CVE & Exploit Intelligence Database

Updated 2h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

338,495 CVEs tracked 53,311 with exploits 4,732 exploited in wild 1,543 CISA KEV 3,933 Nuclei templates 48,945 vendors 42,609 researchers

42,486 results Clear all

CVE-2008-6724 EPSS 0.00

Patrick Matthai Pnopaste - XSS

Cross-site scripting (XSS) vulnerability in index.pl in Perl Nopaste 1.0 allows remote attackers to inject arbitrary web script or HTML via the language parameter. NOTE: some of these details are obtained from third party information.

CWE-79 Apr 17, 2009

CVE-2009-1294 1 PoC Analysis EPSS 0.02

Novell Teaming - XSS

Multiple cross-site scripting (XSS) vulnerabilities in web/guest/home in the Liferay 4.3.0 portal in Novell Teaming 1.0 through SP3 (1.0.3) allow remote attackers to inject arbitrary web script or HTML via the (1) p_p_state or (2) p_p_mode parameters.

CWE-79 Apr 16, 2009

CVE-2009-0237 EPSS 0.42

Microsoft Forefront TMG MBE/ISA Server - XSS

Cross-site scripting (XSS) vulnerability in cookieauth.dll in the HTML forms authentication component in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE); and Internet Security and Acceleration (ISA) Server 2006, 2006 Supportability Update, and 2006 SP1; allows remote attackers to inject arbitrary web script or HTML via "authentication input" to this component, aka "Cross-Site Scripting Vulnerability."

CWE-79 Apr 15, 2009

CVE-2009-1288 2 PoCs Analysis EPSS 0.11

IBM Advanced Management Module - XSS

Multiple cross-site scripting (XSS) vulnerabilities in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to inject arbitrary web script or HTML via (1) the username in a login action or (2) the PATH parameter to private/file_management.ssi in the File manager.

CWE-79 Apr 13, 2009

CVE-2009-1287 1 PoC Analysis EPSS 0.02

Cisco Subscriber Edge Services Manager - XSS

Cross-site scripting (XSS) vulnerability in Cisco Subscriber Edge Services Manager (SESM) allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: some of these details are obtained from third party information.

CWE-79 Apr 13, 2009

CVE-2008-6715 1 PoC Analysis EPSS 0.02

Preprojects Pre Ads Portal < 2.0 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Pre ADS Portal 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) homeadmin/adminhome.php and (2) homeadmin/signinform.php.

CWE-79 Apr 13, 2009

CVE-2008-6700 1 PoC Analysis EPSS 0.02

Butterflymedia Butterfly Organizer - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Butterfly Organizer 2.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) mytable parameter to view.php, (2) mytable parameter to viewdb2.php, (3) tablehere parameter to category-rename.php, and (4) letter parameter to module-contacts.php.

CWE-79 Apr 10, 2009

CVE-2008-6699 EPSS 0.00

Typo3 < 0.1.0 - XSS

Cross-site scripting (XSS) vulnerability in Resource Library (tjs_reslib) 0.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

CWE-79 Apr 10, 2009

CVE-2008-6698 EPSS 0.00

Michael Fritz Worldcup - XSS

Cross-site scripting (XSS) vulnerability in TARGET-E WorldCup Bets (worldcup) 2.0.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

CWE-79 Apr 10, 2009

CVE-2008-6688 EPSS 0.00

Kevin Renskers Dmmjobcontrol < 1.15.0 - XSS

Cross-site scripting (XSS) vulnerability in JobControl (dmmjobcontrol) 1.15.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

CWE-79 Apr 10, 2009

CVE-2008-6687 EPSS 0.00

David Cadu Dcdgooglemap < 1.1.0 - XSS

Cross-site scripting (XSS) vulnerability in DCD GoogleMap (dcdgooglemap) 1.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

CWE-79 Apr 10, 2009

CVE-2008-6683 1 PoC Analysis EPSS 0.02

Yourfreeworld Apartment Search Script - XSS

Cross-site scripting (XSS) vulnerability in listtest.php in Apartment Search Script allows remote attackers to inject arbitrary web script or HTML via the r parameter.

CWE-79 Apr 10, 2009

CVE-2009-1281 1 PoC Analysis EPSS 0.00

Glfusion < 1.1.2 - XSS

Cross-site scripting (XSS) vulnerability in glFusion before 1.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Apr 09, 2009

CVE-2009-1279 EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5 through 1.5.9 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) com_admin component, (2) com_search component when "Gather Search Statistics" is enabled, and (3) the category view in the com_content component.

CWE-79 Apr 09, 2009

CVE-2008-6682 EPSS 0.01

Apache Struts < 2.0.11.1 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.x before 2.0.11.1 and 2.1.x before 2.1.1 allow remote attackers to inject arbitrary web script or HTML via vectors associated with improper handling of (1) " (double quote) characters in the href attribute of an s:a tag and (2) parameters in the action attribute of an s:url tag.

CWE-79 Apr 09, 2009

CVE-2008-6681 EPSS 0.00

Dojo < 1.0 - XSS

Cross-site scripting (XSS) vulnerability in dijit.Editor in Dojo before 1.1 allows remote attackers to inject arbitrary web script or HTML via XML entities in a TEXTAREA element.

CWE-79 Apr 09, 2009

CVE-2008-2025 EPSS 0.03

Apache Struts <1.2.9 - XSS

Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "insufficient quoting of parameters."

CWE-79 Apr 09, 2009

CVE-2007-6726 EPSS 0.02

Dojo 0.4.1-0.4.2 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and 0.4.2, as used in Apache Struts and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) xip_client.html and (2) xip_server.html in src/io/.

CWE-79 Apr 09, 2009

CVE-2008-6675 1 PoC Analysis EPSS 0.00

Quickersite - XSS

Multiple cross-site scripting (XSS) vulnerabilities in QuickerSite 1.8.5 allow remote attackers to inject arbitrary web script or HTML via (1) the close parameter to showThumb.aspx; (2) SB_redirect and (3) SB_feedback parameters in process_send.asp, as reachable through default.asp; (4) paramCode and (5) cColor parameters to picker.asp; and the (6) query string, (7) Referer header, and (8) X-FORWARDED-FOR header to rss.asp.

CWE-79 Apr 08, 2009

CVE-2008-6666 EPSS 0.00

Kronos Webta - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Kronos webTA allow remote attackers to inject arbitrary web script or HTML via the description field to (1) servlet/com.threeis.webta.H710selProject and (2) servlet/com.threeis.webta.H720editProjectInfo. NOTE: BID:29610 states that the initial report was incorrect, but the reason for this conclusion is unknown.

CWE-79 Apr 08, 2009