CVE & Exploit Intelligence Database

CVE-2009-1261 EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in Web Help Desk 9.1.22 (evaluation version) allow remote attackers to inject arbitrary web script or HTML via the (1) Report Name, (2) Asset No., and (3) Full Name fields in a Models action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CWE-79 Apr 07, 2009

CVE-2009-0796 1 PoC Analysis EPSS 0.61

Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI.

CWE-79 Apr 07, 2009

CVE-2008-6655 3 PoCs Analysis EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in GEDCOM_TO_MYSQL 2 allow remote attackers to inject arbitrary web script or HTML via the (1) nom_branche and (2) nom parameters to php/prenom.php; the (3) nom_branche parameter to php/index.php; and the (4) nom_branche, (5) nom, and (6) prenom parameters to php/info.php.

CWE-79 Apr 07, 2009

CVE-2008-6654 EPSS 0.00

Cross-site scripting (XSS) vulnerability in search_results.php in InfoBiz Server allows remote attackers to inject arbitrary web script or HTML via the keywords parameter.

CWE-79 Apr 07, 2009

CVE-2008-6646 EPSS 0.00

Cross-site scripting (XSS) vulnerability in index.php in CoronaMatrix phpAddressBook 2.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter.

CWE-79 Apr 07, 2009

CVE-2008-6645 EPSS 0.00

Cross-site scripting (XSS) vulnerability in Opencosmo VisualSentinel 0.7 allows remote attackers to inject arbitrary web script or HTML via the User-Agent header ($_SERVER ['HTTP_USER_AGENT']), which is not properly handled when displaying log files.

CWE-79 Apr 07, 2009

CVE-2008-6644 1 PoC Analysis EPSS 0.00

Cross-site scripting (XSS) vulnerability in Default.aspx in DotNetNuke 4.8.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

CWE-79 Apr 07, 2009

CVE-2008-6637 1 PoC Analysis EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in forgotPW.php in Library Video Company SAFARI Montage 3.1.x allow remote attackers to inject arbitrary web script or HTML via the (1) school and (2) email parameters.

CWE-79 Apr 07, 2009

CVE-2008-6631 1 PoC Analysis EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in index.php in BlogPHP 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) user parameter in a sendmessage action and the (2) username parameter when registering a new user, different vectors than CVE-2008-0679.

CWE-79 Apr 07, 2009

CVE-2008-6629 1 PoC Analysis EPSS 0.03

Cross-site scripting (XSS) vulnerability in detail.php in WEBBDOMAIN Multi Languages WebShop Online 1.02 allows remote attackers to inject arbitrary web script or HTML via the name parameter.

CWE-79 Apr 06, 2009

CVE-2008-6620 1 PoC Analysis EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in javascript/editor/editor/filemanager/browser/mcpuk/connectors/php/connector.php in GraFX miniCWB 2.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) errcontext, (2) _GET, (3) _POST, (4) _SESSION, (5) _SERVER, and (6) fckphp_config[Debug_SERVER] parameters.

CWE-79 Apr 06, 2009

CVE-2008-6616 1 PoC Analysis EPSS 0.00

Cross-site scripting (XSS) vulnerability in index.php in Zen Software Zen Cart 2008 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in the advanced_search_result page. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CWE-79 Apr 06, 2009

CVE-2009-1249 EPSS 0.00

Cross-site scripting (XSS) vulnerability in Feed element mapper 5.x before 5.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the content title in admin/content/node-type/nodetype/map.

CWE-79 Apr 06, 2009

CVE-2008-6609 1 PoC Analysis EPSS 0.01

Cross-site scripting (XSS) vulnerability in phpcksec.php in Stefan Ott phpcksec 0.2 allows remote attackers to inject arbitrary web script or HTML via the path parameter.

CWE-79 Apr 06, 2009

CVE-2008-6607 1 PoC Analysis EPSS 0.00

Cross-site scripting (XSS) vulnerability in view.php in MatPo Link 1.2 Beta allows remote attackers to inject arbitrary web script or HTML via the thema parameter.

CWE-79 Apr 06, 2009

CVE-2008-6600 EPSS 0.00

Cross-site scripting (XSS) vulnerability in the search feature in XMLPortal 3.0 allows remote attackers to inject arbitrary web script or HTML via the query parameter.

CWE-79 Apr 03, 2009

CVE-2008-6597 1 PoC Analysis EPSS 0.00

Cross-site scripting (XSS) vulnerability in upload/install/index.php in PHCDownload 1.1 allows remote attackers to inject arbitrary web script or HTML via the step parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CWE-79 Apr 03, 2009

CVE-2008-6589 EPSS 0.01

Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy "no database" (aka flat) version 1.2.2, and possibly SQLite version 1.2.2, allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) index.php and (2) LightNEasy.php.

CWE-79 Apr 03, 2009

CVE-2009-1228 1 PoC Analysis EPSS 0.03

Cross-site scripting (XSS) vulnerability in register.php in Arcadwy Arcade Script CMS allows remote attackers to inject arbitrary web script or HTML via the username field (user_name parameter).

CWE-79 Apr 02, 2009

CVE-2009-1225 1 PoC Analysis EPSS 0.00

Cross-site scripting (XSS) vulnerability in index.php in Turnkey Ebook Store 1.1 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a search action.

CWE-79 Apr 02, 2009