CVEs from 2013
Total
5,688
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.1%
% with KEV
0.7%
% with exploit
11.6%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-3908 | medium | — | 4.3 | 13y ago | Microsoft Internet Explorer 6 through 10 allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information from any visited document via a crafted web page that … | |||
| CVE-2013-5565 | medium | — | 4.3 | 13y ago | The OSPFv3 functionality in Cisco IOS XR 5.1 allows remote attackers to cause a denial of service (process crash) via a malformed LSA Type-1 packet, aka Bug ID CSCuj82176. | |||
| CVE-2013-4716 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Tattyan HP TOWN 5_9_3 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string. | |||
| CVE-2013-5563 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Query/NewQueryResult.jsp in Cisco Security Monitoring, Analysis and Response System (CS-MARS) allows remote attackers to inject arbitrary web script or HTM… | |||
| CVE-2013-5387 | medium | — | 4.3 | 13y ago | Buffer overflow in IBM Platform Symphony 5.2, 6.1, and 6.1.1 allows remote attackers to cause a denial of service (process crash or hang) via a malformed SOAP request with a large amount of request d… | |||
| CVE-2013-4714 | medium | — | 4.3 | 13y ago | Tiki Wiki CMS Groupware Cross-site scripting (XSS) vulnerability | |||
| CVE-2013-3286 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum eRoom before 7.4.4 P11 allow remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||
| CVE-2013-3281 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2 P07, Documentum WDK before 6.7 SP2 P07, Documentum Taskspace before 6.7 SP2 P07, Documentum Records Manager before 6.7… | |||
| CVE-2013-4135 | medium | — | 4.3 | 13y ago | The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt option, only enables integrity protection and sends data in cleartext, which allows remote attackers to obtain sensitive informa… | |||
| CVE-2013-4134 | medium | — | 4.3 | 13y ago | OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 uses weak encryption (DES) for Kerberos keys, which makes it easier for remote attackers to obtain the service key. | |||
| CVE-2013-5695 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in Opsview before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/auditlog/, (2) PATH_INFO to… | |||
| CVE-2013-4453 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in templates/login.php in LDAP Account Manager (LAM) 4.3 and 4.2.1 allows remote attackers to inject arbitrary web script or HTML via the language parameter. | |||
| CVE-2013-3263 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in the WP Ultimate Email Marketer plugin 1.1.0 and possibly earlier for Wordpress allow remote attackers to inject arbitrary web script or HTML via… | |||
| CVE-2013-5670 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in spell-check-savedicts.php in the htmlarea SpellChecker module, as used in Serendipity before 1.7.3 and possibly other products, allows remote attackers to … | |||
| CVE-2013-6340 | medium | — | 4.3 | 13y ago | epan/dissectors/packet-tcp.c in the TCP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 does not properly determine the amount of remaining data, which allows remote attackers to … | |||
| CVE-2013-6339 | medium | — | 4.3 | 13y ago | The dissect_openwire_type function in epan/dissectors/packet-openwire.c in the OpenWire dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 allows remote attackers to cause a denial o… | |||
| CVE-2013-6338 | medium | — | 4.3 | 13y ago | The dissect_sip_common function in epan/dissectors/packet-sip.c in the SIP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 does not properly initialize a data structure, which all… | |||
| CVE-2013-6337 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in the NBAP dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||
| CVE-2013-6336 | medium | — | 4.3 | 13y ago | The ieee802154_map_rec function in epan/dissectors/packet-ieee802154.c in the IEEE 802.15.4 dissector in Wireshark 1.8.x before 1.8.11 and 1.10.x before 1.10.3 uses an incorrect pointer chain, which … | |||
| CVE-2013-6348 | medium | — | 4.3 | 13y ago | Apache Struts is vulnerable to Cross-site Scripting | |||
| CVE-2013-6111 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.x, 1.0.22.7, 1.1.x, 1.24.1, 1.3.25.1 through 1.3.25.4, 1.4.26.1 through 1.4.26.4, 1.5.27.1 through 1.5.27.3, and 1.6.29.1 throug… | |||
| CVE-2013-6344 | medium | — | 4.3 | 13y ago | The ZCC page in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows attackers to conduct cross-frame scripting attacks via unknown vectors. | |||
| CVE-2013-2652 | medium | — | 4.3 | 13y ago | CRLF injection vulnerability in help/help_language.php in WebCollab 3.30 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the item … | |||
| CVE-2013-4447 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the API in the Simplenews module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTM… | |||
| CVE-2013-5555 | medium | — | 4.3 | 13y ago | Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to cause a denial of service (service restart) via a crafted SIP message, aka Bug ID CSCub54349. | |||
| CVE-2013-5548 | medium | — | 4.3 | 13y ago | The IKEv2 implementation in Cisco IOS, when AES-GCM or AES-GMAC is used, allows remote attackers to bypass certain IPsec anti-replay features via IPsec tunnel traffic, aka Bug ID CSCuj47795. | |||
| CVE-2013-5595 | medium | — | 4.3 | 13y ago | The JavaScript engine in Mozilla Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before 24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10, and SeaMonkey before 2.22 doe… | |||
| CVE-2013-5593 | medium | — | 4.3 | 13y ago | The SELECT element implementation in Mozilla Firefox before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1, and SeaMonkey before 2.22 does not properly restrict the nature or placement o… | |||
| CVE-2013-5968 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in CA SiteMinder 12.0 through 12.51, and SiteMinder 6 Web Agents, allows remote attackers to inject arbitrary web script or HTML via vectors involving a " (do… | |||
| CVE-2013-6289 | medium | — | 4.3 | 13y ago | Apache Solr for TYPO3 (solr) extension is vulnerable to Cross-site scripting (XSS) | |||
| CVE-2013-5744 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Feng Office 2.3.2-rc and earlier allows remote attackers to inject arbitrary web script or HTML via an arbitrary ref_XXX parameter. | |||
| CVE-2013-3704 | medium | — | 4.3 | 13y ago | The RPM GPG key import and handling feature in libzypp 12.15.0 and earlier reports a different key fingerprint than the one used to sign a repository when multiple key blobs are used, which might all… | |||
| CVE-2013-6019 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Tyler Technologies TaxWeb 3.13.3.1 allows remote attackers to inject arbitrary web script or HTML via the accountNum parameter to an unspecified component. | |||
| CVE-2013-4122 | medium | — | 4.3 | 13y ago | Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers… | |||
| CVE-2013-1445 | medium | — | 4.3 | 13y ago | The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it, which makes it easier for c… | |||
| CVE-2013-6281 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in codebase/spreadsheet.php in the Spreadsheet (dhtmlxSpreadsheet) plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via… | |||
| CVE-2013-6280 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Social Sharing Toolkit plugin before 2.1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-5190 | medium | — | 4.3 | 13y ago | Smart Card Services in Apple Mac OS X before 10.9 does not properly implement certificate-revocation checks, which allows remote attackers to cause a denial of service (Smart Card usage outage) by in… | |||
| CVE-2013-5185 | medium | — | 4.3 | 13y ago | The ldapsearch command-line program in OpenLDAP in Apple Mac OS X before 10.9 does not properly process the minssf configuration setting, which allows remote attackers to obtain sensitive information… | |||
| CVE-2013-5181 | medium | — | 4.3 | 13y ago | The auto-configuration feature in Mail in Apple Mac OS X before 10.9 selects plaintext authentication for unspecified servers that support CRAM-MD5 authentication, which allows remote attackers to ob… | |||
| CVE-2013-5180 | medium | — | 4.3 | 13y ago | The srandomdev function in Libc in Apple Mac OS X before 10.9, when the kernel random-number generator is unavailable, produces predictable values instead of the intended random values, which makes i… | |||
| CVE-2013-5136 | medium | — | 4.3 | 13y ago | Apple Remote Desktop before 3.7 does not properly use server authentication-type information during decisions about whether to present an unencrypted-connection warning message, which allows remote a… | |||
| CVE-2013-2651 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in BoltWire 3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) "p" or (2) content parameter to index.php. | |||
| CVE-2013-5389 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.3 before FP5 IF2 and 9.0 before IF5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SP… | |||
| CVE-2013-5388 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.3 before FP5 IF2 and 9.0 before IF5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SP… | |||
| CVE-2013-5702 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in WebCenter in WatchGuard WSM and Fireware before 11.8 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||
| CVE-2013-5372 | medium | — | 4.3 | 13y ago | The XML4J parser in IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.7, and 8.0 before 8.0.0.4 and IBM Integration Bus 9.0 before 9.0.0.1 allows remote attackers to cause a denial o… | |||
| CVE-2013-6170 | medium | — | 4.3 | 13y ago | Juniper Junos 10.0 before 10.0S28, 10.4 before 10.4R7, 11.1 before 11.1R5, 11.2 before 11.2R2, and 11.4 before 11.4R1, when in a Next-Generation Multicast VPN (NGEN MVPN) environment, allows remote a… | |||
| CVE-2013-6169 | medium | — | 4.3 | 13y ago | The TLS driver in ejabberd before 2.1.12 supports (1) SSLv2 and (2) weak SSL ciphers, which makes it easier for remote attackers to obtain sensitive information via a brute-force attack. | |||
| CVE-2013-6015 | medium | — | 4.3 | 13y ago | Juniper Junos before 10.4S14, 11.4 before 11.4R5-S2, 12.1R before 12.1R3, 12.1X44 before 12.1X44-D20, and 12.1X45 before 12.1X45-D15 on SRX Series services gateways, when a plugin using TCP proxy is … | |||
| CVE-2013-5376 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.2.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors,… | |||
| CVE-2013-3025 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in IBM Rational Focal Point 6.5.x and 6.6.x before 6.6.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-5863 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in Oracle Solaris 11.1 allows remote attackers to affect integrity via vectors related to IPS repository daemon. | |||
| CVE-2013-5861 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in Oracle Solaris 11.1 allows remote attackers to affect availability via vectors related to Kernel/KSSL. | |||
| CVE-2013-5849 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentia… | |||
| CVE-2013-5845 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in the Oracle iLearning component in Oracle iLearning 5.2.1 and 6.0 allows remote attackers to affect integrity via unknown vectors related to Learner Administration. | |||
| CVE-2013-5839 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in Oracle Solaris 10 allows remote attackers to affect integrity via unknown vectors related to Oracle Java Web Console. | |||
| CVE-2013-5828 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.… | |||
| CVE-2013-5827 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.… | |||
| CVE-2013-5800 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality via vectors related to JGSS. | |||
| CVE-2013-5799 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.2 allows remote attackers to affect integrity via unknown vectors related to Security. | |||
| CVE-2013-5798 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.2.0.0 and 11.1.2.1.0 allows remote attackers to affect integrity via unknown vectors related to End… | |||
| CVE-2013-5796 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect availability via unknown vectors related to Web Services. | |||
| CVE-2013-5790 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentia… | |||
| CVE-2013-5784 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect integrity via vectors related to SCRIPT… | |||
| CVE-2013-5780 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40… | |||
| CVE-2013-5773 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5.0 allows remote attackers to affect integrity via unknown vectors related to Servlet Runtime. | |||
| CVE-2013-5766 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.… | |||
| CVE-2013-3837 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows remote attackers to affect availability via unknown vectors related to Cacao. | |||
| CVE-2013-3833 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5.0 and 11.1.2.0.0 allows remote attackers to affect integrity via unknown vectors related to Authe… | |||
| CVE-2013-3762 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.… | |||
| CVE-2013-4833 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in HP Service Manager 9.30 through 9.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-4389 | medium | — | 4.3 | 13y ago | Multiple format string vulnerabilities in log_subscriber.rb files in the log subscriber component in Action Mailer in Ruby on Rails 3.x before 3.2.15 allow remote attackers to cause a denial of servi… | |||
| CVE-2013-5913 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the getRecommSearch function in recommlist.php in OXID eShop before 4.6.7, Professional and Community Edition 4.7.x before 4.7.8, and Enterprise Edition 5.… | |||
| CVE-2013-5510 | medium | — | 4.3 | 13y ago | The remote-access VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 7.x before 7.2(5.12), 8.x before 8.2(5.46), 8.3.x before 8.3(2.39), 8.4.x before 8.4(6), 8.6.x before 8.6(1.12… | |||
| CVE-2013-4167 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) before 1.11.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-4305 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in contrib/example.php in the SyntaxHighlight GeSHi extension for MediaWiki, possibly as downloaded before September 2013, allows remote attackers to inject a… | |||
| CVE-2013-5524 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the troubleshooting page in Cisco Identity Services Engine (ISE) 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an unsp… | |||
| CVE-2013-5523 | medium | — | 4.3 | 13y ago | The Sponsor Portal in Cisco Identity Services Engine (ISE) 1.2 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attack… | |||
| CVE-2013-3409 | medium | — | 4.3 | 13y ago | The portal in Cisco Prime Central for Hosted Collaboration Solution (HCS) places cleartext credentials in temporary files, which allows local users to obtain sensitive information by leveraging weak … | |||
| CVE-2013-0579 | medium | — | 4.3 | 13y ago | The Optim E-Business Console in IBM Data Growth Solution for Oracle E-business Suite 6.0 through 9.1 allows remote attackers to impersonate arbitrary users by leveraging access to a legitimate user's… | |||
| CVE-2013-1881 | medium | — | 4.3 | 13y ago | GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML Ext… | |||
| CVE-2013-4332 | medium | — | 4.3 | 13y ago | Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large v… | |||
| CVE-2013-4384 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Google Site Search module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.10 for Drupal allows remote attackers to inject arbitrary web script or HTML by c… | |||
| CVE-2013-2099 | medium | — | 4.3 | 13y ago | Algorithmic complexity vulnerability in the ssl.match_hostname function in Python 3.2.x, 3.3.x, and earlier, and unspecified versions of python-backports-ssl_match_hostname as used for older Python v… | |||
| CVE-2013-6044 | medium | — | 4.3 | 13y ago | The is_safe_url function in utils/http.py in Django 1.4.x before 1.4.6, 1.5.x before 1.5.2, and 1.6 before beta 2 treats a URL's scheme as safe even if it is not HTTP or HTTPS, which might introduce … | |||
| CVE-2013-5915 | medium | — | 4.3 | 13y ago | The RSA-CRT implementation in PolarSSL before 1.2.9 does not properly perform Montgomery multiplication, which might allow remote attackers to conduct a timing side-channel attack and retrieve RSA pr… | |||
| CVE-2013-4828 | medium | — | 4.3 | 13y ago | HP LaserJet M4555, M525, and M725; LaserJet flow MFP M525c; LaserJet Enterprise color flow MFP M575c; Color LaserJet CM4540, M575, and M775; and ScanJet Enterprise 8500fn1 FutureSmart devices do not … | |||
| CVE-2013-4711 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Accela BizSearch 3.2 on Linux and Solaris allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-6010 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the Comment Attachment plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "Attachment field title." | |||
| CVE-2013-6009 | medium | — | 4.3 | 13y ago | CRLF injection vulnerability in Open-Xchange AppSuite before 7.2.2, when using AJP in certain conditions, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting … | |||
| CVE-2013-5519 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the management interface on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a… | |||
| CVE-2013-4066 | medium | — | 4.3 | 13y ago | IBM InfoSphere Information Server 8.0, 8.1, 8.5 through FP3, 8.7, and 9.1 allows remote attackers to conduct clickjacking attacks by creating an overlay interface on top of the Web Console interface. | |||
| CVE-2013-2916 | medium | — | 4.3 | 13y ago | Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to spoof the address bar via vectors involving a response with a 204 (aka No Content) status code, in conjunction with a d… | |||
| CVE-2013-2915 | medium | — | 4.3 | 13y ago | Google Chrome before 30.0.1599.66 preserves pending NavigationEntry objects in certain invalid circumstances, which allows remote attackers to spoof the address bar via a URL with a malformed scheme,… | |||
| CVE-2013-5976 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the access policy logout page (logout.inc) in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.1.0 through 11.3.0 allows remote attackers to inject arbitrary web… | |||
| CVE-2013-5975 | medium | — | 4.3 | 13y ago | The access policy logon page (logon.inc) in F5 BIG-IP APM 11.1.0 through 11.2.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | |||
| CVE-2013-5580 | medium | — | 4.3 | 13y ago | The (1) Conn_StartLogin and (2) cb_Read_Resolver_Result functions in conn.c in ngIRCd 18 through 20.2, when the configuration option NoticeAuth is enabled, does not properly handle the return code fo… | |||
| CVE-2013-3964 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Samsung SHR-5162, SHR-5082, and possibly other models, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | |||
| CVE-2013-3962 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera mode… |