CVEs from 2013
Total
5,688
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.1%
% with KEV
0.7%
% with exploit
11.6%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-6962 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the mobile-browser subsystem in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSC… | |||
| CVE-2013-6961 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the Collaboration Partner Access Console (CPAC) in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted … | |||
| CVE-2013-6960 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in Cisco WebEx Meeting Center allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul36248. | |||
| CVE-2013-6711 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the product-creation administrative page in Cisco WebEx Sales Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka … | |||
| CVE-2013-5438 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the web server in IBM Flex System Manager (FSM) 1.1.0 through 1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-4845 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability on HP Officejet Pro 8500 (aka A909) All-in-One printers allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-4001 | medium | — | 4.3 | 13y ago | Session fixation vulnerability in IBM Cognos Command Center before 10.2 allows remote attackers to hijack web sessions via an authorization cookie. | |||
| CVE-2013-4520 | medium | — | 4.3 | 13y ago | xslt.c in libxslt before 1.1.25 allows context-dependent attackers to cause a denial of service (crash) via a stylesheet that embeds a DTD, which causes a structure to be accessed as a different type… | |||
| CVE-2013-6051 | medium | — | 4.3 | 13y ago | The bgp_attr_unknown function in bgp_attr.c in Quagga 0.99.21 does not properly initialize the total variable, which allows remote attackers to cause a denial of service (bgpd crash) via a crafted BG… | |||
| CVE-2013-6359 | medium | — | 4.3 | 13y ago | Munin::Master::Node in Munin before 2.0.18 allows remote attackers to cause a denial of service (abort data collection for node) via a plugin that uses "multigraph" as a multigraph service name. | |||
| CVE-2013-6957 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the web administrative component in Juniper IDP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to the ACM web serve… | |||
| CVE-2013-4569 | medium | — | 4.3 | 13y ago | The CleanChanges extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3, when "Group changes by page in recent changes and watchlist" is enabled, allows remote attacker… | |||
| CVE-2013-4568 | medium | — | 4.3 | 13y ago | Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting (XSS) atta… | |||
| CVE-2013-4567 | medium | — | 4.3 | 13y ago | Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting (XSS) atta… | |||
| CVE-2013-6005 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Cybozu Dezie before 8.1.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to the Cancel button. | |||
| CVE-2013-6672 | medium | — | 4.3 | 13y ago | Mozilla Firefox before 26.0 and SeaMonkey before 2.23 on Linux allow user-assisted remote attackers to read clipboard data by leveraging certain middle-click paste operations. | |||
| CVE-2013-5614 | medium | — | 4.3 | 13y ago | Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly consider the sandbox attribute of an IFRAME element during processing of a contained OBJECT element, which allows remote attacker… | |||
| CVE-2013-5612 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 26.0 and SeaMonkey before 2.23 makes it easier for remote attackers to inject arbitrary web script or HTML by leveraging a Same Orig… | |||
| CVE-2013-5072 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Outlook Web Access in Microsoft Exchange Server 2010 SP2 and SP3 and 2013 Cumulative Update 2 and 3 allows remote attackers to inject arbitrary web script … | |||
| CVE-2013-5057 | medium | — | 4.3 | 13y ago | hxds.dll in Microsoft Office 2007 SP3 and 2010 SP1 and SP2 does not implement the ASLR protection mechanism, which makes it easier for remote attackers to execute arbitrary code via a crafted COM com… | |||
| CVE-2013-5054 | medium | — | 4.3 | 13y ago | Microsoft Office 2013 and 2013 RT allows remote attackers to discover authentication tokens via a crafted response to a file-open request for an Office file on a web site, as exploited in the wild in… | |||
| CVE-2013-5042 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Microsoft ASP.NET SignalR 1.1.x before 1.1.4 and 2.0.x before 2.0.1, and Visual Studio Team Foundation Server 2013, allows remote attackers to inject arbit… | |||
| CVE-2013-3710 | medium | — | 4.3 | 13y ago | SUSE Lifecycle Management Server (SLMS) before 1.3.7 does not generate a new secret key when the service starts, which allows remote attackers to defeat intended cryptographic protection mechanisms b… | |||
| CVE-2013-6224 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) a name in the call administrator feature, (2) uns… | |||
| CVE-2013-6039 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in NagiosQL 3.2 SP2 allow remote attackers to inject arbitrary web script or HTML via the txtSearch parameter to (1) admin/hostdependencies.php, (2… | |||
| CVE-2013-7001 | medium | — | 4.3 | 13y ago | The Multimedia Messaging Centre (MMSC) in NowSMS Now SMS & MMS Gateway before 2013.11.15 allows remote attackers to cause a denial of service via a malformed MM1 message that is routed to a (1) MM4 o… | |||
| CVE-2013-7000 | medium | — | 4.3 | 13y ago | The Multimedia Messaging Centre (MMSC) in NowSMS Now SMS & MMS Gateway 2013.09.26 allows remote attackers to cause a denial of service via a malformed message to a MM4 connection. | |||
| CVE-2013-6397 | medium | — | 4.3 | 13y ago | Improper Limitation of a Pathname to a Restricted Directory in Apache Solr | |||
| CVE-2013-6050 | medium | — | 4.3 | 13y ago | Integer overflow in Links before 2.8 allows remote attackers to cause a denial of service (crash) via crafted HTML tables. | |||
| CVE-2013-4171 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to the search results in the (1) RS… | |||
| CVE-2013-6707 | medium | — | 4.3 | 13y ago | Memory leak in the connection-manager implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1(.3) and earlier allows remote attackers to cause a denial of service (multi-protocol manag… | |||
| CVE-2013-6636 | medium | — | 4.3 | 13y ago | The FrameLoader::notifyIfInitialDocumentAccessed function in core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 31.0.1650.63, makes an incorrect check for an empty document during … | |||
| CVE-2013-6804 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the Search module before 1.1.1 for Jamroom allows remote attackers to inject arbitrary web script or HTML via the search_string parameter to search/results… | |||
| CVE-2013-6395 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in header.php in Ganglia Web 3.5.8 and 3.5.10 allows remote attackers to inject arbitrary web script or HTML via the host_regex parameter to the default URI, … | |||
| CVE-2013-6267 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.11.9 allow remote attackers to inject arbitrary web script or HTML via the (1) box parameter to messaging/messagebox.php, cid… | |||
| CVE-2013-5108 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in the xn function in RockMongo 1.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) db parameter on the log… | |||
| CVE-2013-6916 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the Yahoo! User Interface Library in Cybozu Garoon before 3.7.2, when Internet Explorer 9 or 10 or Chrome is used, allows remote attackers to inject arbitr… | |||
| CVE-2013-6910 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Ajax components in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-6909 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in a report component in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-6908 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon 3.x before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-6907 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon 2.x and 3.x before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-6906 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon before 3.7.0, when Internet Explorer 6 through 8 is used, allows remote attackers to inject arbitrary web script or HTML … | |||
| CVE-2013-6905 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in a phone component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML … | |||
| CVE-2013-6904 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in a note component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML v… | |||
| CVE-2013-6903 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in a schedule component in Cybozu Garoon before 3.7.0, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HT… | |||
| CVE-2013-6902 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the Space function in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-6901 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the Space function in Cybozu Garoon before 3.7.0, when Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vect… | |||
| CVE-2013-6900 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the system-administration component in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-2825 | medium | — | 4.3 | 13y ago | The DNP3 service in the Outstation component on Elecsys Director Gateway devices with kernel 2.6.32.11ael1 and earlier allows remote attackers to cause a denial of service (CPU consumption and commun… | |||
| CVE-2013-6702 | medium | — | 4.3 | 13y ago | The management implementation on Cisco ONS 15454 controller cards with software 9.8 and earlier allows remote attackers to cause a denial of service (card reset) via crafted packets, aka Bug ID CSCtz… | |||
| CVE-2013-5449 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in workingSet.jsp in IBM Eclipse Help System (IEHS), as used in the installable InfoCenter component in IBM FileNet Content Manager 4.5.1, 5.0.0, 5.1.0, and 5… | |||
| CVE-2013-6690 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in the web interface in the Assurance component in Cisco Prime Collaboration allow remote attackers to inject arbitrary web script or HTML via unsp… | |||
| CVE-2013-6416 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the simple_format helper in actionpack/lib/action_view/helpers/text_helper.rb in Ruby on Rails 4.x before 4.0.2 allows remote attackers to inject arbitrary… | |||
| CVE-2013-4491 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/translation_helper.rb in the internationalization component in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allo… | |||
| CVE-2013-4492 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in exceptions.rb in the i18n gem before 0.6.6 for Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted I18n::MissingTranslationDa… | |||
| CVE-2013-6415 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the number_to_currency helper in actionpack/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.16 and 4.x before 4.0.2 allows remote atta… | |||
| CVE-2013-3707 | medium | — | 4.3 | 13y ago | The HTTPSTK service in the novell-nrm package before 2.0.2-297.305.302.3 in Novell Open Enterprise Server 2 (OES 2) Linux, and OES 11 Linux Gold and SP1, does not make the intended SSL_free and SSL_s… | |||
| CVE-2013-6791 | medium | — | 4.3 | 13y ago | Microsoft Enhanced Mitigation Experience Toolkit (EMET) before 4.0 uses predictable addresses for hooked functions, which makes it easier for context-dependent attackers to defeat the ASLR protection… | |||
| CVE-2013-5463 | medium | — | 4.3 | 13y ago | The WinCollect agent in IBM Security QRadar SIEM before 7.1.1.569824 allows remote attackers to bypass intended access restrictions by injecting a (1) DLL or (2) configuration file. | |||
| CVE-2013-3394 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the web interface in Cisco Prime Network Registrar 8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted field, aka … | |||
| CVE-2013-6870 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-4573 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the ZeroRatedMobileAccess extension for MediaWiki 1.19.x before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to inject ar… | |||
| CVE-2013-0860 | medium | — | 4.3 | 13y ago | The ff_er_frame_end function in libavcodec/error_resilience.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.1 does not properly verify that a frame is fully initialized, which allows remote attackers t… | |||
| CVE-2013-6858 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to (1) "Volumes" … | |||
| CVE-2013-4264 | medium | — | 4.3 | 13y ago | The kempf_decode_tile function in libavcodec/g2meet.c in FFmpeg before 2.0.1 allows remote attackers to cause a denial of service (out-of-bounds heap write) via a G2M4 encoded file. | |||
| CVE-2013-4589 | medium | — | 4.3 | 13y ago | The ExportAlphaQuantumType function in export.c in GraphicsMagick before 1.3.18 might allow remote attackers to cause a denial of service (crash) via vectors related to exporting the alpha of an 8-bi… | |||
| CVE-2013-4545 | medium | — | 4.3 | 13y ago | cURL and libcurl 7.18.0 through 7.32.0, when built with OpenSSL, disables the certificate CN and SAN name field verification (CURLOPT_SSL_VERIFYHOST) when the digital signature verification (CURLOPT_… | |||
| CVE-2013-0281 | medium | — | 4.3 | 13y ago | Pacemaker 1.1.10, when remote Cluster Information Base (CIB) configuration or resource management is enabled, does not limit the duration of connections to the blocking sockets, which allows remote a… | |||
| CVE-2013-6342 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the Tweet Blender plugin before 4.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tb_tab_index parameter to wp-adm… | |||
| CVE-2013-6698 | medium | — | 4.3 | 13y ago | The web interface on Cisco Wireless LAN Controller (WLC) devices does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unsp… | |||
| CVE-2013-6694 | medium | — | 4.3 | 13y ago | The IPSec implementation in Cisco IOS allows remote attackers to cause a denial of service (MTU change and tunnel-session drop) via crafted ICMP packets, aka Bug ID CSCul29918. | |||
| CVE-2013-3288 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability on the EMC RSA Data Protection Manager (DPM) appliance 3.2.x before 3.2.4.2 and 3.5.x before 3.5.1 allows remote attackers to inject arbitrary web script or H… | |||
| CVE-2013-6175 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise… | |||
| CVE-2013-5996 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in shopping/payment.tpl components in LOCKON EC-CUBE 2.11.0 through 2.13.0 allow remote attackers to inject arbitrary web script or HTML via crafte… | |||
| CVE-2013-5992 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the displaySystemError function in html/handle_error.php in LOCKON EC-CUBE 2.11.0 through 2.11.5 allows remote attackers to inject arbitrary web script or … | |||
| CVE-2013-5991 | medium | — | 4.3 | 13y ago | The displaySystemError function in html/handle_error.php in LOCKON EC-CUBE 2.11.0 through 2.11.5 allows remote attackers to obtain sensitive information by leveraging incorrect handling of error-log … | |||
| CVE-2013-6819 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Performance Provider in SAP NetWeaver allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-6816 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in the (1) JavaDumpService and (2) DataCollector servlets in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via unspec… | |||
| CVE-2013-6074 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev25 and 7.4.x before 7.4.0-rev14 allows remote attackers to inject arbitrary web script or HTML via an atta… | |||
| CVE-2013-5966 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in ZK Framework before 5.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-5215 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the web interface "WiFi scan" option in FOSCAM Wireless IP Cameras allows remote attackers to inject arbitrary web script or HTML via the SSID. | |||
| CVE-2013-4507 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in CollectiveAccess Providence and Pawtucket before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-4519 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in Review Board 1.6.x before 1.6.21 and 1.7.x before 1.7.17 allow remote attackers to inject arbitrary web script or HTML via the (1) Branch field … | |||
| CVE-2013-0741 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in imagegen.ashx in Percipient Studios ImageGen before 2.9.0 for Umbraco CMS allows remote attackers to inject arbitrary web script or HTML via the font param… | |||
| CVE-2013-5417 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote attackers to inject arbitrary web scri… | |||
| CVE-2013-4006 | medium | — | 4.3 | 13y ago | IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before 8.5.5.1 uses weak permissions for unspecified files, which allows local users to obtain sensitive information via standard filesystem… | |||
| CVE-2013-5454 | medium | — | 4.3 | 13y ago | IBM WebSphere Portal 6.0 through 6.0.1.7, 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF25, and 8.0 through 8.0.0.1 CF08 allows remote attackers to read arbitrary file… | |||
| CVE-2013-4842 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in HP Integrated Lights-Out 4 (iLO4) with firmware before 1.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-1418 | medium | — | 4.3 | 13y ago | The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.7, when multiple realms are configured, allows remote attackers to cause a deni… | |||
| CVE-2013-4556 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the author page (prive/formulaires/editer_auteur.php) in SPIP before 2.1.24 and 3.0.x before 3.0.12 allows remote attackers to inject arbitrary web script … | |||
| CVE-2013-4204 | medium | — | 4.3 | 13y ago | Improper Neutralization of Input During Web Page Generation in Google Web Toolkit | |||
| CVE-2013-2031 | medium | — | 4.3 | 13y ago | MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a CDATA section containing valid UTF-7 encoded sequences in … | |||
| CVE-2013-6168 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Zikula Application Framework before 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the returnpage parameter to index.php. | |||
| CVE-2013-6163 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in ProjeQtOr (formerly Project'Or RIA) before 4.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) type parameter to vie… | |||
| CVE-2013-6780 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via the allowedDoma… | |||
| CVE-2013-6628 | medium | — | 4.3 | 13y ago | net/socket/ssl_client_socket_nss.cc in the TLS implementation in Google Chrome before 31.0.1650.48 does not ensure that a server's X.509 certificate is the same during renegotiation as it was before … | |||
| CVE-2013-6626 | medium | — | 4.3 | 13y ago | The WebContentsImpl::AttachInterstitialPage function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 31.0.1650.48 does not cancel JavaScript dialogs upon generating an in… | |||
| CVE-2013-6623 | medium | — | 4.3 | 13y ago | The SVG implementation in Blink, as used in Google Chrome before 31.0.1650.48, allows remote attackers to cause a denial of service (out-of-bounds read) by leveraging the use of tree order, rather th… | |||
| CVE-2013-5442 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the Local Management Interface (LMI) in IBM Security Network Protection on XGS 5100 devices with firmware 5.1 before 5.1.0.6 and 5.1.1 before 5.1.1.1 allow… | |||
| CVE-2013-3909 | medium | — | 4.3 | 13y ago | Microsoft Internet Explorer 6 through 8 allows remote attackers to read content from a different (1) domain or (2) zone via crafted characters in Cascading Style Sheets (CSS) token sequences, aka "In… |