Exploit Intelligence Platform – 370K+ CVEs, Ranked Exploits & EPSS Scores

CVE-2008-5807 EPSS 0.00

TestLink <1.8 RC1 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.8 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) Testproject Names and (2) Testplan Names in planEdit.php, and possibly (3) Testcaseprefixes in projectview.tpl.

CWE-79 Dec 31, 2008

CVE-2008-5799 EPSS 0.00

TYPO3 fsmi_people <0.0.24 - XSS

Cross-site scripting (XSS) vulnerability in the Wir ber uns (fsmi_people) extension 0.0.24 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Dec 31, 2008

CVE-2008-5795 EPSS 0.00

TYPO3 eluna Page Comments <1.1.2 - XSS

Cross-site scripting (XSS) vulnerability in the eluna Page Comments (eluna_pagecomments) extension 1.1.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Dec 31, 2008

CVE-2008-5786 EPSS 0.00

Silva <1.6.3.2 - Silva <2.0.12.2 - Silva <2.1.0.2 - XSS

Cross-site scripting (XSS) vulnerability in the Silva Find extension 1.1.5 and earlier in Silva 1.x before 1.6.3.2, Silva 2.0 before 2.0.12.2, and Silva 2.1 before 2.1.0.2 allows remote attackers to inject arbitrary web script or HTML via the fulltext parameter.

CWE-79 Dec 31, 2008

CVE-2008-5770 1 PoC Analysis EPSS 0.05

PHP Weather 2.2.2 - XSS

Cross-site scripting (XSS) vulnerability in config/make_config.php in PHP Weather 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

CWE-79 Dec 30, 2008

CVE-2008-5769 EPSS 0.01

Kerio MailServer <6.6.2 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Kerio MailServer before 6.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) folder parameter to mailCompose.php or the (2) daytime parameter to calendarEdit.php. NOTE: some of these details are obtained from third party information.

CWE-79 Dec 30, 2008

CVE-2008-5761 1 PoC Analysis EPSS 0.07

FlatnuX CMS - XSS

Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS (aka Flatnuke3) 2008-12-11 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter to the default URI; (2) the foto parameter to photo.php in the 05_Foto module; or (3) the name parameter in an insertrecord action to index.php in the 08_Files module, as demonstrated by injection within a SRC attribute of an IFRAME element.

CWE-79 Dec 30, 2008

CVE-2008-5760 EPSS 0.01

Kerio MailServer <6.6.2 - XSS

Cross-site scripting (XSS) vulnerability in error413.php in Kerio MailServer before 6.6.2 allows remote attackers to inject arbitrary web script or HTML via the sent parameter. NOTE: some of these details are obtained from third party information.

CWE-79 Dec 30, 2008

CVE-2008-5759 1 PoC Analysis EPSS 0.00

FlatnuX CMS (aka Flatnuke3) - XSS

Cross-site scripting (XSS) vulnerability in FlatnuX CMS (aka Flatnuke3) 2008-12-11 allows remote attackers to inject arbitrary web script or HTML via the name parameter in an updaterecord action to index.php in the 08_Files module. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CWE-79 Dec 30, 2008

CVE-2008-5757 EPSS 0.00

Textpattern <4.0.6 - XSS

Cross-site scripting (XSS) vulnerability in textarea/index.php in Textpattern (aka Txp CMS) 4.0.6 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the Body parameter in an article action. NOTE: some of these details are obtained from third party information.

CWE-79 Dec 30, 2008

CVE-2008-5734 EPSS 0.00

IceWarp Software Merak Mail Server 9.3.2 - XSS

Cross-site scripting (XSS) vulnerability in WebMail Pro in IceWarp Software Merak Mail Server 9.3.2 allows remote attackers to inject arbitrary web script or HTML via an IMG element in an HTML e-mail message.

CWE-79 Dec 26, 2008

CVE-2008-5729 1 PoC Analysis EPSS 0.03

AIST NetCat <3.12 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in AIST NetCat 3.12 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) form and (2) control parameters to FCKeditor/neditor.php, and the (3) path parameter to admin/siteinfo/iframe.inc.php.

CWE-79 Dec 26, 2008

CVE-2008-5720 EPSS 0.00

Mayaa <1.1.23 - XSS

Cross-site scripting (XSS) vulnerability in Mayaa before 1.1.23 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the default error page for the org.seasar.mayaa.impl.engine.PageNotFoundException exception and possibly other exceptions.

CWE-79 Dec 26, 2008

CVE-2008-5719 EPSS 0.00

Hitachi Groupmax <06-52-/C-A - XSS

Cross-site scripting (XSS) vulnerability in Hitachi Groupmax Web Workflow SDK Set for Active Server Pages before 06-52-/C and Hitachi Groupmax Workflow - Development Kit for Active Server Pages before 06-52-/A allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Dec 26, 2008

CVE-2008-5717 EPSS 0.00

Hitachi JP1/Integrated Management - XSS

Cross-site scripting (XSS) vulnerability in Hitachi JP1/Integrated Management - Service Support 08-10 through 08-10-05, 08-11 through 08-11-03, and 08-50 through 08-50-03 on Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Dec 26, 2008

CVE-2008-5250 EPSS 0.00

MediaWiki <1.6.11, <1.12.2, <1.13.3 - XSS

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.6.11, 1.12.x before 1.12.2, and 1.13.x before 1.13.3, when Internet Explorer is used and uploads are enabled, or an SVG scripting browser is used and SVG uploads are enabled, allows remote authenticated users to inject arbitrary web script or HTML by editing a wiki page.

CWE-79 Dec 19, 2008

CVE-2008-5249 EPSS 0.00

MediaWiki <1.13.3 - XSS

Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.0 through 1.13.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Dec 19, 2008

CVE-2008-0971 EPSS 0.00

Barracuda Networks Barracuda IM Firewall < 3.0.01.008 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in Barracuda Spam Firewall (BSF) before 3.5.12.007, Message Archiver before 1.2.1.002, Web Filter before 3.3.0.052, IM Firewall before 3.1.01.017, and Load Balancer before 2.3.024 allow remote attackers to inject arbitrary web script or HTML via (1) the Policy Name field in Search Based Retention Policy in Message Archiver; unspecified parameters in the (2) IP Configuration, (3) Administration, (4) Journal Accounts, (5) Retention Policy, and (6) GroupWise Sync components in Message Archiver; (7) input to search operations in Web Filter; and (8) input used in error messages and (9) hidden INPUT elements in (a) Spam Firewall, (b) IM Firewall, and (c) Web Filter.

CWE-79 Dec 19, 2008

CVE-2008-5682 EPSS 0.00

Opera <9.63 - XSS

Cross-site scripting (XSS) vulnerability in Opera before 9.63 allows remote attackers to inject arbitrary web script or HTML via built-in XSLT templates.

CWE-79 Dec 19, 2008

CVE-2008-5668 EPSS 0.00

Textpattern 4.0.5 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Textpattern (aka Txp CMS) 4.0.5 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to setup/index.php or (2) the name parameter to index.php in the comments preview section.

CWE-79 Dec 19, 2008

CVE & Exploit Intelligence Database

Investigate

Ecosystems

Reference Indexes

Recent Blog Posts

CVEForge Labs

KEV Gaps