CVE & Exploit Intelligence Database

Updated 4h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

338,325 CVEs tracked 53,302 with exploits 4,731 exploited in wild 1,542 CISA KEV 3,931 Nuclei templates 48,916 vendors 42,598 researchers

42,464 results Clear all

CVE-2008-6343 EPSS 0.00

Typo3 Tu-clausthal Odin - XSS

Cross-site scripting (XSS) vulnerability in the TU-Clausthal ODIN (tuc_odin) extension 0.0.1, 0.1.0, 0.1.1, and 0.2.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Feb 27, 2009

CVE-2008-6341 EPSS 0.00

Typo3 SB Universal Plugin < 2.0.1 - XSS

Cross-site scripting (XSS) vulnerability in the SB Universal Plugin (SBuniplug) extension 2.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Feb 27, 2009

CVE-2008-6340 EPSS 0.00

Mathieu Vidal MV Vox Populi < 0.3.0 - XSS

Cross-site scripting (XSS) vulnerability in the Vox populi (mv_vox_populi) extension 0.3.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Feb 27, 2009

CVE-2008-6325 6 PoCs Analysis EPSS 0.00

Softbizscripts Classifieds Script - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the (1) radio parameter to showcategory.php, (2) msg parameter to advertisers/signinform.php, (3) radio parameter to gallery.php, (4) msg parameter to lostpassword.php, (5) radio parameter to showcategory.php, (6) msg parameter to admin/adminhome.php, and (7) msg parameter to admin/index.php. NOTE: a different signinform.php file is already covered by CVE-2008-6306.

CWE-79 Feb 27, 2009

CVE-2008-6306 1 PoC Analysis EPSS 0.00

Softbizscripts Classifieds Script - XSS

Cross-site scripting (XSS) vulnerability in signinform.php in Softbiz Classifieds Script allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CWE-79 Feb 26, 2009

CVE-2009-0524 EPSS 0.02

Adobe RoboHelp <7 - XSS

Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 6 and 7, and RoboHelp Server 6 and 7, allows remote attackers to inject arbitrary web script or HTML via vectors involving files produced by RoboHelp.

CWE-79 Feb 26, 2009

CVE-2009-0523 EPSS 0.02

Adobe RoboHelp Server <7 - XSS

Cross-site scripting (XSS) vulnerability in Adobe RoboHelp Server 6 and 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled when displaying the Help Errors log.

CWE-79 Feb 26, 2009

CVE-2008-6299 EPSS 0.00

Joomla < 1.5.7 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 and earlier allow remote authenticated users with certain privileges to inject arbitrary web script or HTML via (1) the title and description parameters to the com_weblinks module and (2) unspecified vectors in the com_content module related to "article submission."

CWE-79 Feb 26, 2009

CVE-2008-6297 1 PoC Analysis EPSS 0.01

Cross-site scripting (XSS) vulnerability in order.php in DHCart allows remote attackers to inject arbitrary web script or HTML via the (1) domain and (2) d1 parameters.

CWE-79 Feb 26, 2009

CVE-2008-6295 EPSS 0.00

Camera Life - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Camera Life 2.6.2b8 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.php and (2) rss.php; the query string after the image name in (3) photos/photo; the path parameter to (4) folder.php; page parameter and REQUEST_URI to (5) login.php; ver parameter to (6) media.php; theme parameter to (7) modules/iconset/iconset-debug.php; and the REQUEST_URI to (8) index.php.

CWE-79 Feb 26, 2009

CVE-2008-6283 EPSS 0.00

Cross-site scripting (XSS) vulnerability in Subtext 2.0 allows remote attackers to inject arbitrary web script or HTML via a comment, related to "the feature which converts URLs to anchor tags."

CWE-79 Feb 25, 2009

CVE-2008-6280 1 PoC Analysis EPSS 0.15

Cisco Wrt160n - XSS

Cross-site scripting (XSS) vulnerability in apply.cgi on the Linksys WRT160N allows remote attackers to inject arbitrary web script or HTML via the action parameter in a DHCP_Static operation.

CWE-79 Feb 25, 2009

CVE-2008-6278 1 PoC Analysis EPSS 0.01

Rakhisoftware Shopping Cart - XSS

Multiple cross-site scripting (XSS) vulnerabilities in product.php in RakhiSoftware Price Comparison Script (aka Shopping Cart) allow remote attackers to inject arbitrary web script or HTML via the (1) category_id and (2) subcategory_id parameters.

CWE-79 Feb 25, 2009

CVE-2008-6275 EPSS 0.00

Drupal User Karma Module < 5.x-1.12 - XSS

Cross-site scripting (XSS) vulnerability in the User Karma module 5.x before 5.x-1.13 and 6.x before 6.x-1.0-beta1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified messages.

CWE-79 Feb 25, 2009

CVE-2009-0737 EPSS 0.01

MediaWiki <1.6.12-1.13.4 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in the web-based installer (config/index.php) in MediaWiki 1.6 before 1.6.12, 1.12 before 1.12.4, and 1.13 before 1.13.4, when the installer is in active use, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Feb 25, 2009

CVE-2009-0736 EPSS 0.00

Pebble <2.3.2 - XSS

Cross-site scripting (XSS) vulnerability in Pebble before 2.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Feb 25, 2009

CVE-2009-0541 3 PoCs Analysis EPSS 0.01

Magento 1.2.0-1.2.1.1 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Magento 1.2.0 and 1.2.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the username field in an admin/ request to index.php, possibly related to the login[username] parameter and the app/code/core/Mage/Admin/Model/Session.php login function; (2) the email address field in an admin/index/forgotpassword/ request to index.php, possibly related to the email parameter and the app/code/core/Mage/Adminhtml/controllers/IndexController.php forgotpasswordAction function; or (3) the return parameter to the default URI under downloader/.

CWE-79 Feb 25, 2009

CVE-2009-0540 EPSS 0.00

Libero <5.5 SP1 - XSS

Cross-site scripting (XSS) vulnerability in Libero 5.3 SP5, and possibly other versions before 5.5 SP1, allows remote attackers to inject arbitrary web script or HTML via the search term field.

CWE-79 Feb 25, 2009

CVE-2008-6267 1 PoC Analysis EPSS 0.02

Sadi Samami Multi Languages Webshop Online - XSS

Cross-site scripting (XSS) vulnerability in detail.php in Multi Languages WebShop Online 1.02 allows remote attackers to inject arbitrary web script or HTML via the name parameter.

CWE-79 Feb 25, 2009

CVE-2008-6259 1 PoC Analysis EPSS 0.04

Quadcomm Q-shop < 3.0 - XSS

Cross-site scripting (XSS) vulnerability in search.asp in QuadComm Q-Shop 3.0, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the srkeys parameter.

CWE-79 Feb 24, 2009