CVE & Exploit Intelligence Database

Updated 3h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

338,223 CVEs tracked 53,281 with exploits 4,731 exploited in wild 1,542 CISA KEV 3,929 Nuclei templates 37,826 vendors 42,573 researchers

42,457 results Clear all

CVE-2008-1636 EPSS 0.00

JV2 Quick Gallery 1.1 - XSS

Cross-site scripting (XSS) vulnerability in index.php in JV2 Quick Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the f parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CWE-79 Apr 02, 2008

CVE-2008-1630 EPSS 0.00

CuteFlow 1.5.0-2.10.0 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in CuteFlow 1.5.0 and 2.10.0 allow remote attackers to inject arbitrary web script or HTML via the language parameter to (1) page/showcirculation.php; and (2) edittemplate_step2.php, (3) showfields.php, (4) showuser.php, (5) editmailinglist_step1.php, and (6) showtemplates.php in pages/.

CWE-79 Apr 02, 2008

CVE-2008-1629 EPSS 0.00

PHPkrm <1.5.0 - XSS

Cross-site scripting (XSS) vulnerability in PHPkrm before 1.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Apr 02, 2008

CVE-2008-1603 EPSS 0.00

GNB DesignForm <3.9 - XSS

Cross-site scripting (XSS) vulnerability in GNB DesignForm before 3.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the email form.

CWE-79 Apr 01, 2008

CVE-2008-1604 EPSS 0.00

PerlMailer <3.02 - XSS

Cross-site scripting (XSS) vulnerability in PerlMailer before 3.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Apr 01, 2008

CVE-2008-1560 2 PoCs Analysis EPSS 0.01

Digiappz DigiDomain 2.2 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Digiappz DigiDomain 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) domain parameter to lookup_result.asp, and the (2) word1 and (3) word2 parameters to suggest_result.asp.

CWE-79 Mar 31, 2008

CVE-2008-1566 EPSS 0.00

ManageEngine Apps Mgr 8.x - XSS

Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine Applications Manager 8.x allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CWE-79 Mar 31, 2008

CVE-2008-1556 1 PoC Analysis EPSS 0.07

BolinOS 4.6.1 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in BolinOS 4.6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) system/actionspages/_b/contentFiles/gBImageViewer.php, (2) ForEditor parameter to (b) system/actionspages/_b/contentFiles/gBselectorContents.php, (3) the PATH_INFO to (c) gBLoginPage.php and (d) gBPassword.php in system/actionspages/_b/contentFiles/, (4) formlogin parameter to system/actionspages/_b/contentFiles/gBLoginPage.php, and the (5) bolini_searchengine46Search parameter to (e) help/index.php.

CWE-79 Mar 31, 2008

CVE-2008-1548 EPSS 0.00

Aeries Browser Interface <3.8.3.14 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Aeries Browser Interface (ABI) 3.8.3.14 in Eagle Software Aries Student Information System allow remote attackers to inject arbitrary web script or HTML via the (1) UserName parameter to loginproc.asp and the (2) usr parameter to Login.asp.

CWE-79 Mar 31, 2008

CVE-2008-1550 EPSS 0.00

CubeCart 4.2.1 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in index.php in CubeCart 4.2.1 allow remote attackers to inject arbitrary web script or HTML via (1) the _a parameter in a searchStr action and the (2) Submit parameter.

CWE-79 Mar 31, 2008

CVE-2008-1538 EPSS 0.00

ManageEngine EventLog Analyzer <10.0 - XSS

Cross-site scripting (XSS) vulnerability in searchAction.do in ManageEngine EventLog Analyzer 5 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Fixed in EventLog Analyzer 10.0 Build 10000.

CWE-79 Mar 28, 2008

CVE-2008-1536 EPSS 0.00

Pictures Pro Photo Cart 4.1 - XSS

Cross-site scripting (XSS) vulnerability in index.php in Pictures Pro (aka Tim Grissett) Photo Cart 4.1 allows remote attackers to inject arbitrary web script or HTML via the amessage parameter. NOTE: some of these details are obtained from third party information.

CWE-79 Mar 28, 2008

CVE-2008-1234 EPSS 0.07

Mozilla Firefox <2.0.0.13 - XSS

Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to inject arbitrary web script or HTML via event handlers, aka "Universal XSS using event handlers."

CWE-79 Mar 27, 2008

CVE-2008-1510 1 PoC Analysis EPSS 0.01

Alkacon OpenCMS 7.0.3 - XSS

Cross-site scripting (XSS) vulnerability in system/workplace/admin/accounts/users_list.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the (1) searchfilter or (2) listSearchFilter parameter.

CWE-79 Mar 25, 2008

CVE-2008-1499 1 PoC Analysis EPSS 0.02

cPanel <11.18.3,11.21.0-BETA - XSS

Cross-site scripting (XSS) vulnerability in frontend/x/manpage.html in cPanel 11.18.3 and 11.21.0-BETA allows remote attackers to inject arbitrary web script or HTML via the query string.

CWE-79 Mar 25, 2008

CVE-2008-1500 1 PoC Analysis EPSS 0.00

TinyPortal <1.0.3 - XSS

Cross-site scripting (XSS) vulnerability in index.php in TinyPortal 0.8.6 and 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the PHPSESSID parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CWE-79 Mar 25, 2008

CVE-2008-1503 EPSS 0.00

F5 BIG-IP 9.4.3 - XSS

Cross-site scripting (XSS) vulnerability in the web management interface in F5 BIG-IP 9.4.3 allows remote attackers to inject arbitrary web script or HTML via (1) the name of a node object, or the (2) sysContact or (3) sysLocation SNMP configuration field, aka "Audit Log XSS." NOTE: these issues might be resultant from cross-site request forgery (CSRF) vulnerabilities.

CWE-79 Mar 25, 2008

CVE-2008-1502 EPSS 0.01

KSES <1.4.003 - XSS

The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols.

CWE-79 Mar 25, 2008

CVE-2008-1504 1 PoC Analysis EPSS 0.00

phpHeaven phpMyChat 0.14.5 - XSS

Cross-site scripting (XSS) vulnerability in setup.php3 in phpHeaven phpMyChat 0.14.5 allows remote attackers to inject arbitrary web script or HTML via the Lang parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CWE-79 Mar 25, 2008

CVE-2008-1485 EPSS 0.00

PunBB <1.2.16 - XSS

Cross-site scripting (XSS) vulnerability in PunBB 1.2.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the get_host parameter to moderate.php.

CWE-79 Mar 24, 2008