CVE & Exploit Intelligence Database

Updated 15m ago

Search and track vulnerabilities with real-time exploit intelligence. Cross-reference CVEs against public exploits from ExploitDB, Metasploit, GitHub, and Nuclei — with CVSS and EPSS scoring, CISA KEV monitoring, and AI-powered exploit analysis.

338,223 CVEs tracked 53,274 with exploits 4,730 exploited in wild 1,542 CISA KEV 3,929 Nuclei templates 37,826 vendors 42,555 researchers

42,457 results Clear all

CVE-2006-0101 EPSS 0.00

Multiple cross-site scripting (XSS) vulnerabilities in sBLOG 0.7.1 Beta 20051202 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) p and (2) keyword parameters in (a) index.php and (b) search.php.

CWE-79 Jan 06, 2006

CVE-2006-0063 EPSS 0.00

phpBB 2.0.19 - XSS

Cross-site scripting (XSS) vulnerability in phpBB 2.0.19, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary web script or HTML via a permitted HTML tag with ' (single quote) characters and active attributes such as onmouseover, a variant of CVE-2005-4357.

CWE-79 Jan 05, 2006

CVE-2005-4658 EPSS 0.01

ASP-Programmers.com ASPKnowledgebase - XSS

Multiple cross-site scripting (XSS) vulnerabilities in ASP-Programmers.com ASPKnowledgebase allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in the administrative interface.

CWE-79 Dec 31, 2005

CVE-2005-4877 EPSS 0.00

Openfire 2.3.0 Beta 2 - XSS

Cross-site scripting (XSS) vulnerability in the login form (login.jsp) of the admin console in Openfire (formerly Wildfire) 2.3.0 Beta 2 allows remote attackers to inject arbitrary web script or HTML via Javascript events in the username parameter, a different vulnerability than CVE-2005-4876.

CWE-79 Dec 31, 2005

CVE-2005-4876 EPSS 0.00

Openfire <2.3.0 - XSS

Cross-site scripting (XSS) vulnerability in the login form (login.jsp) of the admin console in Openfire (formerly Wildfire) 2.2.2, and possibly other versions before 2.3.0 Beta 2, allows remote attackers to inject arbitrary web script or HTML via the username parameter, a different vulnerability than CVE-2005-4877.

CWE-79 Dec 31, 2005

CVE-2005-4838 EPSS 0.08

Jakarta Tomcat <5.5.6 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp. NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries.

CWE-79 Dec 31, 2005

CVE-2005-4583 EPSS 0.02

VMware ESX Server <2.5.x - RCE

Unspecified vulnerability in the Management Interface in VMware ESX Server 2.x up to 2.5.x before 24 December 2005 allows "remote code execution in the Web browser" via unspecified attack vectors, probably related to cross-site scripting (XSS).

CWE-79 Dec 29, 2005

CVE-2005-4491 3 PoCs Analysis EPSS 0.01

Sitekit CMS <6.6 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Sitekit CMS 6.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query string, (2) textonly, (3) locID, and (4) lang parameters to (a) Default.aspx, and the (6) ClickFrom parameter to (b) Request-call-back.html and (c) registration-form.html. NOTE: the vendor states "This issue was resolved by a minor update to Sitekit CMS v6.6, sanitising the html code and eradicating related security issues."

CWE-79 Dec 22, 2005

CVE-2005-4485 7 PoCs Analysis EPSS 0.01

ProjectApp <3.3 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in ProjectApp 3.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the keywords parameter to (1) forums.asp, (2) search_employees.asp, (3) cat.asp, and (4) links.asp; (5) projectid parameter to pmprojects.asp, (6) ret_page parameter to login.asp, and (7) skin_number parameter to default.asp.

CWE-79 Dec 22, 2005

CVE-2005-4386 EPSS 0.00

Colony CMS <2.75 - XSS

Cross-site scripting (XSS) vulnerability in Colony CMS 2.75 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters.

CWE-79 Dec 20, 2005

CVE-2005-4245 1 PoC Analysis EPSS 0.01

Snipegallery Snipe Gallery < 3.1.4 - XSS

Cross-site scripting (XSS) vulnerability in search.php in Snipe Gallery 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.

CWE-79 Dec 14, 2005

CVE-2005-4247 1 PoC Analysis EPSS 0.00

Cross-site scripting (XSS) vulnerability in index.php in Plogger Beta 2 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchterms parameter.

CWE-79 Dec 14, 2005

CVE-2005-3352 EPSS 0.26

Apache HTTP Server < 1.3.35 - XSS

Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.

CWE-79 Dec 13, 2005

CVE-2005-4190 EPSS 0.01

Horde Application Framework - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category and (3) Label search fields, (4) the Mobile Phone field, and (5) Date and (6) Time fields when importing CSV files, as exploited through modules such as (a) Turba Address Book, (b) Kronolith, (c) Mnemo, and (d) Nag.

CWE-79 Dec 13, 2005

CVE-2005-4161 1 PoC Analysis EPSS 0.01

Milliscripts - XSS

Multiple cross-site scripting (XSS) vulnerabilities in MilliScripts 1.4 redirect script allow remote attackers to inject arbitrary web script or HTML via the domainname parameter to register.php, and other unspecified vectors. NOTE: the vendor has disputed this issue, stating "No invalid input can reach the script.

CWE-79 Dec 11, 2005

CVE-2005-4060 1 PoC Analysis EPSS 0.01

Rainworx Rwauction Pro - XSS

Cross-site scripting (XSS) vulnerability in search.asp in rwAuction Pro 4.0 and 5.0 allows remote attackers to inject arbitrary web script or HTML via the searchtxt parameter.

CWE-79 Dec 07, 2005

CVE-2005-3955 2 PoCs Analysis EPSS 0.03

Blogbuddies - XSS

Multiple cross-site scripting (XSS) vulnerabilities in MagpieRSS 7.1, as used in (a) blogBuddiesv 0.3, (b) Jaws 0.6.2, and possibly other products, allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (2) rss_url parameter to (b) magpie_slashbox.php and (c) simple_smarty.php.

CWE-79 Dec 01, 2005

CVE-2005-3908 1 PoC Analysis EPSS 0.01

Amazon Shop < 5.0.0 - XSS

Cross-site scripting (XSS) vulnerability in search.php in GhostScripter Amazon Shop 5.0.0, and other versions before 5.0.2, allows remote attackers to inject web script or HTML via the query parameter.

CWE-79 Nov 30, 2005

CVE-2005-3770 2 PoCs Analysis EPSS 0.01

Multiple cross-site scripting (XSS) vulnerabilities in PHP-Post (PHPp) 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the subject in a post, or the user parameter to (2) profile.php and (3) mail.php.

CWE-79 Nov 23, 2005

CVE-2005-3759 EPSS 0.01

Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) gzip/tar and (2) css MIME viewers, which do not filter or escape dangerous HTML when extracting and displaying attachments.

CWE-79 Nov 22, 2005