Exploit Intelligence Platform – 370K+ CVEs, Ranked Exploits & EPSS Scores

CVE-2005-0251 2 PoCs Analysis EPSS 0.03

Guillaumegardey Biborb - XSS

Cross-site scripting (XSS) vulnerability in bibindex.php for BibORB 1.3.2, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the search parameter.

CWE-79 May 02, 2005

CVE-2005-0477 1 PoC Analysis EPSS 0.01

Invision Power Services Invision Power Board - XSS

Cross-site scripting (XSS) vulnerability in the SML code for Invision Power Board 1.3.1 FINAL allows remote attackers to inject arbitrary web script via (1) a signature file or (2) a message post containing an IMG tag within a COLOR tag whose style is set to background:url.

CWE-79 Mar 30, 2005

CVE-2005-0485 EPSS 0.01

Phparena Panews - XSS

Cross-site scripting (XSS) vulnerability in comment.php for paNews 2.0b4 for PHP Arena allows remote attackers to inject arbitrary HTML and web script via the showpost parameter.

CWE-79 Mar 30, 2005

CVE-2005-0543 4 PoCs Analysis EPSS 0.03

Phpmyadmin - XSS

Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary HTML and web script via (1) the strServer, cfg[BgcolorOne], or strServerChoice parameters in select_server.lib.php, (2) the bg_color or row_no parameters in display_tbl_links.lib.php, the left_font_family parameter in theme_left.css.php, or the right_font_family parameter in theme_right.css.php.

CWE-79 Feb 24, 2005

CVE-2004-2742 EPSS 0.01

Businessobjects Crystal Enterprise - XSS

Cross-site scripting (XSS) vulnerability in the report viewer in Crystal Enterprise 8.5, 9, and 10 allows remote attackers to inject arbitrary web script or HTML via script in the URL to a report (RPT) file.

CWE-79 Dec 31, 2004

CVE-2004-2741 EPSS 0.01

Horde Application Framework - XSS

Cross-site scripting (XSS) vulnerability in the "help window" (help.php) in Horde Application Framework 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) module, (2) topic, or (3) module parameters.

CWE-79 Dec 31, 2004

CVE-2004-2688 EPSS 0.00

Newsphp - XSS

Cross-site scripting (XSS) vulnerability in index.php in NewsPHP allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter. NOTE: this issue might overlap vector 3 in CVE-2006-3358.

CWE-79 Dec 31, 2004

CVE-2004-2725 1 PoC Analysis EPSS 0.01

Aztek Forum - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Aztek Forum 4.0 allow remote attackers to inject arbitrary web script or HTML via (1) the search parameter in (a) search.php, (2) the email parameter in (b) subscribe.php, and (3) the return and (4) title parameters in (c) forum_2.php.

CWE-79 Dec 31, 2004

CVE-2004-2756 1 PoC Analysis EPSS 0.00

Xoops - XSS

Cross-site scripting (XSS) vulnerability in viewtopic.php in Xoops 2.x, possibly 2 through 2.0.5, allows remote attackers to inject arbitrary web script or HTML via the (1) forum and (2) topic_id parameters.

CWE-79 Dec 31, 2004

CVE-2004-1863 EPSS 0.01

Xmb - XSS

Multiple cross-site scripting (XSS) vulnerabilities in XMB (aka extreme message board) 1.9 beta (aka Nexus beta) allow remote attackers to inject arbitrary web script or HTML via (1) the u2uheader parameter in editprofile.php, the restrict parameter in (2) member.php, (3) misc.php, and (4) today.php, and (5) an arbitrary parameter in phpinfo.php.

CWE-79 Dec 31, 2004

CVE-2004-2702 1 PoC Analysis EPSS 0.08

Swsoft Plesk - XSS

Cross-site scripting (XSS) vulnerability in login_up.php3 in Plesk 7.0 and 7.1 Reloaded allows remote attackers to inject arbitrary web script or HTML via the login_name parameter. NOTE: this might be the same vector as CVE-2006-6451.

CWE-79 Dec 31, 2004

CVE-2004-1417 1 PoC Analysis EPSS 0.01

Psychostats < 2.2.4 - XSS

Cross-site scripting (XSS) vulnerability in login.php in PsychoStats 2.2.4 Beta and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter.

CWE-79 Dec 31, 2004

CVE-2004-1424 EPSS 0.01

Moodle - XSS

Cross-site scripting (XSS) vulnerability in view.php in Moodle 1.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter.

CWE-79 Dec 31, 2004

CVE-2004-2735 EPSS 0.01

Fredric Fredricson P4db < 2.01 - XSS

Cross-site scripting (XSS) vulnerability in P4DB 2.01 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) SET_PREFERENCES parameter in SetPreferences.cgi; (2) BRANCH parameter in branchView.cgi; (3) FSPC and (4) COMPLETE parameters in changeByUsers.cgi; (5) FSPC, (6) LABEL, (7) EXLABEL, (8) STATUS, (9) MAXCH, (10) FIRSTCH, (11) CHOFFSETDISP, (12) SEARCHDESC, (13) SEARCH_INVERT, (14) USER, (15) GROUP, and (16) CLIENT parameters in changeList.cgi; (17) CH parameter in changeView.cgi; (18) USER parameter in clientList.cgi; (19) CLIENT parameter in clientView.cgi; (20) FSPC parameter in depotTreeBrowser.cgi; (21) FSPC parameter in depotStats.cgi; (22) FSPC, (23) REV, (24) ACT, (25) FSPC2, (26) REV2, (27) CH, and (28) CONTEXT parameters in fileDiffView.cgi; (29) FSPC and (30) REV parameters in fileDownLoad.cgi; (31) FSPC, (32) LISTLAB, and (33) SHOWBRANCH parameters in fileLogView.cgi; (34) FSPC and (35) LABEL parameters in fileSearch.cgi; (36) FSPC, (37) REV, and (38) FORCE parameters in fileViewer.cgi; (39) FSPC parameter in filesChangedSince.cgi; (40) GROUP parameter in groupView.cgi; (41) TYPE, (42) FSPC, and (43) REV parameters in htmlFileView.cgi; (44) CMD parameter in javaDataView.cgi; (45) JOBVIEW and (46) FLD parameters in jobList.cgi; (47) JOB parameter in jobView.cgi; (48) LABEL1 and (49) LABEL2 parameters in labelDiffView.cgi; (50) LABEL parameter in labelView.cgi; (51) FSPC parameter in searchPattern.cgi; (52) TYPE, (53) FSPC, and (54) REV parameters in specialFileView.cgi; (55) GROUPSONLY parameter in userList.cgi; or (56) USER parameter in userView.cgi.

CWE-79 Dec 31, 2004

CVE-2004-2752 EPSS 0.00

Postnuke - XSS

Cross-site scripting (XSS) vulnerability in the Downloads module in PostNuke up to 0.726, and possibly later versions, allows remote attackers to inject arbitrary HTML and web script via the ttitle parameter in a viewdownloaddetails action.

CWE-79 Dec 31, 2004

CVE-2004-2755 EPSS 0.01

Symantec Web Security - XSS

Cross-site scripting (XSS) vulnerability in Symantec Web Security 2.5, 3.0.0, and 3.0.1 before build 62 allows remote attackers to inject arbitrary web script or HTML via the query string in blocked URLs that are listed in (1) error or (2) block page messages.

CWE-79 Dec 31, 2004

CVE-2004-2757 EPSS 0.00

Novell Ichain < 2.2 - XSS

Cross-site scripting (XSS) vulnerability in the failed login page in Novell iChain before 2.2 build 2.2.113 and 2.3 First Customer Ship (FCS) allows remote attackers to inject arbitrary web script or HTML via url parameter.

CWE-79 Dec 31, 2004

CVE-2004-2704 EPSS 0.25

Hastymail < 1.0.1 - XSS

Hastymail 1.0.1 and earlier (stable) and 1.1 and earlier (development) does not send the "attachment" parameter in the Content-Disposition field for attachments, which causes the attachment to be rendered inline by Internet Explorer when the victim clicks the download link, which facilitates cross-site scripting (XSS) and possibly other attacks.

CWE-79 Dec 31, 2004

CVE-2004-2701 1 PoC Analysis EPSS 0.01

Aspdotnetstorefront - XSS

Cross-site scripting (XSS) vulnerability in signin.aspx for AspDotNetStorefront 3.3 allows remote attackers to inject arbitrary web script or HTML via the returnurl parameter.

CWE-79 Dec 31, 2004

CVE-2004-2720 1 PoC Analysis EPSS 0.09

Snitz Communications Snitz Forums 2000 < 3.4.04 - XSS

Cross-site scripting (XSS) vulnerability in register.asp in Snitz Forums 2000 3.4.04 and earlier allows remote attackers to inject arbitrary web script or HTML via javascript events in the Email parameter.

CWE-79 Dec 31, 2004

CVE & Exploit Intelligence Database

Investigate

Ecosystems

Reference Indexes

Recent Blog Posts

CVEForge Labs

KEV Gaps