SiteWatch

14 exploits Active since Sep 2011
CVE-2011-5025 EXPLOITDB text WORKING POC
Yaws 1.88 - Cross-Site Scripting via Wiki Application Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the wiki application in Yaws 1.88 allow remote attackers to inject arbitrary web script or HTML via (1) the tag parameter to editTag.yaws, (2) the index parameter to showOldPage.yaws, (3) the node parameter to allRefsToMe.yaws, or (4) the text parameter to editPage.yaws.
CVE-2011-3859 EXPLOITDB text WRITEUP
Trending theme < 0.1 - Cross-Site Scripting via cpage Parameter
Cross-site scripting (XSS) vulnerability in the Trending theme before 0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter.
CVE-2011-3861 EXPLOITDB text WRITEUP
Web Minimalist 200901 < 1.2 - Cross-Site Scripting via PATH_INFO to index.php
Cross-site scripting (XSS) vulnerability in the Web Minimalist 200901 theme before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.
CVE-2011-3850 EXPLOITDB text WRITEUP
Atahualpa < 3.6.8 - Cross-Site Scripting via s Parameter
Cross-site scripting (XSS) vulnerability in the Atahualpa theme before 3.6.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
CVE-2011-3865 EXPLOITDB text WORKING POC
Black-LetterHead < 1.6 - Cross-Site Scripting via PATH_INFO to index.php
Cross-site scripting (XSS) vulnerability in the Black-LetterHead theme before 1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.
CVE-2011-3856 EXPLOITDB text WORKING POC
WordPress Elegant Grunge <1.0.4 - XSS
Cross-site scripting (XSS) vulnerability in the Elegant Grunge theme before 1.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
CVE-2011-3852 EXPLOITDB text WRITEUP
EvoLve < 1.2.6 - Cross-Site Scripting via s Parameter
Cross-site scripting (XSS) vulnerability in the EvoLve theme before 1.2.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
CVE-2011-3855 EXPLOITDB text WRITEUP
F8 Lite < 4.2.2 - Cross-Site Scripting via s Parameter
Cross-site scripting (XSS) vulnerability in the F8 Lite theme before 4.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
EIP-2026-114332 EXPLOITDB text WRITEUP
WordPress Theme Hybrid 0.9 - 'cpage' Cross-Site Scripting
CVE-2011-3862 EXPLOITDB text WORKING POC
Morning Coffee < 3.6 - Cross-Site Scripting via PATH_INFO
Cross-site scripting (XSS) vulnerability in the Morning Coffee theme before 3.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.
CVE-2011-3858 EXPLOITDB text WRITEUP
zespia/pixiv_custom < 2.1.6 - Cross-Site Scripting via s Parameter
Cross-site scripting (XSS) vulnerability in the Pixiv Custom theme before 2.1.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
CVE-2011-3863 EXPLOITDB text WORKING POC
RedLine < 1.66 - Cross-Site Scripting via s Parameter
Cross-site scripting (XSS) vulnerability in the RedLine theme before 1.66 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter.
CVE-2011-5023 EXPLOITDB text WORKING POC
Pligg CMS 1.1.4 - Cross-Site Scripting via PATH_INFO to Search Program
Cross-site scripting (XSS) vulnerability in Pligg CMS 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the search program, a different vulnerability than CVE-2011-3986.
CVE-2011-5022 EXPLOITDB text WORKING POC
Pligg CMS 1.1.2 - SQL Injection via Status Parameter
SQL injection vulnerability in search.php in Pligg CMS 1.1.2 allows remote attackers to execute arbitrary SQL commands via the status parameter.