Exploit Intelligence Platform – 370K+ CVEs, Ranked Exploits & EPSS Scores

CVE-2005-3528 EPSS 0.01

Tikiwiki Cms/groupware - XSS

Cross-site scripting (XSS) vulnerability in tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remote attackers to inject arbitrary web script or HTML via the topics_offset parameter.

CWE-79 Nov 20, 2005

CVE-2005-3552 EPSS 0.01

Phpkit < 1.6.1 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in PHPKIT 1.6.1 R2 and earlier allow remote attackers to inject arbitrary web script or HTML via multiple vectors in (1) login/profile.php, (2) login/userinfo.php, (3) admin/admin.php, (4) imcenter.php, and the (5) referer statistics, the (6) HTML title element and (7) logo alt attributes in forum postings, and the (8) Homepage field in the Guestbook.

CWE-79 Nov 16, 2005

CVE-2005-3570 EPSS 0.01

Horde - XSS

Unspecified cross-site scripting (XSS) vulnerability in Horde before 2.2.9 allows remote attackers to inject arbitrary web script or HTML via "not properly escaped error messages".

CWE-79 Nov 16, 2005

CVE-2005-3511 EPSS 0.00

Spymac Web OS - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Spymac Web OS 4.0 allow remote attackers to inject arbitrary web script or HTML via (a) the blogs module, including the (1) curr parameter in index.php, (2) inspire, (3) system, or (4) title parameter in blog_newentry.php, (5) entry parameter in blog_newentry_comment.php, (6) entry parameter in blog_edit_entry.php, or (7) caldate parameter in blog.php; and (b) the notes module, including the (1) forwardid parameter in a noteform action; (2) del_folder parameter in a delete_folder action; (3) isread, (4) dateorder, (5) subjectorder, (6) curr, (7) fromorder, or (8) action parameters; (9) ppp or (10) totalreplies parameter in an Inbox action; (11) totalnotes parameter; or (12) touserid parameter in a noteform action.

CWE-79 Nov 06, 2005

CVE-2005-3496 EPSS 0.01

Php Handicapper - XSS

Cross-site scripting (XSS) vulnerability in PHP Handicapper allows remote attackers to inject arbitrary web script or HTML via the msg parameter to msg.php. NOTE: some sources identify a second vector in the login parameter to process_signup.php, but the original source says that it is for CRLF injection (CVE-2005-4712). Also note: the vendor has disputed CVE-2005-3497, and it is possible that the dispute was intended to include this issue as well. If so, followup investigation strongly suggests that the original report is correct.

CWE-79 Nov 04, 2005

CVE-2005-3283 EPSS 0.01

Tikiwiki Cms/groupware < 1.9.1 - XSS

Cross-site scripting (XSS) vulnerability in TikiWiki before 1.9.1.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

CWE-79 Oct 23, 2005

CVE-2005-3205 EPSS 0.00

Oracle9i Database Server Release 2 9.0.2.4 - XSS

Cross-site scripting (XSS) vulnerability in iSQL*Plus (iSQLPlus) in Oracle9i Database Server Release 2 9.0.2.4 allows remote attackers to inject arbitrary web script or HTML via script in the "set markup HTML TABLE" command, which is executed when the user selects a table.

CWE-79 Oct 14, 2005

CVE-2005-3047 EPSS 0.00

PhpMyFaq 1.5.1 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in PhpMyFaq 1.5.1 allow remote attackers to inject arbitrary web script or HTML via the (1) PMF_CONF[version] parameter to footer.php or (2) PMF_LANG[metaLanguage] to header.php.

CWE-79 Sep 24, 2005

CVE-2005-2981 EPSS 0.00

Orion <1.4.5 - XSS

Cross-site scripting (XSS) vulnerability in Orion 1.3.8 and 1.4.5 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly quoted in the resulting 404 error page.

CWE-79 Sep 20, 2005

CVE-2005-2818 EPSS 0.00

DownFile 1.3 - XSS

Cross-site scripting (XSS) vulnerability in DownFile 1.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter to (1) email.php,(2) index.php, (3) del.php, or (4) add_form.php.

CWE-79 Sep 07, 2005

CVE-2005-2406 EPSS 0.00

Opera Browser - XSS

Opera 8.01 allows remote attackers to conduct cross-site scripting (XSS) attacks or modify which files are uploaded by tricking a user into dragging an image that is a "javascript:" URI.

CWE-79 Aug 01, 2005

CVE-2005-2254 EPSS 0.00

Gianluca Baldo Phpauction - XSS

Multiple cross-site scripting (XSS) vulnerabilities in PhpAuction 2.5 allow remote attackers to inject arbitrary web script or HTML via the lan parameter to (1) index.php or (2) admin/index.php, or (3) the auction_id parameter to profile.php. NOTE: there is evidence that viewnews.php and login.php may not be part of the PhpAuction product, so they are not included in this description.

CWE-79 Jul 13, 2005

CVE-2005-2022 EPSS 0.00

SUN Iplanet Messaging Server - XSS

Unknown vulnerability in Webmail in iPlanet Messaging Server 5.2 Patch 1 and Sun ONE Messaging Server 6.2 allows remote attackers to execute arbitrary Javascript, possibly due to a cross-site scripting (XSS) vulnerability.

CWE-79 Jun 17, 2005

CVE-2005-1669 EPSS 0.00

Opera Browser < 8.01 - XSS

Cross-site scripting (XSS) vulnerability in Opera 8.0 Final Build 1095 allows remote attackers to inject arbitrary web script or HTML via "javascript:" URLs when a new window or frame is opened, which allows remote attackers to bypass access restrictions and perform unauthorized actions on other domains.

CWE-79 Jun 16, 2005

CVE-2005-0563 EPSS 0.23

Microsoft Exchange Server - XSS

Cross-site scripting (XSS) vulnerability in Microsoft Outlook Web Access (OWA) component in Exchange Server 5.5 allows remote attackers to inject arbitrary web script or HTML via an email message with an encoded javascript: URL ("jav&#X41sc
ript:") in an IMG tag.

CWE-79 Jun 14, 2005

CVE-2005-1778 EPSS 0.00

Postnuke - XSS

Cross-site scripting (XSS) vulnerability in readpmsg.php in PostNuke 0.750 allows remote attackers to inject arbitrary web script or HTML via the start parameter.

CWE-79 May 31, 2005

CVE-2005-1619 2 PoCs Analysis EPSS 0.04

Phpheaven Phpmychat - XSS

Multiple cross-site scripting (XSS) vulnerabilities in (1) start_page.css.php3 (aka start-page.css.php3) or (2) style.css.php3 in PHPMyChat 0.14.5 allow remote attackers to inject arbitrary web script or HTML commands via the FontName parameter. NOTE: it was later reported that 0.14.5 is also affected.

CWE-79 May 16, 2005

CVE-2005-1486 2 PoCs Analysis EPSS 0.17

FishCart 3.1 - XSS

Multiple cross-site scripting vulnerabilities in FishCart 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) trackingnum, (2) reqagree, or (3) m parameter to upstracking.php or (4) nlst parameter to display.php. NOTE: the vendor was not able to reproduce some of the reported vectors but believes that they have been addressed. The original researcher is known to be unreliable.

CWE-79 May 11, 2005

CVE-2005-0251 2 PoCs Analysis EPSS 0.03

Guillaumegardey Biborb - XSS

Cross-site scripting (XSS) vulnerability in bibindex.php for BibORB 1.3.2, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the search parameter.

CWE-79 May 02, 2005

CVE-2005-0896 1 PoC Analysis EPSS 0.00

Accomplishtechnology Phpmydirectory - XSS

Multiple cross-site scripting (XSS) vulnerabilities in review.php in phpMyDirectory 10.1.3-rel allow remote attackers to inject arbitrary web script or HTML via the (1) subcat, (2) page, or (3) subsubcat parameter.

CWE-79 May 02, 2005

CVE & Exploit Intelligence Database

Investigate

Ecosystems

Reference Indexes

Recent Blog Posts

CVEForge Labs

KEV Gaps