CVE & Exploit Intelligence Database

Updated 4h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

338,223 CVEs tracked 53,293 with exploits 4,731 exploited in wild 1,542 CISA KEV 3,930 Nuclei templates 37,826 vendors 42,585 researchers

42,457 results Clear all

CVE-2008-4118 EPSS 0.00

High Norm Sound Master 2nd - XSS

Cross-site scripting (XSS) vulnerability in High Norm Sound Master 2nd 1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Sep 18, 2008

CVE-2008-3622 EPSS 0.00

Apple Mac OS X 10.5-10.5.4 - XSS

Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5 through 10.5.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message that reaches a mailing-list archive, aka "persistent JavaScript injection."

CWE-79 Sep 16, 2008

CVE-2008-4089 1 PoC Analysis EPSS 0.03

Myphpnuke < 1.8.8_8 - XSS

Cross-site scripting (XSS) vulnerability in print.php in myPHPNuke (MPN) before 1.8.8_8rc2 allows remote attackers to inject arbitrary web script or HTML via the sid parameter.

CWE-79 Sep 15, 2008

CVE-2008-4083 1 PoC Analysis EPSS 0.01

Cross-site scripting (XSS) vulnerability in the Bookmarks plugin in Brim 2.0 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter in an addItemPost action to index.php. NOTE: some of these details are obtained from third party information.

CWE-79 Sep 15, 2008

CVE-2008-4079 EPSS 0.00

SIX Apart Movable Type < 1.54 - XSS

Cross-site scripting (XSS) vulnerability in Movable Type (MT) 4.x through 4.20, and 3.36 and earlier; Movable Type Enterprise 4.x through 4.20, and 1.54 and earlier; and Movable Type Community Solution allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Sep 15, 2008

CVE-2008-4076 EPSS 0.00

TOR World Interactive Bbs < 1.57 - XSS

Cross-site scripting (XSS) vulnerability in (1) Tor World Tor Board 1.3 and earlier, (2) Topics BBS 1.11 and earlier, (3) Simple BBS 1.86 and earlier, and (4) Interactive BBS 1.57 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-0917.

CWE-79 Sep 15, 2008

CVE-2008-3824 1 PoC Analysis EPSS 0.01

Horde 3.1.x-3.1.9, Horde 3.2.x-3.2.2, Popoon r22196 - XSS

Cross-site scripting (XSS) vulnerability in (1) Text_Filter/Filter/xss.php in Horde 3.1.x before 3.1.9 and 3.2.x before 3.2.2 and (2) externalinput.php in Popoon r22196 and earlier allows remote attackers to inject arbitrary web script or HTML by using / (slash) characters as replacements for spaces in an HTML e-mail message.

CWE-79 Sep 12, 2008

CVE-2008-3823 1 PoC Analysis EPSS 0.01

Horde 3.2.x <3.2.2 - XSS

Cross-site scripting (XSS) vulnerability in MIME/MIME/Contents.php in the MIME library in Horde 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of a MIME attachment in an e-mail message.

CWE-79 Sep 12, 2008

CVE-2008-4056 1 PoC Analysis EPSS 0.00

Matterdaddy Market - XSS

Cross-site scripting (XSS) vulnerability in admin/login.php in Matterdaddy Market 1.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CWE-79 Sep 11, 2008

CVE-2008-4053 1 PoC Analysis EPSS 0.00

Bluemoon PopnupBLOG <3.20-3.30 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in index.php in the Bluemoon PopnupBLOG module 3.20 and 3.30 for XOOPS allow remote attackers to inject arbitrary web script or HTML via the (1) param, (2) cat_id, and (3) view parameters.

CWE-79 Sep 11, 2008

CVE-2008-4051 1 PoC Analysis EPSS 0.01

Smart Survey 1.0 - XSS

Cross-site scripting (XSS) vulnerability in surveyresults.asp in Smart Survey 1.0 allows remote attackers to inject arbitrary web script or HTML via the sid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CWE-79 Sep 11, 2008

CVE-2008-4045 EPSS 0.00

@Mail 5.42 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in @Mail 5.42 allow remote attackers to inject arbitrary web script or HTML via the (1) file and (2) HelpFile parameters to parse.php, the (3) Folder and (4) start parameters to showmail.php, and the (5) abookview parameter to abook.php.

CWE-79 Sep 11, 2008

CVE-2008-3968 EPSS 0.00

PunBB <1.2.20 - XSS

Cross-site scripting (XSS) vulnerability in userlist.php in PunBB before 1.2.20 allows remote attackers to inject arbitrary web script or HTML via the p parameter.

CWE-79 Sep 11, 2008

CVE-2008-3966 EPSS 0.00

MyBB <1.4.1 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via (1) a certain referrer field in usercp2.php, (2) a certain location field in inc/functions_online.php, and certain (3) tsubject and (4) psubject fields in moderation.php.

CWE-79 Sep 11, 2008

CVE-2008-3664 9 PoCs Analysis EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in XRMS allow remote attackers to inject arbitrary web script or HTML via (1) the real name field, related to the user list; (2) the target parameter to login.php, (3) the title parameter to activities/some.php, (4) the company_name parameter to companies/some.php, (5) the last_name parameter to contacts/some.php, (6) the campaign_title parameter to campaigns/some.php, (7) the opportunity_title parameter to opportunities/some.php, (8) the case_title parameter to cases/some.php, (9) the file_id parameter to files/some.php, or (10) the starting parameter to reports/custom/mileage.php, a related issue to CVE-2008-1129.

CWE-79 Sep 05, 2008

CVE-2008-3935 6.1 MEDIUM EPSS 0.00

DIC shop_v50 <3.0, shop_v52 <2.0 - XSS

Cross-site scripting (XSS) vulnerability in DIC shop_v50 3.0 and earlier and shop_v52 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Sep 05, 2008

CVE-2008-3937 6.1 MEDIUM 3 PoCs Analysis EPSS 0.00

OpenDb 1.0.6 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Open Media Collectors Database (OpenDb) 1.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) user_id parameter in an edit action to user_admin.php, the (2) title parameter to listings.php, and the (3) redirect_url parameter to user_profile.php.

CWE-79 Sep 05, 2008

CVE-2008-3941 1 PoC Analysis EPSS 0.02

BizDirectory <2.04 - XSS

Cross-site scripting (XSS) vulnerability in BizDirectory 2.04 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter in a search action to the default URI.

CWE-79 Sep 05, 2008

CVE-2008-3923 1 PoC Analysis EPSS 0.04

CMME 1.12 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in statistics.php in Content Management Made Easy (CMME) 1.12 allow remote attackers to inject arbitrary web script or HTML via the (1) page and (2) year parameters in an hstat_year action.

CWE-79 Sep 04, 2008

CVE-2008-3917 1 PoC Analysis EPSS 0.03

Ovidentia 6.6.5 - XSS

Cross-site scripting (XSS) vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to inject arbitrary web script or HTML via the field parameter in a search action.

CWE-79 Sep 04, 2008