CVEs from 2013
Total
5,688
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.1%
% with KEV
0.7%
% with exploit
11.6%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-4415 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the (1) whereCriteria variab… | |||
| CVE-2013-2585 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Atmail Webmail Server 6.6.x before 6.6.3 and 7.0.x before 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.p… | |||
| CVE-2013-3933 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the JoomShopping (com_joomshopping) component before 4.3.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the user_name par… | |||
| CVE-2013-1413 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in synetics i-doit open 0.9.9-7, i-doit pro 1.0 and earlier, and i-doit pro 1.0.2 when the 'sanitize user input' flag is not enabled, allow remote … | |||
| CVE-2013-5013 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.2 allow remote attackers to inject arbitrary web script or HTML via … | |||
| CVE-2013-2038 | medium | — | 4.3 | 13y ago | The NMEA0183 driver in gpsd before 3.9 allows remote attackers to cause a denial of service (daemon termination) and possibly execute arbitrary code via a GPS packet with a malformed $GPGGA interpret… | |||
| CVE-2013-7321 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in D-Link DAP-2253 Access Point (Rev. A1) with firmware before 1.30 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-6478 | medium | — | 4.3 | 13y ago | gtkimhtml.c in Pidgin before 2.10.8 does not properly interact with underlying library support for wide Pango layouts, which allows user-assisted remote attackers to cause a denial of service (applic… | |||
| CVE-2013-5983 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in GuppY before 4.6.28 allow remote attackers to inject arbitrary web script or HTML via the (1) "an" parameter to agenda.php or (2) cat parameter … | |||
| CVE-2013-4449 | medium | — | 4.3 | 13y ago | The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a s… | |||
| CVE-2013-1880 | medium | — | 4.3 | 13y ago | Apache ActiveMQ Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet | |||
| CVE-2013-1967 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in MediaElement.js before 2.11.2, as used in ownCloud Server 5.0.x before 5.0.5 and 4.5.x before 4.5.10, allows remote attackers to i… | |||
| CVE-2013-1470 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in calendar/index.php in the Calendar plugin in Geeklog before 1.8.2sr1 and 2.0.0 before 2.0.0rc2 allows remote attackers to inject arbitrary web script or HT… | |||
| CVE-2013-7182 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in firewall/schedule/recurrdlg in Fortinet FortiOS 5.0.5 allows remote attackers to inject arbitrary web script or HTML via the mkey parameter. | |||
| CVE-2013-7181 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in user/ldap_user/add in Fortinet FortiOS 5.0.3 allows remote attackers to inject arbitrary web script or HTML via the filter parameter. | |||
| CVE-2013-0234 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the Twitter widget in Elgg before 1.7.17 and 1.8.x before 1.8.13 allows remote attackers to inject arbitrary web script or HTML via the params[twitter_user… | |||
| CVE-2013-6491 | medium | — | 4.3 | 13y ago | The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpid_protocol is set to ssl, which allows remote attackers to obtain sensitive i… | |||
| CVE-2013-6235 | medium | — | 4.3 | 13y ago | Improper Neutralization of Input During Web Page Generation in JAMon | |||
| CVE-2013-7303 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in (1) squelettes-dist/formulaires/inscription.php and (2) prive/forms/editer_auteur.php in SPIP before 2.1.25 and 3.0.x before 3.0.13 allow remote… | |||
| CVE-2013-3090 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in Belkin N300 router allow remote attackers to inject arbitrary web script or HTML via the Guest Access PSK field to wireless_guest2_print.stm or … | |||
| CVE-2013-3087 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in Belkin N900 router allow remote attackers to inject arbitrary web script or HTML via the (1) ssid2 parameter to wl_channel.html or (2) guest_psk… | |||
| CVE-2013-3084 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in Belkin Model F5D8236-4 v2 router allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-7318 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in BusinessFlow/login in AlgoSec Firewall Analyzer 6.4 allows remote attackers to inject arbitrary web script or HTML via the message parameter. | |||
| CVE-2013-5005 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in ajaxRequest/methodCall.do in Tripwire Enterprise 8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) m_tar… | |||
| CVE-2013-7143 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 allows remote attackers to inject arbitrary web script or HTML via the title in a mail filter rule. | |||
| CVE-2013-7142 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified oAuth API functions. | |||
| CVE-2013-7141 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to crafted "<%"… | |||
| CVE-2013-6853 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in clickstream.js in Y! Toolbar plugin for FireFox 3.1.0.20130813024103 for Mac, and 2.5.9.2013418100420 for Windows, allows remote attackers to inject arbitr… | |||
| CVE-2013-6434 | medium | — | 4.3 | 13y ago | The remote-viewer in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.3, when using a native SPICE client invocation method, initially makes insecure connections to the SPICE server, which… | |||
| CVE-2013-1885 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in the token processing system (pki-tps) in Red Hat Certificate System (RHCS) 8.1 and possibly Dogtag Certificate System 9 and 10 allow remote atta… | |||
| CVE-2013-7317 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in CS-Cart before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) settings_file or (2) data_file parameter to (a) a… | |||
| CVE-2013-7305 | medium | — | 4.3 | 13y ago | fpw.php in e107 through 1.0.4 does not check the user_ban field, which makes it easier for remote attackers to reset passwords by sending a pwsubmit request and leveraging access to the e-mail accoun… | |||
| CVE-2013-7304 | medium | — | 4.3 | 13y ago | Check Point Endpoint Security MI Server through R73 3.0.0 HFA2.5 does not configure X.509 certificate validation for client devices, which allows man-in-the-middle attackers to spoof SSL servers by p… | |||
| CVE-2013-6746 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in FileNet P8 Platform Documentation Installable Info Center 4.5.1 through 5.2.0 in IBM FileNet Business Process Manager 4.5.1 through 5.1.0, FileNet Content … | |||
| CVE-2013-6305 | medium | — | 4.3 | 13y ago | IBM Platform Symphony 5.2 before build 229037 and 6.1.0.1 before build 229073 uses the same credentials encryption key across different customers' installations, which makes it easier for context-dep… | |||
| CVE-2013-4030 | medium | — | 4.3 | 13y ago | Integrated Management Module (IMM) 2 1.00 through 2.00 on IBM System X and Flex System servers supports SSL cipher suites with short keys, which makes it easier for remote attackers to defeat cryptog… | |||
| CVE-2013-1438 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in libraw, ufraw, shotwell, and other products, allows context-dependent attackers to cause a denial of service via a crafted photo fil… | |||
| CVE-2013-4231 | medium | — | 4.3 | 13y ago | Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) extension block in a GIF image or (2) GIF raster image to… | |||
| CVE-2013-7243 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.1.2 and 3.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) post-menu field to edit.php or (2) Displ… | |||
| CVE-2013-6325 | medium | — | 4.3 | 13y ago | IBM WebSphere Application Server 7.x before 7.0.0.31, 8.0.x before 8.0.0.8, and 8.5.x before 8.5.5.2 allows remote attackers to cause a denial of service (resource consumption) via a crafted request … | |||
| CVE-2013-6786 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Allegro RomPager before 4.51, as used on the ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D-Link DSL-2640R and DSL-2641R, when the "… | |||
| CVE-2013-6142 | medium | — | 4.3 | 13y ago | DNP3Driver.exe in the DNP3 driver in Schneider Electric ClearSCADA 2010 R2 through 2010 R3.1 and SCADA Expert ClearSCADA 2013 R1 through 2013 R1.2 allows remote attackers to cause a denial of service… | |||
| CVE-2013-5886 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote attackers to affect integrity via unknown vectors related to Common Appli… | |||
| CVE-2013-5901 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.2.0 and 11.1.2.1 allows remote attackers to affect confidentiality via unknown vectors related to I… | |||
| CVE-2013-5900 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.0, and 11.1.2.1 allows remote attackers to affect integrity via unknown vecto… | |||
| CVE-2013-4517 | medium | — | 4.3 | 13y ago | Improper Input Validation in Apache Santuario XML Security | |||
| CVE-2013-7289 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in register.php in Andy's PHP Knowledgebase (Aphpkb) before 0.95.8 allow remote attackers to inject arbitrary web script or HTML via the (1) first_… | |||
| CVE-2013-7288 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the mycode_parse_video function in inc/class_parser.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script … | |||
| CVE-2013-6974 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, … | |||
| CVE-2013-4353 | medium | — | 4.3 | 13y ago | The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next P… | |||
| CVE-2013-6997 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange (OX) AppSuite 7.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an HTML email with crafted CS… | |||
| CVE-2013-6982 | medium | — | 4.3 | 13y ago | The BGP implementation in Cisco NX-OS 6.2(2a) and earlier does not properly handle the interaction of UPDATE messages with IPv6, VPNv4, and VPNv6 labeled unicast-address families, which allows remote… | |||
| CVE-2013-7279 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in views/video-management/preview_video.php in the S3 Video plugin before 0.983 for WordPress allows remote attackers to inject arbitrary web script or HTML v… | |||
| CVE-2013-7277 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) before 0.95.8 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP Referer header to… | |||
| CVE-2013-7276 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in inc/raf_form.php in the Recommend to a friend plugin 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the current_url… | |||
| CVE-2013-7275 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via the editor parameter in a smilie li… | |||
| CVE-2013-7258 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in web2ldap 1.1.x before 1.1.49 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "displaying group DN and ent… | |||
| CVE-2013-7257 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Codiad 2.0.7 allows remote attackers to inject arbitrary web script or HTML via the Project Name field. | |||
| CVE-2013-7254 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Opsview before 4.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-6993 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the Ad-minister plugin 0.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the key parameter in a delete actio… | |||
| CVE-2013-6991 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the WP-Cron Dashboard plugin 1.1.5 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the procname parameter to w… | |||
| CVE-2013-7241 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the export function in zp-core/zp-extensions/mergedRSS.php in Zenphoto before 1.4.5.4 allows remote attackers to inject arbitrary web script or HTML via th… | |||
| CVE-2013-5219 | low | — | 4.3 | 13y ago | Directory traversal vulnerability on the HOT HOTBOX router with software 2.1.11 allows remote attackers to read arbitrary files via a .. (dot dot) in a URI, as demonstrated by a request for /etc/pass… | |||
| CVE-2013-5210 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the GUI login page in ADTRAN AOS before R10.8.1 on the NetVanta 7100 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-5037 | low | — | 4.3 | 13y ago | The HOT HOTBOX router with software 2.1.11 has a default WPS PIN of 12345670, which makes it easier for remote attackers to obtain the WPA or WPA2 pre-shared key via EAP messages. | |||
| CVE-2013-6198 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in HP Service Manager WebTier and Windows Client 9.20 and 9.21 before 9.21.661 p8 allows remote attackers to inject arbitrary web script or HTML via unspecifi… | |||
| CVE-2013-5583 | medium | — | 4.3 | 13y ago | Joomla! Cross-site Scripting vulnerability | |||
| CVE-2013-6808 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in lib/NSSDropoff.php in ZendTo before 4.11-13 allows remote attackers to inject arbitrary web script or HTML via a modified emailAddr field to pickup.php. | |||
| CVE-2013-1096 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the Roles Based Provisioning Module 4.0.2 before Field Patch D for Novell Identity Manager (aka IDM) allows remote attackers to inject arbitrary web script… | |||
| CVE-2013-2179 | medium | — | 4.3 | 13y ago | X.Org xdm 1.1.10, 1.1.11, and possibly other versions, when performing authentication using certain implementations of the crypt API function that can return NULL, allows remote attackers to cause a … | |||
| CVE-2013-6388 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the Color module in Drupal 7.x before 7.24 allows remote attackers to inject arbitrary web script or HTML via vectors related to CSS. | |||
| CVE-2013-7049 | medium | — | 4.3 | 13y ago | Stack-based buffer overflow in fish.cpp in the Fish plugin for ZNC, as used in ZNC for Windows (znc-msvc) 0.206 and earlier, allows remote attackers to cause a denial of service (crash) via a long st… | |||
| CVE-2013-4424 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in the GateIn Portal component in Red Hat JBoss Portal 6.1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-6449 | medium | — | 4.3 | 13y ago | The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (… | |||
| CVE-2013-4414 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to inject arbitrary web script or HTML via the "Max allowance" field… | |||
| CVE-2013-6328 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the Web Content Manager (WCM) UI in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.… | |||
| CVE-2013-6316 | medium | — | 4.3 | 13y ago | IBM WebSphere Portal 7.0.0.x before 7.0.0.2 CF26 and 8.0.0.x before 8.0.0.1 CF09 does not properly handle content-selection changes during Taxonomy component rendering, which allows remote attackers … | |||
| CVE-2013-5421 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote attackers to inject arbitrary web s… | |||
| CVE-2013-5413 | medium | — | 4.3 | 13y ago | IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 do not invalidate a session upon a logout action, which allows remote attackers to bypass authentication by leveraging an unattended work… | |||
| CVE-2013-5411 | medium | — | 4.3 | 13y ago | IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote attackers to inject links and trigger unintended navigation or actions via unspecified vectors. | |||
| CVE-2013-4063 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1 allows remote attackers to inject arbitrary web script or HTML via active content in an … | |||
| CVE-2013-4045 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the Portal application in IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote attackers to inject arbi… | |||
| CVE-2013-7191 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Tenmiles Helpdesk Pilot allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI for a ticket. | |||
| CVE-2013-7082 | medium | — | 4.3 | 13y ago | TYPO3 Flow Cross-site scripting (XSS) vulnerability | |||
| CVE-2013-7077 | medium | — | 4.3 | 13y ago | TYPO3 Cross-site scripting (XSS) vulnerability in the Backend User Administration Module | |||
| CVE-2013-7076 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Extension Manager in TYPO3 4.5.x before 4.5.32 and 4.7.x before 4.7.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vecto… | |||
| CVE-2013-7002 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in mobile/php/translation/index.php in LiveZilla before 5.1.1.0 allows remote attackers to inject arbitrary web script or HTML via the g_language parameter. | |||
| CVE-2013-7188 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in KBKP Software HostBill before 2013-12-14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-6178 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer GRC 5.x before 5.4 SP1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-5462 | medium | — | 4.3 | 13y ago | IBM/ECMClient/configure/explodedformat/navigator/header.jsp in IBM Content Navigator 2.0.0, 2.0.1 before 2.0.1.2-ICN-FP002, and 2.0.2 before 2.0.2.1-ICN-FP001 allows remote attackers to conduct click… | |||
| CVE-2013-5422 | medium | — | 4.3 | 13y ago | The Web Client in IBM Rational ClearQuest 7.1 through 7.1.2.12, 8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2, when a multi-database dataset exists, allows remote attackers to read database name… | |||
| CVE-2013-6837 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the setTimeout function in js/jquery.prettyPhoto.js in prettyPhoto 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a c… | |||
| CVE-2013-6836 | medium | — | 4.3 | 13y ago | Heap-based buffer overflow in the ms_escher_get_data function in plugins/excel/ms-escher.c in GNOME Office Gnumeric before 1.12.9 allows remote attackers to cause a denial of service (crash) via a cr… | |||
| CVE-2013-7129 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in ThemeBeans Blooog theme 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the jQuery parameter to assets/js/jplayer.swf. | |||
| CVE-2013-6733 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the Web Application in the Classic Meeting Server in IBM Sametime 7.5.1.2 through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML vi… | |||
| CVE-2013-6327 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the HTTP Option in IBM Sterling Connect:Enterprise 1.3 before 1.3.0.2 iFix 1 and 1.4 before 1.4.0.0 iFix 1 allows remote attackers to inject arbitrary web … | |||
| CVE-2013-6191 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in HP Operations Orchestration before 9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-6973 | medium | — | 4.3 | 13y ago | Cisco WebEx Training Center allows remote attackers to discover registration IDs via a crafted URL, aka Bug ID CSCul57121. | |||
| CVE-2013-6969 | medium | — | 4.3 | 13y ago | The training-registration page in Cisco WebEx Training Center allows remote attackers to modify unspecified fields via unknown vectors, aka Bug ID CSCul35990. | |||
| CVE-2013-6963 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the registration component in Cisco WebEx Training Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCu… |