CVE & Exploit Intelligence Database

Updated 4h ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

338,223 CVEs tracked 53,278 with exploits 4,730 exploited in wild 1,542 CISA KEV 3,929 Nuclei templates 37,826 vendors 42,568 researchers

42,457 results Clear all

CVE-2007-6346 EPSS 0.01

Rainboard <2.10 - XSS

Cross-site scripting (XSS) vulnerability in Rainboard before 2.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Dec 13, 2007

CVE-2007-6343 EPSS 0.01

HP OpenView Network Node Manager - XSS

Cross-site scripting (XSS) vulnerability in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Dec 13, 2007

CVE-2007-5000 EPSS 0.77

Apache HTTP Server < 1.3.39 - XSS

Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Dec 13, 2007

CVE-2007-6321 1 PoC Analysis EPSS 0.07

RoundCube webmail <2007-12-09 - XSS

Cross-site scripting (XSS) vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and earlier versions, when using Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via style sheets containing expression commands.

CWE-79 Dec 12, 2007

CVE-2007-6316 1 PoC Analysis EPSS 0.05

BarracudaDrive <3.8 - XSS

Cross-site scripting (XSS) vulnerability in BarracudaDrive Web Server before 3.8 allows remote attackers to inject arbitrary web script or HTML via the URI path in an HTTP GET request, which is activated by administrators viewing log files via the Trace page.

CWE-79 Dec 12, 2007

CVE-2007-6309 2 PoCs Analysis EPSS 0.07

webSPELL 4.1.2 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in index.php in webSPELL 4.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the galleryID parameter in a usergallery upload action; or the (2) upID, (3) tag, (4) month, (5) userID, or (6) year parameter in a calendar announce action.

CWE-79 Dec 11, 2007

CVE-2007-6306 EPSS 0.02

JFreeChart 1.0.8 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in the image map feature in JFreeChart 1.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) chart name or (2) chart tool tip text; or the (3) href, (4) shape, or (5) coords attribute of a chart area.

CWE-79 Dec 11, 2007

CVE-2007-6312 EPSS 0.01

Websense Enterprise/Web Security Suite 6.3 - XSS

Cross-site scripting (XSS) vulnerability in the logon page in Web Reporting Tools portal in Websense Enterprise and Web Security Suite 6.3 allows remote attackers to inject arbitrary web script or HTML via the username field.

CWE-79 Dec 11, 2007

CVE-2007-6310 1 PoC Analysis EPSS 0.12

Falt4Extreme RC4 10.9.2007 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Falt4Extreme RC4 10.9.2007 allow remote attackers to inject arbitrary web script or HTML via the handler parameter to (1) index.php and possibly (2) admin/index.php, and (3) the topic parameter to modules/feed/feed.php (aka modules/feed.php).

CWE-79 Dec 11, 2007

CVE-2007-6308 EPSS 0.00

HttpLogger 0.8.1 - XSS

Cross-site scripting (XSS) vulnerability in HttpLogger 0.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CWE-79 Dec 11, 2007

CVE-2007-6307 1 PoC Analysis EPSS 0.11

wwwstats 3.21 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in clickstats.php in wwwstats 3.21 allow remote attackers to inject arbitrary web script or HTML via (1) the link parameter or (2) the User-Agent HTTP header.

CWE-79 Dec 11, 2007

CVE-2007-6205 EPSS 0.01

S9Y Serendipity <1.2.1 - XSS

Cross-site scripting (XSS) vulnerability in the remote RSS sidebar plugin (serendipity_plugin_remoterss) in S9Y Serendipity before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via a link in an RSS feed.

CWE-79 Dec 11, 2007

CVE-2007-6287 EPSS 0.00

Lxlabs HyperVM 2.0 - XSS

Cross-site scripting (XSS) vulnerability in the login page in Lxlabs HyperVM 2.0 allows remote attackers to inject arbitrary web script or HTML via the frm_emessage parameter, a different vector than CVE-2006-6649. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CWE-79 Dec 10, 2007

CVE-2007-6297 2 PoCs Analysis EPSS 0.01

PHPMyChat 0.14.5 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in PHPMyChat 0.14.5 allow remote attackers to inject arbitrary web script or HTML via the (1) LIMIT parameter to chat/deluser.php3, the (2) Link parameter to chat/edituser.php3, or the (3) LastCheck or (4) B parameter to chat/users_popupL.php3. NOTE: the FontName vectors for start_page.css.php3 and style.css.php3 are already covered by CVE-2005-1619. The medium vectors for start_page.css.php3 (start_page.css.php) and style.css.php3 (style.css.php), and the From vector for users_popupL.php3 (users_popupL.php), are already covered by CVE-2005-3991.

CWE-79 Dec 10, 2007

CVE-2007-6298 EPSS 0.00

Drupal 5.x - XSS

Cross-site scripting (XSS) vulnerability in the Shoutbox module for Drupal 5.x before Shoutbox 5.x-1.1 allows remote authenticated users to inject arbitrary web script or HTML via Shoutbox block messages.

CWE-79 Dec 10, 2007

CVE-2007-6301 1 PoC Analysis EPSS 0.06

OpenNewsletter <2.5 - XSS

Cross-site scripting (XSS) vulnerability in compose.php in OpenNewsletter 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the type parameter.

CWE-79 Dec 10, 2007

CVE-2007-6295 EPSS 0.00

IBM Lotus Sametime <8.0 - XSS

Cross-site scripting (XSS) vulnerability in the WebRunMenuFrame page in the online meeting center template in IBM Lotus Sametime before 8.0 allows remote attackers to inject arbitrary web script or HTML via the URI.

CWE-79 Dec 10, 2007

CVE-2007-6270 2 PoCs Analysis EPSS 0.11

Absolute News Manager.NET 5.1 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Absolute News Manager.NET 5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) rmore parameter to xlaabsolutenm.aspx and the (2) template parameter to pages/default.aspx.

CWE-79 Dec 07, 2007

CVE-2007-6274 EPSS 0.00

bcoos <1.0.10 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in modules/ecal/display.php in the Event Calendar in bcoos 1.0.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) day or (2) year parameter.

CWE-79 Dec 07, 2007

CVE-2007-5613 EPSS 0.04

Jetty < 6.1.6 - XSS

Cross-site scripting (XSS) vulnerability in Dump Servlet in Mortbay Jetty before 6.1.6rc1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters and cookies.

CWE-79 Dec 05, 2007