CVEs from 2013
Total
5,688
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.1%
% with KEV
0.7%
% with exploit
11.6%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-1407 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Events Manager plugin before 5.3.5 and Events Manager Pro plugin before 2.2.9 for WordPress allow remote attackers to inject arbitrary web s… | |||
| CVE-2013-6454 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via a -o-link attribu… | |||
| CVE-2013-6452 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via crafted XSL in an… | |||
| CVE-2013-5749 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in management/prioritize_planning.php in SimpleRisk before 20130916-001 allows remote attackers to inject arbitrary web script or HTML via the new_project par… | |||
| CVE-2013-4574 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the TimeMediaHandler extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web s… | |||
| CVE-2013-6220 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 9.0, 9.10, and 9.20 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-5916 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in falha.php in the Bradesco Gateway plugin 2.0 for Wordpress, as used in the WP e-Commerce plugin, allows remote attackers to inject arbitrary web script or … | |||
| CVE-2013-7041 | medium | — | 4.3 | 12y ago | The pam_userdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password via a brute force attack. | |||
| CVE-2013-7003 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) full name field, (2) company field, or (3) fi… | |||
| CVE-2013-3736 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the MobileUI (aka RT-Extension-MobileUI) extension before 1.04 in Request Tracker (RT) 4.0.0 before 4.0.13 allows remote attackers to inject arbitrary web … | |||
| CVE-2013-7110 | medium | — | 4.3 | 12y ago | Transifex command-line client before 0.10 does not validate X.509 certificates for data transfer connections, which allows man-in-the-middle attackers to spoof a Transifex server via an arbitrary cer… | |||
| CVE-2013-2073 | medium | — | 4.3 | 12y ago | Transifex command-line client before 0.9 does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof a Transifex server via an arbitrary certificate. | |||
| CVE-2013-7234 | medium | — | 4.3 | 12y ago | Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows remote attackers to conduct clickjacking attacks via an X-Frame-Options header. | |||
| CVE-2013-7066 | medium | — | 4.3 | 12y ago | The Entity reference module 7.x-1.x before 7.x-1.1-rc1 for Drupal allows remote attackers to read private nodes titles by leveraging edit permissions to a node that references a private node. | |||
| CVE-2013-4722 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Admin/login/default.asp in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allow remote a… | |||
| CVE-2013-2025 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Ushahidi Platform 2.5.x through 2.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-5956 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in includes/flvthumbnail.php in the Youtube Gallery (com_youtubegallery) component 3.4.0 for Joomla! allows remote attackers to inject arbitrary web script or… | |||
| CVE-2013-6738 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an inv… | |||
| CVE-2013-2187 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to… | |||
| CVE-2013-1421 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar before 1.2.5, 1.2.6, and other versions before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the Categ… | |||
| CVE-2013-4795 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Submitters list in Review Board 1.6.x before 1.6.18 and 1.7.x before 1.7.12 allows remote attackers to inject arbitrary web script or HTML via a user f… | |||
| CVE-2013-7365 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in SAP Enterprise Portal allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||
| CVE-2013-1946 | medium | — | 4.3 | 12y ago | The RESTful Web Services (RESTWS) module 7.x-1.x before 7.x-1.3 and 7.x-2.x before 7.x-2.0-alpha5 for Drupal, when page caching is enabled and anonymous users are assigned RESTWS permissions, allows … | |||
| CVE-2013-3484 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in dotCMS before 2.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) _loginUserName parameter to application/login/logi… | |||
| CVE-2013-1770 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in views_view.php in Ganglia Web 3.5.7 allows remote attackers to inject arbitrary web script or HTML via the view_name parameter. | |||
| CVE-2013-1869 | medium | — | 4.3 | 12y ago | CRLF injection vulnerability in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting a… | |||
| CVE-2013-2695 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in invite.php in the WP Symposium plugin before 13.04 for WordPress allows remote attackers to inject arbitrary web script or HTML via the u parameter. | |||
| CVE-2013-0734 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Mingle Forum plugin before 1.0.34 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) search_words param… | |||
| CVE-2013-7343 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in flowplayer.swf in the Flash fallback feature in Flowplayer HTML5 5.4.3 allows remote attackers to inject arbitrary web script or HTML by using URL encoding… | |||
| CVE-2013-7342 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in flowplayer.swf in the Flash fallback feature in Flowplayer HTML5 5.4.1 allows remote attackers to inject arbitrary web script or HTML via the callback para… | |||
| CVE-2013-7341 | medium | — | 4.3 | 12y ago | Moodle cross-site scripting (XSS) vulnerabilities | |||
| CVE-2013-7340 | medium | — | 4.3 | 12y ago | VideoLAN VLC Media Player before 2.0.7 allows remote attackers to cause a denial of service (memory consumption) via a crafted playlist file. | |||
| CVE-2013-0805 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in the search feature in iTop (aka IT Operations Portal) 2.0, 1.2.1, 1.2, and earlier allow remote attackers to inject arbitrary web script or HTML… | |||
| CVE-2013-5955 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in manage.php in the PBBooking (com_pbbooking) component 2.4 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the an arbitrary p… | |||
| CVE-2013-5953 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in tmpl/layout_editevent.php in the Multi Calendar (com_multicalendar) component 4.0.2, and possibly 4.8.5 and earlier, for Joomla! allow remote at… | |||
| CVE-2013-5952 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Freichat (com_freichat) component, possibly 9.4 and earlier, for Joomla! allow remote attackers to inject arbitrary web script or HTML via t… | |||
| CVE-2013-0201 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) QUERY_STRING to core/lostpassword/… | |||
| CVE-2013-4059 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Information Server 8.x through 8.5 FP3, 8.7.x through 8.7 FP2, and 9.1.x through 9.1.2.0 allow remote attackers to inject arbitra… | |||
| CVE-2013-0298 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x before 4.5.7 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted iCalendar file to the calendar appli… | |||
| CVE-2013-2671 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Brother MFC-9970CDW printer with firmware L (1.10) allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) val p… | |||
| CVE-2013-2670 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Brother MFC-9970CDW printer with firmware G (1.03) and L (1.10) allows remote attackers to inject arbitrary web script or HTML via an arbitrary paramet… | |||
| CVE-2013-2507 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Brother MFC-9970CDW printer with firmware G (1.03) allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to… | |||
| CVE-2013-1759 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Responsive Logo Slideshow plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the "URL and Image" field. | |||
| CVE-2013-1758 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Marekkis Watermark plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pfad parameter to wp-admin/options… | |||
| CVE-2013-6209 | medium | — | 4.3 | 12y ago | Unspecified vulnerability in rpc.lockd in the NFS subsystem in HP HP-UX B.11.11 and B.11.23 allows remote attackers to cause a denial of service via unknown vectors. | |||
| CVE-2013-7335 | medium | — | 4.3 | 12y ago | DotNetNuke (DNN) Open redirect vulnerability | |||
| CVE-2013-4649 | medium | — | 4.3 | 12y ago | DotNetNuke (DNN) Cross-site scripting (XSS) vulnerability via the __dnnVariable parameter | |||
| CVE-2013-4433 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in XHProf before 0.9.4 allows remote attackers to inject arbitrary web script or HTML via the run parameter. | |||
| CVE-2013-4194 | medium | — | 4.3 | 12y ago | The WYSIWYG component (wysiwyg.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers to obtain sensitive information via a crafted URL, which reveals the … | |||
| CVE-2013-4190 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in (1) spamProtect.py, (2) pts.py, and (3) request.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers… | |||
| CVE-2013-4188 | medium | — | 4.3 | 12y ago | traverser.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers with administrator privileges to cause a denial of service (infinite loop and resource cons… | |||
| CVE-2013-6037 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in index.php in Aker Secure Mail Gateway 2.5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg_id parameter. | |||
| CVE-2013-6944 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the user interface in the AAA TM vServer in Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and 10.1 b… | |||
| CVE-2013-2270 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the administration page in Airvana HubBub C1-600-RT and Sprint AIRAVE 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified ve… | |||
| CVE-2013-1890 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) new_name parameter to apps/bookmarks/ajax… | |||
| CVE-2013-6315 | medium | — | 4.3 | 12y ago | IBM InfoSphere Enterprise Records 4.5.1 before 4.5.1.7-IER-IF001 and Enterprise Records 5.1.1 before 5.1.1.1-IER-IF003 do not properly restrict use of FRAME elements, which makes it easier for remote… | |||
| CVE-2013-6318 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and A… | |||
| CVE-2013-6730 | medium | — | 4.3 | 12y ago | IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x before 7.0.0.2 CF27, and 8.0.0.x before 8.0.0.1 CF10, when the wcm.path.traversal.security setting is enabled,… | |||
| CVE-2013-3487 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in the security log in the BulletProof Security plugin before .49 for WordPress allow remote attackers to inject arbitrary web script or HTML via u… | |||
| CVE-2013-4054 | medium | — | 4.3 | 12y ago | Directory traversal vulnerability in WMQ Telemetry in IBM WebSphere MQ 7.5 before 7.5.0.3 allows remote attackers to read arbitrary files via a crafted URI. | |||
| CVE-2013-4590 | medium | — | 4.3 | 12y ago | Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat | |||
| CVE-2013-4322 | medium | — | 4.3 | 12y ago | Apache Tomcat Denial of Service vulnerability | |||
| CVE-2013-6047 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in the site creation interface in ikiwiki-hosting before 0.20131025 allow remote attackers to inject arbitrary web script or HTML via unspecified v… | |||
| CVE-2013-6732 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 … | |||
| CVE-2013-1070 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the API in Ubuntu Metal as a Service (MaaS) 1.2 and 1.4 allows remote attackers to inject arbitrary web script or HTML via the op parameter to nodes/. | |||
| CVE-2013-7326 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in vTiger CRM 5.4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) return_url parameter to modules\com_vtiger_workflow\savetemplat… | |||
| CVE-2013-7032 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in the web based operator client in LiveZilla before 5.1.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name of an u… | |||
| CVE-2013-4499 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the Bean module 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via the bean title. | |||
| CVE-2013-4415 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) whereCriteria variab… | |||
| CVE-2013-2585 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Atmail Webmail Server 6.6.x before 6.6.3 and 7.0.x before 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.p… | |||
| CVE-2013-3933 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the JoomShopping (com_joomshopping) component before 4.3.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the user_name par… | |||
| CVE-2013-1413 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in synetics i-doit open 0.9.9-7, i-doit pro 1.0 and earlier, and i-doit pro 1.0.2 when the 'sanitize user input' flag is not enabled, allow remote … | |||
| CVE-2013-5013 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.2 allow remote attackers to inject arbitrary web script or HTML via … | |||
| CVE-2013-2038 | medium | — | 4.3 | 13y ago | The NMEA0183 driver in gpsd before 3.9 allows remote attackers to cause a denial of service (daemon termination) and possibly execute arbitrary code via a GPS packet with a malformed $GPGGA interpret… | |||
| CVE-2013-7321 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in D-Link DAP-2253 Access Point (Rev. A1) with firmware before 1.30 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-6478 | medium | — | 4.3 | 13y ago | gtkimhtml.c in Pidgin before 2.10.8 does not properly interact with underlying library support for wide Pango layouts, which allows user-assisted remote attackers to cause a denial of service (applic… | |||
| CVE-2013-5983 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in GuppY before 4.6.28 allow remote attackers to inject arbitrary web script or HTML via the (1) "an" parameter to agenda.php or (2) cat parameter … | |||
| CVE-2013-4449 | medium | — | 4.3 | 13y ago | The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a s… | |||
| CVE-2013-1880 | medium | — | 4.3 | 13y ago | Apache ActiveMQ Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet | |||
| CVE-2013-1967 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in MediaElement.js before 2.11.2, as used in ownCloud Server 5.0.x before 5.0.5 and 4.5.x before 4.5.10, allows remote attackers to i… | |||
| CVE-2013-1470 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in calendar/index.php in the Calendar plugin in Geeklog before 1.8.2sr1 and 2.0.0 before 2.0.0rc2 allows remote attackers to inject arbitrary web script or HT… | |||
| CVE-2013-7182 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in firewall/schedule/recurrdlg in Fortinet FortiOS 5.0.5 allows remote attackers to inject arbitrary web script or HTML via the mkey parameter. | |||
| CVE-2013-7181 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in user/ldap_user/add in Fortinet FortiOS 5.0.3 allows remote attackers to inject arbitrary web script or HTML via the filter parameter. | |||
| CVE-2013-0234 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the Twitter widget in Elgg before 1.7.17 and 1.8.x before 1.8.13 allows remote attackers to inject arbitrary web script or HTML via the params[twitter_user… | |||
| CVE-2013-6491 | medium | — | 4.3 | 13y ago | The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpid_protocol is set to ssl, which allows remote attackers to obtain sensitive i… | |||
| CVE-2013-6235 | medium | — | 4.3 | 13y ago | Improper Neutralization of Input During Web Page Generation in JAMon | |||
| CVE-2013-7303 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in (1) squelettes-dist/formulaires/inscription.php and (2) prive/forms/editer_auteur.php in SPIP before 2.1.25 and 3.0.x before 3.0.13 allow remote… | |||
| CVE-2013-3090 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in Belkin N300 router allow remote attackers to inject arbitrary web script or HTML via the Guest Access PSK field to wireless_guest2_print.stm or … | |||
| CVE-2013-3087 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in Belkin N900 router allow remote attackers to inject arbitrary web script or HTML via the (1) ssid2 parameter to wl_channel.html or (2) guest_psk… | |||
| CVE-2013-3084 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in Belkin Model F5D8236-4 v2 router allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-7318 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in BusinessFlow/login in AlgoSec Firewall Analyzer 6.4 allows remote attackers to inject arbitrary web script or HTML via the message parameter. | |||
| CVE-2013-5005 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in ajaxRequest/methodCall.do in Tripwire Enterprise 8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) m_tar… | |||
| CVE-2013-7143 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 allows remote attackers to inject arbitrary web script or HTML via the title in a mail filter rule. | |||
| CVE-2013-7142 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified oAuth API functions. | |||
| CVE-2013-7141 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to crafted "<%"… | |||
| CVE-2013-6853 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in clickstream.js in Y! Toolbar plugin for FireFox 3.1.0.20130813024103 for Mac, and 2.5.9.2013418100420 for Windows, allows remote attackers to inject arbitr… | |||
| CVE-2013-6434 | medium | — | 4.3 | 13y ago | The remote-viewer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.3, when using a native SPICE client invocation method, initially makes insecure connections to the SPICE server, which… | |||
| CVE-2013-1885 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in the token processing system (pki-tps) in Red Hat Certificate System (RHCS) 8.1 and possibly Dogtag Certificate System 9 and 10 allow remote atta… | |||
| CVE-2013-7317 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in CS-Cart before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) settings_file or (2) data_file parameter to (a) a… | |||
| CVE-2013-7305 | medium | — | 4.3 | 13y ago | fpw.php in e107 through 1.0.4 does not check the user_ban field, which makes it easier for remote attackers to reset passwords by sending a pwsubmit request and leveraging access to the e-mail accoun… |