SiteWatch

14 exploits Active since Sep 2011
CVE-2011-5025 EXPLOITDB text WORKING POC
Yaws - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the wiki application in Yaws 1.88 allow remote attackers to inject arbitrary web script or HTML via (1) the tag parameter to editTag.yaws, (2) the index parameter to showOldPage.yaws, (3) the node parameter to allRefsToMe.yaws, or (4) the text parameter to editPage.yaws.
CVE-2011-3859 EXPLOITDB text WRITEUP
WordPress Trending <0.2 - XSS
Cross-site scripting (XSS) vulnerability in the Trending theme before 0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter.
CVE-2011-3861 EXPLOITDB text WRITEUP
Web Minimalist 200901 - XSS
Cross-site scripting (XSS) vulnerability in the Web Minimalist 200901 theme before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.
CVE-2011-3850 EXPLOITDB text WRITEUP
Atahualpa <3.6.8 - XSS
Cross-site scripting (XSS) vulnerability in the Atahualpa theme before 3.6.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
CVE-2011-3865 EXPLOITDB text WORKING POC
WordPress <1.6 - XSS
Cross-site scripting (XSS) vulnerability in the Black-LetterHead theme before 1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.
CVE-2011-3856 EXPLOITDB text WORKING POC
WordPress Elegant Grunge <1.0.4 - XSS
Cross-site scripting (XSS) vulnerability in the Elegant Grunge theme before 1.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
CVE-2011-3852 EXPLOITDB text WRITEUP
WordPress EvoLve <1.2.6 - XSS
Cross-site scripting (XSS) vulnerability in the EvoLve theme before 1.2.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
CVE-2011-3855 EXPLOITDB text WRITEUP
WordPress F8 Lite <4.2.2 - XSS
Cross-site scripting (XSS) vulnerability in the F8 Lite theme before 4.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
EIP-2026-114332 EXPLOITDB text WRITEUP
WordPress Theme Hybrid 0.9 - 'cpage' Cross-Site Scripting
CVE-2011-3862 EXPLOITDB text WORKING POC
Morning Coffee <3.6 - XSS
Cross-site scripting (XSS) vulnerability in the Morning Coffee theme before 3.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.
CVE-2011-3858 EXPLOITDB text WRITEUP
Pixiv Custom <2.1.6 - XSS
Cross-site scripting (XSS) vulnerability in the Pixiv Custom theme before 2.1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
CVE-2011-3863 EXPLOITDB text WORKING POC
WordPress RedLine <1.66 - XSS
Cross-site scripting (XSS) vulnerability in the RedLine theme before 1.66 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
CVE-2011-5023 EXPLOITDB text WORKING POC
Pligg Cms - XSS
Cross-site scripting (XSS) vulnerability in Pligg CMS 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the search program, a different vulnerability than CVE-2011-3986.
CVE-2011-5022 EXPLOITDB text WORKING POC
Pligg Cms - SQL Injection
SQL injection vulnerability in search.php in Pligg CMS 1.1.2 allows remote attackers to execute arbitrary SQL commands via the status parameter.