Exploit Intelligence Platform – 370K+ CVEs, Ranked Exploits & EPSS Scores

CVE-2008-3779 1 PoC Analysis EPSS 0.04

Five Star Review Script - XSS

Cross-site scripting (XSS) vulnerability in search/index.php in Five Star Review Script allows remote attackers to inject arbitrary web script or HTML via the words parameter in a search action.

CWE-79 Aug 26, 2008

CVE-2008-3781 EPSS 0.00

GMOD GBrowse <1.69 - XSS

Cross-site scripting (XSS) vulnerability in GMOD GBrowse before 1.69 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Aug 26, 2008

CVE-2008-3773 1 PoC Analysis EPSS 0.04

vBulletin <3.7.2 PL1, <3.6.10 PL3 - XSS

Cross-site scripting (XSS) vulnerability in vBulletin 3.7.2 PL1 and 3.6.10 PL3, when "Show New Private Message Notification Pop-Up" is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a private message subject (aka newpm[title]).

CWE-79 Aug 22, 2008

CVE-2008-3771 1 PoC Analysis EPSS 0.03

Pars4u Videosharing - XSS

Cross-site scripting (XSS) vulnerability in members.php in Pars4u Videosharing 1 allows remote attackers to inject arbitrary web script or HTML via the PageNo parameter.

CWE-79 Aug 22, 2008

CVE-2008-3758 1 PoC Analysis EPSS 0.08

Lussumo Vanilla <1.1.4 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Lussumo Vanilla 1.1.4 and earlier (1) allow remote attackers to inject arbitrary web script or HTML via the NewPassword parameter to people.php, and allow remote authenticated users to inject arbitrary web script or HTML via the (2) Account picture and (3) Icon fields in account.php. NOTE: some of these details are obtained from third party information.

CWE-79 Aug 21, 2008

CVE-2008-3735 EPSS 0.00

PHPizabi <848 - XSS

Cross-site scripting (XSS) vulnerability in index.php in PHPizabi before 848 Core HotFix Pack 3 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a blogs.search action.

CWE-79 Aug 20, 2008

CVE-2008-3726 EPSS 0.01

MicroWorld Technologies MailScan <5.6.a - XSS

Cross-site scripting (XSS) vulnerability in Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to inject arbitrary web script or HTML via the URI.

CWE-79 Aug 20, 2008

CVE-2008-3730 EPSS 0.00

Nordicwind Document Management System <3.2.2 - XSS

Cross-site scripting (XSS) vulnerability in Nordicwind Document Management System (NOAH) before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Aug 20, 2008

CVE-2008-3712 2 PoCs Analysis EPSS 0.04

Mambo 4.6.2-4.6.5 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.2 and 4.6.5, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) query string to mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php and the (2) mosConfig_sitename parameter to administrator/popups/index3pop.php.

CWE-79 Aug 19, 2008

CVE-2008-3715 1 PoC Analysis EPSS 0.03

FlexCMS <2.5 - XSS

Cross-site scripting (XSS) vulnerability in inc-core-admin-editor-previouscolorsjs.php in the FlexCMS 2.5 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the PreviousColorsString parameter.

CWE-79 Aug 19, 2008

CVE-2008-3714 1 PoC Analysis EPSS 0.04

AWStats 6.8 - XSS

Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.8 allows remote attackers to inject arbitrary web script or HTML via the query_string, a different vulnerability than CVE-2006-3681 and CVE-2006-1945.

CWE-79 Aug 19, 2008

CVE-2008-3709 EPSS 0.00

CyBoards PHP Lite 1.21 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to inject arbitrary web script or HTML via the (1) lOptionsOptions, (2) lNavAdminOptions, or (3) lNavReturn parameter to options.php; or the (4) lNavReturn parameter to subscribe.php.

CWE-79 Aug 19, 2008

CVE-2008-3700 2 PoCs Analysis EPSS 0.03

Kayako SupportSuite <3.20.02 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite 3.20.02 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the sessionid parameter in a livesupport startclientchat action to visitor/index.php; (2) the filter parameter in a news view action to index.php; or the Full Name field in a (3) account creation, (4) ticket opening, or (5) chat request operation.

CWE-79 Aug 15, 2008

CVE-2008-3679 2 PoCs Analysis EPSS 0.01

IDevSpot PhpLinkExchange 1.01 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in index.php in IDevSpot PhpLinkExchange 1.01 allow remote attackers to inject arbitrary web script or HTML via the catid parameter in a (1) user_add, (2) recip, (3) tellafriend, or (4) contact action, or (5) in a request without an action; or (6) the id parameter in a tellafriend action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CWE-79 Aug 14, 2008

CVE-2008-3678 EPSS 0.00

Freeway <1.4.2.197 - XSS

Cross-site scripting (XSS) vulnerability in admin/search_links.php in Freeway before 1.4.2.197 allows remote attackers to inject arbitrary web script or HTML via the URL.

CWE-79 Aug 14, 2008

CVE-2008-3668 6 PoCs Analysis EPSS 0.00

Yogurt Social Network module 3.2 rc1 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in the Yogurt Social Network module 3.2 rc1 for XOOPS allow remote attackers to inject arbitrary web script or HTML via the uid parameter to (1) friends.php, (2) seutubo.php, (3) album.php, (4) scrapbook.php, (5) index.php, or (6) tribes.php; or (7) the description field of a new scrap.

CWE-79 Aug 13, 2008

CVE-2008-3516 EPSS 0.02

Adobe Presenter <7.0.1 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in files generated by Adobe Presenter 6 and 7 before 7.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) viewer.swf and (2) loadflash.js, a different vulnerability than CVE-2008-3515.

CWE-79 Aug 13, 2008

CVE-2008-3515 EPSS 0.02

Adobe Presenter <7.0.1 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in files generated by Adobe Presenter 6 and 7 before 7.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) viewer.swf and (2) loadflash.js, a different vulnerability than CVE-2008-3516.

CWE-79 Aug 13, 2008

CVE-2008-3596 EPSS 0.00

Harmoni <1.4.7 - XSS

Cross-site scripting (XSS) vulnerability in Harmoni before 1.4.7 allows remote attackers to inject arbitrary web script or HTML via the Username field, which is inserted into logs that could be rendered when viewed by an administrator.

CWE-79 Aug 12, 2008

CVE-2008-3587 1 PoC Analysis EPSS 0.02

Chris Bunting Homes 4 Sale - XSS

Cross-site scripting (XSS) vulnerability in result.php in Chris Bunting Homes 4 Sale allows remote attackers to inject arbitrary web script or HTML via the r parameter.

CWE-79 Aug 11, 2008

CVE & Exploit Intelligence Database

Investigate

Ecosystems

Reference Indexes

Recent Blog Posts

CVEForge Labs

KEV Gaps