CVE & Exploit Intelligence Database

CVE-2008-3130 EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in index.php in OpenCart 0.7.7 allow remote attackers to inject arbitrary web script or HTML via the (1) firstname and (2) search parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CWE-79 Jul 10, 2008

CVE-2008-3121 EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in Xerox CentreWare Web (CWW) before 4.6.46 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Jul 10, 2008

CVE-2008-3091 EPSS 0.00

Cross-site scripting (XSS) vulnerability in the Taxonomy Autotagger module 5.x before 5.x-1.8 for Drupal allows remote authenticated users, with create or edit post permissions, to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Jul 09, 2008

CVE-2008-3088 1 PoC Analysis EPSS 0.04

Cross-site scripting (XSS) vulnerability in the Files module in Kasseler CMS 1.3.0 and 1.3.1 Lite allows remote attackers to inject arbitrary web script or HTML via the cid parameter in a Category action to index.php.

CWE-79 Jul 09, 2008

CVE-2008-3097 EPSS 0.00

Cross-site scripting (XSS) vulnerability in the Tinytax module (aka Tinytax taxonomy block) 5.x before 5.x-1.10-1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML, probably by creating a crafted taxonomy term.

CWE-79 Jul 09, 2008

CVE-2008-3095 EPSS 0.00

Cross-site scripting (XSS) vulnerability in the Organic Groups (OG) module 5.x before 5.x-7.3 and 6.x before 6.x-1.0-RC1, a module for Drupal, allows remote authenticated users, with group owner permissions, to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Jul 09, 2008

CVE-2008-2991 6.1 MEDIUM EPSS 0.03

Cross-site scripting (XSS) vulnerability in Adobe RoboHelp Server 6 and 7 allows remote attackers to inject arbitrary web script or HTML via vectors related to the Help Errors log.

CWE-79 Jul 09, 2008

CVE-2008-3082 EPSS 0.00

Cross-site scripting (XSS) vulnerability in UPM/English/login/login.asp in Commtouch Enterprise Anti-Spam Gateway 4 and 5 allows remote attackers to inject arbitrary web script or HTML via the PARAMS parameter.

CWE-79 Jul 09, 2008

CVE-2007-3653 2 PoCs Analysis EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in Farsi Script (aka FaScript) FaName 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) key or (2) desc parameter to index.php, or (3) the name parameter to page.php.

CWE-79 Jul 09, 2008

CVE-2008-1663 EPSS 0.00

Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) 2.1.10 and 2.1.11 on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Jul 09, 2008

CVE-2008-2247 EPSS 0.23

Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified e-mail fields, a different vulnerability than CVE-2008-2248.

CWE-79 Jul 08, 2008

CVE-2008-2248 EPSS 0.24

Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified HTML, a different vulnerability than CVE-2008-2247.

CWE-79 Jul 08, 2008

CVE-2008-3069 EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in MyBB before 1.2.13 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) portal.php and (2) inc/functions_post.php.

CWE-79 Jul 08, 2008

CVE-2008-2800 EPSS 0.02

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via vectors involving (1) an event handler attached to an outer window, (2) a SCRIPT element in an unloaded document, or (3) the onreadystatechange handler in conjunction with an XMLHttpRequest.

CWE-79 Jul 07, 2008

CVE-2008-2808 EPSS 0.02

Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not properly escape HTML in file:// URLs in directory listings, which allows remote attackers to conduct cross-site scripting (XSS) attacks or have unspecified other impact via a crafted filename.

CWE-79 Jul 07, 2008

CVE-2008-3029 EPSS 0.00

Cross-site scripting (XSS) vulnerability in the WEC Discussion Forum (wec_discussion) extension 1.6.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Jul 07, 2008

CVE-2008-3028 EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in the Send-A-Card (sr_sendcard) extension 2.2.2 and earlier for TYPO3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Jul 07, 2008

CVE-2008-3032 EPSS 0.00

Cross-site scripting (XSS) vulnerability in the phpMyAdmin (phpmyadmin) extension 3.0.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Jul 07, 2008

CVE-2008-3037 EPSS 0.00

Cross-site scripting (XSS) vulnerability in the Address Directory (sp_directory) extension 0.2.10 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Jul 07, 2008

CVE-2008-3023 EPSS 0.24

Cross-site scripting (XSS) vulnerability in FreeStyle Wiki 3.6.2 and earlier, and 3.6.3 dev3 and earlier development versions, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2005-1799.

CWE-79 Jul 07, 2008