CVE & Exploit Intelligence Database

CVE-2009-1079 EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager (IdM) 7.0 through 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs 19659, 19660, and 19683.

CWE-79 Mar 25, 2009

CVE-2008-6515 1 PoC Analysis EPSS 0.01

Cross-site scripting (XSS) vulnerability in Fritz Berger yet another php photo album - next generation (yappa-ng) allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI.

CWE-79 Mar 24, 2009

CVE-2009-1047 EPSS 0.00

Cross-site scripting (XSS) vulnerability in the Send by e-mail module in the "Printer, e-mail and PDF versions" module 5.x before 5.x-4.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via vectors involving outbound HTML e-mail.

CWE-79 Mar 23, 2009

CVE-2008-6510 1 PoC Analysis EPSS 0.05

Cross-site scripting (XSS) vulnerability in login.jsp in the Admin Console in Openfire 3.6.0a and earlier allows remote attackers to inject arbitrary web script or HTML via the url parameter.

CWE-79 Mar 23, 2009

CVE-2009-1035 EPSS 0.00

Cross-site scripting (XSS) vulnerability in the Tasklist module 5.x-1.x before 5.x-1.3 and 5.x-2.x before 5.x-2.0-alpha1, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via Cascading Style Sheets (CSS).

CWE-79 Mar 20, 2009

CVE-2008-6503 2 PoCs Analysis EPSS 0.01

Multiple cross-site scripting (XSS) vulnerabilities in PrestaShop 1.1.0.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin/login.php and (2) order.php.

CWE-79 Mar 20, 2009

CVE-2008-6501 1 PoC Analysis EPSS 0.03

Cross-site scripting (XSS) vulnerability in profiles/index.php in Pro Chat Rooms 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the gud parameter.

CWE-79 Mar 20, 2009

CVE-2008-6500 1 PoC Analysis EPSS 0.02

Cross-site scripting (XSS) vulnerability in CodeToad ASP Shopping Cart Script allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI.

CWE-79 Mar 20, 2009

CVE-2009-1030 1 PoC Analysis EPSS 0.02

Cross-site scripting (XSS) vulnerability in the choose_primary_blog function in wp-includes/wpmu-functions.php in WordPress MU (WPMU) before 2.7 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header.

CWE-79 Mar 20, 2009

CVE-2008-6495 1 PoC Analysis EPSS 0.01

Cross-site scripting (XSS) vulnerability in index.php in Fritz Berger yet another php photo album - next generation (yappa-ng) 2.3.2 allows remote attackers to inject arbitrary web script or HTML via the album parameter.

CWE-79 Mar 20, 2009

CVE-2009-0971 EPSS 0.01

Cross-site scripting (XSS) vulnerability in futomi's CGI Cafe Access Analyzer CGI Standard Version 3.8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

CWE-79 Mar 19, 2009

CVE-2009-0934 EPSS 0.01

Cross-site scripting (XSS) vulnerability in ejabberd before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to links and MUC logs.

CWE-79 Mar 18, 2009

CVE-2009-0933 EPSS 0.00

Cross-site scripting (XSS) vulnerability in the administrative interface in Dotclear before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Mar 17, 2009

CVE-2009-0931 EPSS 0.00

Cross-site scripting (XSS) vulnerability in the tag cloud search script (horde/services/portal/cloud_search.php) in Horde before 3.2.4 and 3.3.3, and Horde Groupware before 1.1.5, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Mar 17, 2009

CVE-2009-0930 EPSS 0.01

Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP before 4.2.2 and 4.3.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) smime.php, (2) pgp.php, and (3) message.php.

CWE-79 Mar 17, 2009

CVE-2009-0917 EPSS 0.02

Cross-site scripting (XSS) vulnerability in DFLabs PTK 1.0.0 through 1.0.4 allows remote attackers to inject arbitrary web script or HTML by providing a forensic image containing HTML documents, which are rendered in web browsers during inspection by PTK. NOTE: the vendor states that the product is intended for use in a laboratory with "no contact from / to internet."

CWE-79 Mar 16, 2009

CVE-2009-0915 EPSS 0.01

Opera before 9.64 allows remote attackers to conduct cross-domain scripting attacks via unspecified vectors related to plug-ins.

CWE-79 Mar 16, 2009

CVE-2008-6476 1 PoC Analysis EPSS 0.00

Cross-site scripting (XSS) vulnerability in blog/search.aspx in BlogEngine.NET allows remote attackers to inject arbitrary web script or HTML via the q parameter.

CWE-79 Mar 16, 2009

CVE-2008-6465 NUCLEI EPSS 0.01

Multiple cross-site scripting (XSS) vulnerabilities in login.php in webshell4 in Parallels H-Sphere 3.0.0 P9 and 3.1 P1 allow remote attackers to inject arbitrary web script or HTML via the (1) err, (2) errorcode, and (3) login parameters.

CWE-79 Mar 13, 2009

CVE-2009-0877 EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express allow remote attackers to inject arbitrary web script or HTML via the (1) Full Name or (2) Subject field.

CWE-79 Mar 12, 2009