XSS

Cross-site scripting (XSS) vulnerability in the Monitor_Bandwidth function in PRTG Traffic Grapher 6.2.2.977 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Jun 01, 2009

CVE-2009-1845 1 PoC Analysis EPSS 0.01

Lussumo Vanilla - XSS

Cross-site scripting (XSS) vulnerability in ajax/updatecheck.php in Lussumo Vanilla 1.1.5 and 1.1.7 allows remote attackers to inject arbitrary web script or HTML via the RequestName parameter.

CWE-79 Jun 01, 2009

CVE-2009-1844 EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x before 5.18 and 6.x before 6.12 allow (1) remote authenticated users to inject arbitrary web script or HTML via crafted UTF-8 byte sequences that are treated as UTF-7 by Internet Explorer 6 and 7, which are not properly handled in the "HTML exports of books" feature; and (2) allow remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via the help text of an arbitrary vocabulary. NOTE: vector 1 exists because of an incomplete fix for CVE-2009-1575.

CWE-79 Jun 01, 2009

CVE-2009-1823 EPSS 0.01

Drupal Print - XSS

Cross-site scripting (XSS) vulnerability in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.7 and 6.x before 6.x-1.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML by modifying a document head, before the Content-Type META element, to contain crafted UTF-8 byte sequences that are treated as UTF-7 by Internet Explorer 6 and 7, a related issue to CVE-2009-1575.

CWE-79 May 29, 2009

CVE-2009-1820 1 PoC Analysis EPSS 0.03

2daybiz Custom T-shirt Design Script - XSS

Cross-site scripting (XSS) vulnerability in product.php in 2daybiz Custom T-shirt Design Script allows remote attackers to inject arbitrary web script or HTML via the id parameter.

CWE-79 May 29, 2009

CVE-2009-1811 1 PoC Analysis EPSS 0.03

Collector Mygesuad - XSS

Multiple cross-site scripting (XSS) vulnerabilities in myGesuad 0.9.14 (aka 0.9) allow remote attackers to inject arbitrary web script or HTML via (1) the Page parameter in a List action to modules/ereignis.php, (2) the Kontext parameter in a Search action to modules/kategorie.php, (3) the image parameter to modules/image.php, or (4) the ID parameter in a Detail action to modules/sitzung.php.

CWE-79 May 29, 2009

CVE-2009-1809 1 PoC Analysis EPSS 0.03

Collector Mycolex - XSS

Multiple cross-site scripting (XSS) vulnerabilities in myColex 1.4.2 allow remote attackers to inject arbitrary web script or HTML via (1) the year parameter to modules/kalender.php, (2) the Page parameter in a List action to modules/ereignis.php, (3) the Kontext parameter in a Search action to modules/kategorie.php, or (4) the image parameter to modules/image.php.

CWE-79 May 29, 2009

CVE-2009-1801 EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to inject arbitrary web script or HTML via the (1) display parameter to reports.php, the (2) order and (3) extdisplay parameters to config.php, and the (4) sort parameter to recordings/index.php. NOTE: some of these details are obtained from third party information.

CWE-79 May 28, 2009

CVE-2009-1796 EPSS 0.01

SUN Java System Portal Server - XSS

Cross-site scripting (XSS) vulnerability in Sun Java System Portal Server 6.3.1, 7.1, and 7.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to an error page.

CWE-79 May 26, 2009

CVE-2009-1790 EPSS 0.01

Rescue < cgi_rescue_trees - XSS

Cross-site scripting (XSS) vulnerability in CGI RESCUE Trees before 2.11 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

CWE-79 May 26, 2009

CVE-2009-1785 EPSS 0.00

Ulteo Open Virtual Desktop - XSS

Cross-site scripting (XSS) vulnerability in Ulteo Open Virtual Desktop 1.0 allows remote attackers to inject arbitrary web script or HTML via the error parameter to header.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CWE-79 May 22, 2009

CVE-2009-1776 1 PoC Analysis EPSS 0.00

Matt Wright Formmail < 1.92 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in FormMail.pl in Matt Wright FormMail 1.92, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via javascript: URIs in the (1) request and (2) return_link_url parameters.

CWE-79 May 22, 2009

CVE-2009-1775 EPSS 0.00

Ulteo Open Virtual Desktop - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Ulteo Open Virtual Desktop 1.0 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) admin/applications.php, (2) admin/appsgroup.php, (3) admin/users.php, (4) admin/usersgroup.php, and (5) admin/tasks.php; (6) show parameter to admin/logs.php; and (7) mode parameter to admin/configuration-partial.php. NOTE: some of these details are obtained from third party information.

CWE-79 May 22, 2009

CVE-2009-1772 EPSS 0.00

Activecollab - XSS

Cross-site scripting (XSS) vulnerability in activeCollab 2.1 Corporate allows remote attackers to inject arbitrary web script or HTML via the re_route parameter to the login script.

CWE-79 May 22, 2009