CVE & Exploit Intelligence Database

CVE-2008-4634 EPSS 0.00

Cross-site scripting (XSS) vulnerability in Movable Type 4 through 4.21 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to the administrative page, a different vulnerability than CVE-2008-4079.

CWE-79 Oct 21, 2008

CVE-2008-4629 EPSS 0.00

Cross-site scripting (XSS) vulnerability in Usagi Project MyNETS 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Oct 21, 2008

CVE-2008-4612 1 PoC Analysis EPSS 0.07

Cross-site scripting (XSS) vulnerability in PortalApp 4.0 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter to (1) forums.asp and (2) content.asp.

CWE-79 Oct 20, 2008

CVE-2008-4601 1 PoC Analysis EPSS 0.02

Cross-site scripting (XSS) vulnerability in the login feature in Habari CMS 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the habari_username parameter.

CWE-79 Oct 18, 2008

CVE-2008-4596 EPSS 0.00

Cross-site scripting (XSS) vulnerability in Shindig-Integrator 5.x, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in generated pages.

CWE-79 Oct 17, 2008

CVE-2008-4591 1 PoC Analysis EPSS 0.03

Multiple cross-site scripting (XSS) vulnerabilities in admin/include/isadmin.inc.php in PhpWebGallery 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) lang[access_forbiden] and (2) lang[ident_title] parameters.

CWE-79 Oct 16, 2008

CVE-2008-4571 EPSS 0.00

Cross-site scripting (XSS) vulnerability in the LiveSearch module in Plone before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the Description field for search results, as demonstrated using the onerror Javascript even in an IMG tag.

CWE-79 Oct 15, 2008

CVE-2008-4020 EPSS 0.31

Cross-site scripting (XSS) vulnerability in Microsoft Office XP SP3 allows remote attackers to inject arbitrary web script or HTML via a document that contains a "Content-Disposition: attachment" header and is accessed through a cdo: URL, which renders the content instead of raising a File Download dialog box, aka "Vulnerability in Content-Disposition Header Vulnerability."

CWE-79 Oct 15, 2008

CVE-2008-4542 EPSS 0.00

Cross-site scripting (XSS) vulnerability in Cisco Unity 4.x before 4.2(1)ES162, 5.x before 5.0(1)ES56, and 7.x before 7.0(2)ES8 allows remote authenticated administrators to inject arbitrary web script or HTML by entering it in the database (aka data store).

CWE-79 Oct 13, 2008

CVE-2008-4411 EPSS 0.00

Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 2.1.15.210 on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2008-1663.

CWE-79 Oct 13, 2008

CVE-2008-4537 EPSS 0.01

Cross-site scripting (XSS) vulnerability in EC-CUBE Ver1 1.4.6 and earlier, Ver1 Beta 1.5.0-beta and earlier, Ver2 2.1.2a and earlier, Ver2 Beta(RC) 2.1.1-beta and earlier, Community Edition 1.3.4 and earlier, and Community Edition Nightly-Build r17336 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-4535 and CVE-2008-4536.

CWE-79 Oct 10, 2008

CVE-2008-4536 EPSS 0.00

Cross-site scripting (XSS) vulnerability in EC-CUBE Ver1 1.4.6 and earlier, Ver1 Beta 1.5.0-beta and earlier, Ver2 2.1.2a and earlier, Ver2 Beta(RC) 2.2.0-beta and earlier, Community Edition 1.3.4 and earlier, and Community Edition Nightly-Build r17319 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-4535 and CVE-2008-4537.

CWE-79 Oct 10, 2008

CVE-2008-4535 EPSS 0.00

Cross-site scripting (XSS) vulnerability in EC-CUBE Ver2 2.1.2a and earlier, EC-CUBE Ver2 Beta(RC) 2.2.0-beta and earlier, and EC-CUBE Community Edition Nighly-Build r17623 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-4536 and CVE-2008-4537.

CWE-79 Oct 10, 2008

CVE-2008-4533 EPSS 0.00

Cross-site scripting (XSS) vulnerability in Kantan WEB Server 1.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

CWE-79 Oct 10, 2008

CVE-2008-4532 1 PoC Analysis EPSS 0.03

Cross-site scripting (XSS) vulnerability in index.php in MaxiScript Website Directory allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a search action.

CWE-79 Oct 09, 2008

CVE-2008-4530 EPSS 0.00

Cross-site scripting (XSS) vulnerability in Brilliant Gallery 5.x before 5.x-4.2, a module for Drupal, allows remote authenticated users with permissions to inject arbitrary web script or HTML via unspecified vectors related to posting of answers.

CWE-79 Oct 09, 2008

CVE-2008-4520 EPSS 0.01

Cross-site scripting (XSS) vulnerability in bulk_update.pl in AutoNessus before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the remark parameter.

CWE-79 Oct 09, 2008

CVE-2008-4513 EPSS 0.01

Cross-site scripting (XSS) vulnerability in BBcode API module in Phorum 5.2.8 allows remote attackers to inject arbitrary web script or HTML via nested BBcode image tags.

CWE-79 Oct 09, 2008

CVE-2008-4488 EPSS 0.00

Cross-site scripting (XSS) vulnerability in ap-pages.php in Atarone CMS 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the (1) name and (2) id parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CWE-79 Oct 08, 2008

CVE-2008-4485 EPSS 0.01

Cross-site scripting (XSS) vulnerability in the ICAP patience page in Blue Coat Security Gateway OS (SGOS) 4.2 before 4.2.9, 5.2 before 5.2.5, and 5.3 before 5.3.1.7 allows remote attackers to inject arbitrary web script or HTML via the URL.

CWE-79 Oct 08, 2008