CVE & Exploit Intelligence Database

Updated 3h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

338,325 CVEs tracked 53,302 with exploits 4,731 exploited in wild 1,542 CISA KEV 3,931 Nuclei templates 48,916 vendors 42,598 researchers

42,464 results Clear all

CVE-2008-6168 1 PoC Analysis EPSS 0.02

Miniportail - XSS

Cross-site scripting (XSS) vulnerability in search.php in miniPortail 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified argument, probably the search string.

CWE-79 Feb 19, 2009

CVE-2005-4878 EPSS 0.00

ACID 0.9.6b20 & BASE 1.2 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in (1) acid_qry_main.php in Analysis Console for Intrusion Databases (ACID) 0.9.6b20 and (2) base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.2, and unspecified other console scripts in these products, allow remote attackers to inject arbitrary web script or HTML via the sig[1] parameter and possibly other parameters, a different vulnerability than CVE-2007-6156.

CWE-79 Feb 18, 2009

CVE-2008-6161 EPSS 0.00

Sourceforge Wow Raid Manager < 3.5.0 - XSS

Cross-site scripting (XSS) vulnerability in WOW Raid Manager (WRM) before 3.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Feb 18, 2009

CVE-2009-0611 1 PoC Analysis EPSS 0.07

Novell Open Enterprise Server 1.x - XSS

Multiple cross-site scripting (XSS) vulnerabilities in qfsearch/AdminServlet in QuickFinder Server in Novell Open Enterprise Server 1.x allow remote attackers to inject arbitrary web script or HTML via (1) the siteloc parameter in a displayaddsite action, the site parameter in a (2) generalproperties or (3) clusterserviceproperties action, (4) the adminurl parameter in a global action, or (5) the print-list parameter.

CWE-79 Feb 17, 2009

CVE-2009-0359 EPSS 0.00

Samizdat <0.6.2 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Samizdat before 0.6.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) message title or (2) user full name.

CWE-79 Feb 17, 2009

CVE-2009-0603 EPSS 0.00

Drupal 5.10 - Link module 5.x-2.5 - XSS

Cross-site scripting (XSS) vulnerability in index.php in the Link module 5.x-2.5 for Drupal 5.10 allows remote authenticated users, with "administer content types" privileges, to inject arbitrary web script or HTML via the description parameter (aka the Help field). NOTE: some of these details are obtained from third party information.

CWE-79 Feb 16, 2009

CVE-2009-0594 1 PoC Analysis EPSS 0.03

phpSkelSite 1.4 - XSS

Cross-site scripting (XSS) vulnerability in index.php in phpSkelSite 1.4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

CWE-79 Feb 16, 2009

CVE-2008-6144 EPSS 0.00

Typo3 Wec Discussion Forum < 1.7.0 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in the WEC Discussion Forum (wec_discussion) extension 1.7.0 and earlier for TYPO3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-3029.

CWE-79 Feb 16, 2009

CVE-2008-6135 EPSS 0.00

EveryBlog 5.x-6.x - XSS

Cross-site scripting (XSS) vulnerability in EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Feb 14, 2009

CVE-2008-6130 EPSS 0.00

MoziloWiki <1.0.1 - XSS

Cross-site scripting (XSS) vulnerability in index.php in moziloWiki 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) action and (2) page parameters.

CWE-79 Feb 13, 2009

CVE-2008-6127 EPSS 0.00

MoziloCMS <1.10.2 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in moziloCMS 1.10.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) page and (2) query parameters to (a) index.php, (3) cat and (4) file parameters to (b) download.php, (5) gal parameter to gallery.php, and the (6) URL to admin/login.php.

CWE-79 Feb 13, 2009

CVE-2009-0575 EPSS 0.00

Drupal Views Bulk Operations <5.x-1.3 & <6.x-1.4 - XSS

Cross-site scripting (XSS) vulnerability in the theme_views_bulk_operations_confirmation function in views_bulk_operations.module in Views Bulk Operations 5.x before 5.x-1.3 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to node titles. NOTE: some of these details are obtained from third party information.

CWE-79 Feb 13, 2009

CVE-2009-0573 2 PoCs Analysis EPSS 0.01

FotoWeb 6.0 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in FotoWeb 6.0 (Build 273) allow remote attackers to inject arbitrary web script or HTML via the (1) s parameter to cmdrequest/Login.fwx and the (2) search parameter to Grid.fwx.

CWE-79 Feb 13, 2009

CVE-2009-0548 EPSS 0.00

ESET Remote Administrator <3.0.105 - XSS

Cross-site scripting (XSS) vulnerability in the Additional Report Settings interface in ESET Remote Administrator before 3.0.105 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information.

CWE-79 Feb 12, 2009

CVE-2009-0533 EPSS 0.00

Scripts for Sites EZ Reminder - XSS

Cross-site scripting (XSS) vulnerability in password.php in Scripts for Sites EZ Reminder allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving the u2 parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CWE-79 Feb 11, 2009

CVE-2009-0532 EPSS 0.00

Scripts For Sites EZ Baby - XSS

Cross-site scripting (XSS) vulnerability in password.php in Scripts For Sites (SFS) EZ Baby allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving the u2 parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CWE-79 Feb 11, 2009

CVE-2009-0529 1 PoC Analysis EPSS 0.03

SnippetMaster Webpage Editor 2.2.2 - XSS

Cross-site scripting (XSS) vulnerability in index.php in SnippetMaster Webpage Editor 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the language parameter.

CWE-79 Feb 11, 2009

CVE-2009-0526 1 PoC Analysis EPSS 0.03

AdaptCMS Lite 1.4 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in index.php in AdaptCMS Lite 1.4 allow remote attackers to inject arbitrary web script or HTML via the (1) url and (2) acuparam parameters, and (3) the URI.

CWE-79 Feb 11, 2009

CVE-2009-0525 EPSS 0.00

Sajax 0.12 - XSS

Cross-site scripting (XSS) vulnerability in the sajax_get_common_js function in php/Sajax.php in Sajax 0.12 allows remote attackers to inject arbitrary web script or HTML via the URL parameter, which is not properly handled when using browsers that do not URL-encode requests, such as Internet Explorer 6. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CWE-79 Feb 11, 2009

CVE-2008-6113 EPSS 0.00

SemanticScuttle <0.90 - XSS

Cross-site scripting (XSS) vulnerability in SemanticScuttle before 0.90 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the (1) username and (2) profile page.

CWE-79 Feb 11, 2009