CVEs from 2013
Total
5,688
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.1%
% with KEV
0.7%
% with exploit
11.6%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-5953 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in tmpl/layout_editevent.php in the Multi Calendar (com_multicalendar) component 4.0.2, and possibly 4.8.5 and earlier, for Joomla! allow remote at… | |||
| CVE-2013-5952 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Freichat (com_freichat) component, possibly 9.4 and earlier, for Joomla! allow remote attackers to inject arbitrary web script or HTML via t… | |||
| CVE-2013-0201 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) QUERY_STRING to core/lostpassword/… | |||
| CVE-2013-4059 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Information Server 8.x through 8.5 FP3, 8.7.x through 8.7 FP2, and 9.1.x through 9.1.2.0 allow remote attackers to inject arbitra… | |||
| CVE-2013-0298 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x before 4.5.7 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted iCalendar file to the calendar appli… | |||
| CVE-2013-2671 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Brother MFC-9970CDW printer with firmware L (1.10) allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) val p… | |||
| CVE-2013-2670 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Brother MFC-9970CDW printer with firmware G (1.03) and L (1.10) allows remote attackers to inject arbitrary web script or HTML via an arbitrary paramet… | |||
| CVE-2013-2507 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Brother MFC-9970CDW printer with firmware G (1.03) allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to… | |||
| CVE-2013-1759 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Responsive Logo Slideshow plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the "URL and Image" field. | |||
| CVE-2013-1758 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Marekkis Watermark plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pfad parameter to wp-admin/options… | |||
| CVE-2013-6209 | medium | — | 4.3 | 12y ago | Unspecified vulnerability in rpc.lockd in the NFS subsystem in HP HP-UX B.11.11 and B.11.23 allows remote attackers to cause a denial of service via unknown vectors. | |||
| CVE-2013-7335 | medium | — | 4.3 | 12y ago | DotNetNuke (DNN) Open redirect vulnerability | |||
| CVE-2013-4649 | medium | — | 4.3 | 12y ago | DotNetNuke (DNN) Cross-site scripting (XSS) vulnerability via the __dnnVariable parameter | |||
| CVE-2013-4433 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in XHProf before 0.9.4 allows remote attackers to inject arbitrary web script or HTML via the run parameter. | |||
| CVE-2013-4194 | medium | — | 4.3 | 12y ago | The WYSIWYG component (wysiwyg.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers to obtain sensitive information via a crafted URL, which reveals the … | |||
| CVE-2013-4190 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in (1) spamProtect.py, (2) pts.py, and (3) request.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers… | |||
| CVE-2013-4188 | medium | — | 4.3 | 12y ago | traverser.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers with administrator privileges to cause a denial of service (infinite loop and resource cons… | |||
| CVE-2013-6037 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in index.php in Aker Secure Mail Gateway 2.5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg_id parameter. | |||
| CVE-2013-6944 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the user interface in the AAA TM vServer in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 b… | |||
| CVE-2013-2270 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the administration page in Airvana HubBub C1-600-RT and Sprint AIRAVE 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified ve… | |||
| CVE-2013-1890 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) new_name parameter to apps/bookmarks/ajax… | |||
| CVE-2013-6315 | medium | — | 4.3 | 12y ago | IBM InfoSphere Enterprise Records 4.5.1 before 4.5.1.7-IER-IF001 and Enterprise Records 5.1.1 before 5.1.1.1-IER-IF003 do not properly restrict use of FRAME elements, which makes it easier for remote… | |||
| CVE-2013-6318 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and A… | |||
| CVE-2013-6730 | medium | — | 4.3 | 12y ago | IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x before 7.0.0.2 CF27, and 8.0.0.x before 8.0.0.1 CF10, when the wcm.path.traversal.security setting is enabled,… | |||
| CVE-2013-3487 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in the security log in the BulletProof Security plugin before .49 for WordPress allow remote attackers to inject arbitrary web script or HTML via u… | |||
| CVE-2013-4054 | medium | — | 4.3 | 12y ago | Directory traversal vulnerability in WMQ Telemetry in IBM WebSphere MQ 7.5 before 7.5.0.3 allows remote attackers to read arbitrary files via a crafted URI. | |||
| CVE-2013-4590 | medium | — | 4.3 | 12y ago | Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat | |||
| CVE-2013-4322 | medium | — | 4.3 | 12y ago | Apache Tomcat Denial of Service vulnerability | |||
| CVE-2013-6047 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in the site creation interface in ikiwiki-hosting before 0.20131025 allow remote attackers to inject arbitrary web script or HTML via unspecified v… | |||
| CVE-2013-6732 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 … | |||
| CVE-2013-1070 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the API in Ubuntu Metal as a Service (MaaS) 1.2 and 1.4 allows remote attackers to inject arbitrary web script or HTML via the op parameter to nodes/. | |||
| CVE-2013-7326 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in vTiger CRM 5.4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) return_url parameter to modules\com_vtiger_workflow\savetemplat… | |||
| CVE-2013-7032 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in the web based operator client in LiveZilla before 5.1.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name of an u… | |||
| CVE-2013-4499 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the Bean module 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via the bean title. | |||
| CVE-2013-4415 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) whereCriteria variab… | |||
| CVE-2013-2585 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Atmail Webmail Server 6.6.x before 6.6.3 and 7.0.x before 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.p… | |||
| CVE-2013-3933 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the JoomShopping (com_joomshopping) component before 4.3.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the user_name par… | |||
| CVE-2013-1413 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in synetics i-doit open 0.9.9-7, i-doit pro 1.0 and earlier, and i-doit pro 1.0.2 when the 'sanitize user input' flag is not enabled, allow remote … | |||
| CVE-2013-5013 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.2 allow remote attackers to inject arbitrary web script or HTML via … | |||
| CVE-2013-2038 | medium | — | 4.3 | 13y ago | The NMEA0183 driver in gpsd before 3.9 allows remote attackers to cause a denial of service (daemon termination) and possibly execute arbitrary code via a GPS packet with a malformed $GPGGA interpret… | |||
| CVE-2013-7321 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in D-Link DAP-2253 Access Point (Rev. A1) with firmware before 1.30 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-6478 | medium | — | 4.3 | 13y ago | gtkimhtml.c in Pidgin before 2.10.8 does not properly interact with underlying library support for wide Pango layouts, which allows user-assisted remote attackers to cause a denial of service (applic… | |||
| CVE-2013-5983 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in GuppY before 4.6.28 allow remote attackers to inject arbitrary web script or HTML via the (1) "an" parameter to agenda.php or (2) cat parameter … | |||
| CVE-2013-4449 | medium | — | 4.3 | 13y ago | The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a s… | |||
| CVE-2013-1880 | medium | — | 4.3 | 13y ago | Apache ActiveMQ Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet | |||
| CVE-2013-1967 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in MediaElement.js before 2.11.2, as used in ownCloud Server 5.0.x before 5.0.5 and 4.5.x before 4.5.10, allows remote attackers to i… | |||
| CVE-2013-1470 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in calendar/index.php in the Calendar plugin in Geeklog before 1.8.2sr1 and 2.0.0 before 2.0.0rc2 allows remote attackers to inject arbitrary web script or HT… | |||
| CVE-2013-7182 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in firewall/schedule/recurrdlg in Fortinet FortiOS 5.0.5 allows remote attackers to inject arbitrary web script or HTML via the mkey parameter. | |||
| CVE-2013-7181 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in user/ldap_user/add in Fortinet FortiOS 5.0.3 allows remote attackers to inject arbitrary web script or HTML via the filter parameter. | |||
| CVE-2013-0234 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the Twitter widget in Elgg before 1.7.17 and 1.8.x before 1.8.13 allows remote attackers to inject arbitrary web script or HTML via the params[twitter_user… | |||
| CVE-2013-6491 | medium | — | 4.3 | 13y ago | The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpid_protocol is set to ssl, which allows remote attackers to obtain sensitive i… | |||
| CVE-2013-6235 | medium | — | 4.3 | 13y ago | Improper Neutralization of Input During Web Page Generation in JAMon | |||
| CVE-2013-7303 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in (1) squelettes-dist/formulaires/inscription.php and (2) prive/forms/editer_auteur.php in SPIP before 2.1.25 and 3.0.x before 3.0.13 allow remote… | |||
| CVE-2013-3090 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in Belkin N300 router allow remote attackers to inject arbitrary web script or HTML via the Guest Access PSK field to wireless_guest2_print.stm or … | |||
| CVE-2013-3087 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in Belkin N900 router allow remote attackers to inject arbitrary web script or HTML via the (1) ssid2 parameter to wl_channel.html or (2) guest_psk… | |||
| CVE-2013-3084 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in Belkin Model F5D8236-4 v2 router allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-7318 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in BusinessFlow/login in AlgoSec Firewall Analyzer 6.4 allows remote attackers to inject arbitrary web script or HTML via the message parameter. | |||
| CVE-2013-5005 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in ajaxRequest/methodCall.do in Tripwire Enterprise 8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) m_tar… | |||
| CVE-2013-7143 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 allows remote attackers to inject arbitrary web script or HTML via the title in a mail filter rule. | |||
| CVE-2013-7142 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified oAuth API functions. | |||
| CVE-2013-7141 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to crafted "<%"… | |||
| CVE-2013-6853 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in clickstream.js in Y! Toolbar plugin for FireFox 3.1.0.20130813024103 for Mac, and 2.5.9.2013418100420 for Windows, allows remote attackers to inject arbitr… | |||
| CVE-2013-6434 | medium | — | 4.3 | 13y ago | The remote-viewer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.3, when using a native SPICE client invocation method, initially makes insecure connections to the SPICE server, which… | |||
| CVE-2013-1885 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in the token processing system (pki-tps) in Red Hat Certificate System (RHCS) 8.1 and possibly Dogtag Certificate System 9 and 10 allow remote atta… | |||
| CVE-2013-7317 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in CS-Cart before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) settings_file or (2) data_file parameter to (a) a… | |||
| CVE-2013-7305 | medium | — | 4.3 | 13y ago | fpw.php in e107 through 1.0.4 does not check the user_ban field, which makes it easier for remote attackers to reset passwords by sending a pwsubmit request and leveraging access to the e-mail accoun… | |||
| CVE-2013-7304 | medium | — | 4.3 | 13y ago | Check Point Endpoint Security MI Server through R73 3.0.0 HFA2.5 does not configure X.509 certificate validation for client devices, which allows man-in-the-middle attackers to spoof SSL servers by p… | |||
| CVE-2013-6746 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in FileNet P8 Platform Documentation Installable Info Center 4.5.1 through 5.2.0 in IBM FileNet Business Process Manager 4.5.1 through 5.1.0, FileNet Content … | |||
| CVE-2013-6305 | medium | — | 4.3 | 13y ago | IBM Platform Symphony 5.2 before build 229037 and 6.1.0.1 before build 229073 uses the same credentials encryption key across different customers' installations, which makes it easier for context-dep… | |||
| CVE-2013-4030 | medium | — | 4.3 | 13y ago | Integrated Management Module (IMM) 2 1.00 through 2.00 on IBM System X and Flex System servers supports SSL cipher suites with short keys, which makes it easier for remote attackers to defeat cryptog… | |||
| CVE-2013-1438 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in libraw, ufraw, shotwell, and other products, allows context-dependent attackers to cause a denial of service via a crafted photo fil… | |||
| CVE-2013-4231 | medium | — | 4.3 | 13y ago | Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) extension block in a GIF image or (2) GIF raster image to… | |||
| CVE-2013-7243 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.1.2 and 3.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) post-menu field to edit.php or (2) Displ… | |||
| CVE-2013-6325 | medium | — | 4.3 | 13y ago | IBM WebSphere Application Server 7.x before 7.0.0.31, 8.0.x before 8.0.0.8, and 8.5.x before 8.5.5.2 allows remote attackers to cause a denial of service (resource consumption) via a crafted request … | |||
| CVE-2013-6786 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Allegro RomPager before 4.51, as used on the ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D-Link DSL-2640R and DSL-2641R, when the "… | |||
| CVE-2013-6142 | medium | — | 4.3 | 13y ago | DNP3Driver.exe in the DNP3 driver in Schneider Electric ClearSCADA 2010 R2 through 2010 R3.1 and SCADA Expert ClearSCADA 2013 R1 through 2013 R1.2 allows remote attackers to cause a denial of service… | |||
| CVE-2013-5886 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote attackers to affect integrity via unknown vectors related to Common Appli… | |||
| CVE-2013-5901 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.2.0 and 11.1.2.1 allows remote attackers to affect confidentiality via unknown vectors related to I… | |||
| CVE-2013-5900 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.0, and 11.1.2.1 allows remote attackers to affect integrity via unknown vecto… | |||
| CVE-2013-4517 | medium | — | 4.3 | 13y ago | Improper Input Validation in Apache Santuario XML Security | |||
| CVE-2013-7289 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in register.php in Andy's PHP Knowledgebase (Aphpkb) before 0.95.8 allow remote attackers to inject arbitrary web script or HTML via the (1) first_… | |||
| CVE-2013-7288 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the mycode_parse_video function in inc/class_parser.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script … | |||
| CVE-2013-6974 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, … | |||
| CVE-2013-4353 | medium | — | 4.3 | 13y ago | The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next P… | |||
| CVE-2013-6997 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange (OX) AppSuite 7.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an HTML email with crafted CS… | |||
| CVE-2013-6982 | medium | — | 4.3 | 13y ago | The BGP implementation in Cisco NX-OS 6.2(2a) and earlier does not properly handle the interaction of UPDATE messages with IPv6, VPNv4, and VPNv6 labeled unicast-address families, which allows remote… | |||
| CVE-2013-7279 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in views/video-management/preview_video.php in the S3 Video plugin before 0.983 for WordPress allows remote attackers to inject arbitrary web script or HTML v… | |||
| CVE-2013-7277 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) before 0.95.8 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP Referer header to… | |||
| CVE-2013-7276 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in inc/raf_form.php in the Recommend to a friend plugin 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the current_url… | |||
| CVE-2013-7275 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via the editor parameter in a smilie li… | |||
| CVE-2013-7258 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in web2ldap 1.1.x before 1.1.49 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "displaying group DN and ent… | |||
| CVE-2013-7257 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Codiad 2.0.7 allows remote attackers to inject arbitrary web script or HTML via the Project Name field. | |||
| CVE-2013-7254 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Opsview before 4.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-6993 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the Ad-minister plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the key parameter in a delete actio… | |||
| CVE-2013-6991 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the WP-Cron Dashboard plugin 1.1.5 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the procname parameter to w… | |||
| CVE-2013-7241 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the export function in zp-core/zp-extensions/mergedRSS.php in Zenphoto before 1.4.5.4 allows remote attackers to inject arbitrary web script or HTML via th… | |||
| CVE-2013-5219 | low | — | 4.3 | 13y ago | Directory traversal vulnerability on the HOT HOTBOX router with software 2.1.11 allows remote attackers to read arbitrary files via a .. (dot dot) in a URI, as demonstrated by a request for /etc/pass… | |||
| CVE-2013-5210 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the GUI login page in ADTRAN AOS before R10.8.1 on the NetVanta 7100 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-5037 | low | — | 4.3 | 13y ago | The HOT HOTBOX router with software 2.1.11 has a default WPS PIN of 12345670, which makes it easier for remote attackers to obtain the WPA or WPA2 pre-shared key via EAP messages. | |||
| CVE-2013-6198 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in HP Service Manager WebTier and Windows Client 9.20 and 9.21 before 9.21.661 p8 allows remote attackers to inject arbitrary web script or HTML via unspecifi… |