CVEs from 2013
Total
5,688
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.1%
% with KEV
0.7%
% with exploit
11.6%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-4014 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote attackers to inject arbitrary web script or HTML v… | |||
| CVE-2013-3041 | medium | — | 4.3 | 13y ago | The Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 before 8.0.0.8, and 8.0.1 before 8.0.1.1 allows remote attackers to obtain sensitive information from the client-server data stream … | |||
| CVE-2013-4623 | medium | — | 4.3 | 13y ago | The x509parse_crt function in x509.h in PolarSSL 1.1.x before 1.1.7 and 1.2.x before 1.2.8 does not properly parse certificate messages during the SSL/TLS handshake, which allows remote attackers to … | |||
| CVE-2013-4378 | medium | — | 4.3 | 13y ago | Improper Neutralization of Input During Web Page Generation in JavaMelody | |||
| CVE-2013-4154 | medium | — | 4.3 | 13y ago | The qemuAgentCommand function in libvirt before 1.1.1, when a guest agent is not configured, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors rela… | |||
| CVE-2013-4372 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in Fuse Management Console in Red Hat JBoss Fuse 6.0.0 before patch 3 and JBoss A-MQ 6.0.0 before patch 3 allow remote attackers to inject arbitrar… | |||
| CVE-2013-5505 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in an administration page in Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter,… | |||
| CVE-2013-5504 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the Mobile Device Management (MDM) portal in Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via an uns… | |||
| CVE-2013-4276 | medium | — | 4.3 | 13y ago | Multiple stack-based buffer overflows in LittleCMS (aka lcms or liblcms) 1.19 and earlier allow remote attackers to cause a denial of service (crash) via a crafted (1) ICC color profile to the icctra… | |||
| CVE-2013-5943 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in Graphite before 0.9.11 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-4626 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the BackWPup plugin before 3.0.13 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tab parameter to wp-admin/admin.php. | |||
| CVE-2013-5938 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the Click2Sell Suite module 6.x-1.x for Drupal allows remote attackers to inject arbitrary web script or HTML via a confirmation form. | |||
| CVE-2013-5586 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in wikka.php in WikkaWiki before 1.3.4-p1 allows remote attackers to inject arbitrary web script or HTML via the wakka parameter to sql/. | |||
| CVE-2013-5936 | medium | — | 4.3 | 13y ago | The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 allows remote attackers to obtain sensitive information about (1) runtime activity, (2) networ… | |||
| CVE-2013-5935 | medium | — | 4.3 | 13y ago | The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 does not properly restrict the set of network interfaces that can receive API calls, which mak… | |||
| CVE-2013-5634 | medium | — | 4.3 | 13y ago | arch/arm/kvm/arm.c in the Linux kernel before 3.10 on the ARM platform, when KVM is used, allows host OS users to cause a denial of service (NULL pointer dereference, OOPS, and host OS crash) or poss… | |||
| CVE-2013-4024 | medium | — | 4.3 | 13y ago | IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager 5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2, and DB2 Recovery Expert 2.x support HTTP access to the Web… | |||
| CVE-2013-5911 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in devform.php in Tenable SecurityCenter 4.6 through 4.7 allows remote attackers to inject arbitrary web script or HTML via the message parameter. | |||
| CVE-2013-3616 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the KnowledgeView Editorial and Management application allows remote attackers to inject arbitrary web script or HTML via the username parameter. | |||
| CVE-2013-3589 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the login page in the Administrative Web Interface on Dell iDRAC6 monolithic devices with firmware before 1.96 and iDRAC7 devices with firmware before 1.46… | |||
| CVE-2013-4363 | medium | — | 4.3 | 13y ago | Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1… | |||
| CVE-2013-5930 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in search_residential.php in Real Estate PHP Script allows remote attackers to inject arbitrary web script or HTML via the bos parameter. | |||
| CVE-2013-5918 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in platinum_seo_pack.php in the Platinum SEO plugin before 1.3.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parame… | |||
| CVE-2013-4814 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in HP XP P9000 Command View Advanced Edition Suite Software 7.x before 7.5.0-02 allows remote attackers to inject arbitrary web script or HTML via unspecified… | |||
| CVE-2013-4815 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the web interface in HP ArcSight Enterprise Security Manager (ESM) before 5.5 allows remote attackers to inject arbitrary web script or HTML via unspecifie… | |||
| CVE-2013-4052 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the UDDI Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.… | |||
| CVE-2013-0596 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47 allows remote attackers to inject arbitrary web script or HTML via… | |||
| CVE-2013-5501 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the oraservice page in Cisco MediaSense allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuj23328. | |||
| CVE-2013-5500 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in the oraadmin service page in Cisco MediaSense allow remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bu… | |||
| CVE-2013-5497 | medium | — | 4.3 | 13y ago | The authentication manager process in the web framework in Cisco Intrusion Prevention System (IPS) does not properly handle user tokens, which allows remote attackers to cause a denial of service (in… | |||
| CVE-2013-5159 | medium | — | 4.3 | 13y ago | WebKit in Apple iOS before 7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive information about use of the window.webkitRequestAnimationFrame API via an IFRAM… | |||
| CVE-2013-5156 | medium | — | 4.3 | 13y ago | The Telephony subsystem in Apple iOS before 7 does not require API conformity for access to telephony-daemon interfaces, which allows attackers to bypass intended restrictions on phone calls via a cr… | |||
| CVE-2013-5154 | medium | — | 4.3 | 13y ago | The Sandbox subsystem in Apple iOS before 7 determines the sandboxing requirement for a #! application on the basis of the script interpreter instead of the script, which allows attackers to bypass i… | |||
| CVE-2013-5152 | medium | — | 4.3 | 13y ago | Mobile Safari in Apple iOS before 7 allows remote attackers to spoof the URL bar via a crafted web site. | |||
| CVE-2013-5151 | medium | — | 4.3 | 13y ago | Mobile Safari in Apple iOS before 7 does not prevent HTML interpretation of a document served with a text/plain content type, which allows remote attackers to conduct cross-site scripting (XSS) attac… | |||
| CVE-2013-5149 | medium | — | 4.3 | 13y ago | The Push Notifications subsystem in Apple iOS before 7 provides the push-notification token to an app without user approval, which allows attackers to obtain sensitive information via an app that emp… | |||
| CVE-2013-5131 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||
| CVE-2013-5129 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in WebKit in Apple iOS before 7 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-dr… | |||
| CVE-2013-1034 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in Wiki Server in Apple Mac OS X Server before 2.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-6459 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the will_paginate gem before 3.0.5 for Ruby allows remote attackers to inject arbitrary web script or HTML via vectors involving generated pagination links. | |||
| CVE-2013-1728 | medium | — | 4.3 | 13y ago | The IonMonkey JavaScript engine in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21, when Valgrind mode is used, does not properly initialize memory, which makes it eas… | |||
| CVE-2013-1723 | medium | — | 4.3 | 13y ago | The NativeKey widget in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 processes key messages after destruction by a dispatched event listener, which allows remote at… | |||
| CVE-2013-2788 | medium | — | 4.3 | 13y ago | The DNP3 Slave service in SUBNET Solutions SubSTATION Server 2.7.0033 and 2.8.0106 allows remote attackers to cause a denial of service (unhandled exception and process crash) via unspecified vectors. | |||
| CVE-2013-5711 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in admin/walkthrough/walkthrough.php in the Design Approval System plugin before 3.7 for WordPress allows remote attackers to inject arbitrary web script or H… | |||
| CVE-2013-4766 | medium | — | 4.3 | 13y ago | Eucalyptus Unauthorized Access to CC/NC Log Files | |||
| CVE-2013-4202 | medium | — | 4.3 | 13y ago | OpenStack Cinder Denial of Service using XML entities | |||
| CVE-2013-4181 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the addAlert function in the RedirectServlet servlet in oVirt Engine and Red Hat Enterprise Virtualization Manager (RHEV-M), as used in Red Hat Enterprise … | |||
| CVE-2013-4179 | medium | — | 4.3 | 13y ago | The security group extension in OpenStack Compute (Nova) Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service (resource consumption and crash) vi… | |||
| CVE-2013-1441 | medium | — | 4.3 | 13y ago | econvert in ExactImage 0.8.9 and earlier does not properly initialize the setjmp variable, which allows context-dependent users to cause a denial of service (crash) via a crafted image file. | |||
| CVE-2013-1439 | medium | — | 4.3 | 13y ago | The "faster LJPEG decoder" in libraw 0.13.x, 0.14.x, and 0.15.x before 0.15.4 allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a crafted photo file. | |||
| CVE-2013-4047 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in IBM SPSS Analytical Decision Management 6.1 before IF1, 6.2 before IF1, and 7.0 before FP1 IF6 allows remote attackers to inject arbitrary web script or HT… | |||
| CVE-2013-5495 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the web framework in the Application Server in Cisco Unified MeetingPlace allows remote attackers to inject arbitrary web script or HTML via an unspecified… | |||
| CVE-2013-4704 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in ChamaNet ChamaCargo 7.0000 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-1824 | medium | — | 4.3 | 13y ago | The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an … | |||
| CVE-2013-5722 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in the LDAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||
| CVE-2013-5721 | medium | — | 4.3 | 13y ago | The dissect_mq_rr function in epan/dissectors/packet-mq.c in the MQ dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not properly determine when to enter a certain loop, which… | |||
| CVE-2013-5719 | medium | — | 4.3 | 13y ago | epan/dissectors/packet-assa_r3.c in the ASSA R3 dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 allows remote attackers to cause a denial of service (infinite loop) via a crafted … | |||
| CVE-2013-5718 | medium | — | 4.3 | 13y ago | The dissect_nbap_T_dCH_ID function in epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.8.x before 1.8.10 and 1.10.x before 1.10.2 does not restrict the dch_id value, which allows re… | |||
| CVE-2013-5717 | medium | — | 4.3 | 13y ago | The Bluetooth HCI ACL dissector in Wireshark 1.10.x before 1.10.2 does not properly maintain a certain free list, which allows remote attackers to cause a denial of service (application crash) via a … | |||
| CVE-2013-5649 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS 7.1 before 7.1r15, 7.2 before 7.2r11, 7.3 before 7.3r6, and 7.4 before 7.4r3… | |||
| CVE-2013-5482 | medium | — | 4.3 | 13y ago | Cisco Prime LAN Management Solution (LMS) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks v… | |||
| CVE-2013-4705 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Opera before 15.00 allows remote attackers to inject arbitrary web script or HTML by leveraging UTF-8 encoding. | |||
| CVE-2013-4308 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in pages/TalkpageHistoryView.php in the LiquidThreads (LQT) extension 2.x and possibly 3.x for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.… | |||
| CVE-2013-4307 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in repo/includes/EntityView.php in the Wikibase extension for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allow … | |||
| CVE-2013-5738 | medium | — | 4.3 | 13y ago | The get_allowed_mime_types function in wp-includes/functions.php in WordPress before 3.6.1 does not require the unfiltered_html capability for uploads of .htm and .html files, which might make it eas… | |||
| CVE-2013-3180 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 and SP2 and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted POST request, aka "POST … | |||
| CVE-2013-3159 | medium | — | 4.3 | 13y ago | Microsoft Excel 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Excel Viewer; and Microsoft Office Compatibility Pack SP3 allow remote attackers to read arbitrary files via an XML document containing an ex… | |||
| CVE-2013-3137 | medium | — | 4.3 | 13y ago | Microsoft FrontPage 2003 SP3 does not properly parse DTDs, which allows remote attackers to obtain sensitive information via crafted XML data in a FrontPage document, aka "XML Disclosure Vulnerabilit… | |||
| CVE-2013-4298 | medium | — | 4.3 | 13y ago | The ReadGIFImage function in coders/gif.c in ImageMagick before 6.7.8-8 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted comment in a GIF i… | |||
| CVE-2013-4703 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the top-page customization feature in Cybozu Office before 9.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-5714 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in ls/htmlchat.php in the VideoWhisper Live Streaming Integration plugin 4.25.3 and possibly earlier for WordPress allow remote attackers to inject… | |||
| CVE-2013-4899 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Twilight CMS 5.17 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the gallery/ page. | |||
| CVE-2013-2992 | medium | — | 4.3 | 13y ago | The Search component in IBM WebSphere Commerce 7.0 FP4 through FP6, in certain search-term association configurations, allows remote attackers to cause a denial of service via a crafted query. | |||
| CVE-2013-4287 | medium | — | 4.3 | 13y ago | Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.1, 1.8.24 through 1.8.25, 2.0.x before 2.0.8, and 2.1.x before 2.1.0, as use… | |||
| CVE-2013-5483 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in bookmarklet.jsp in Cisco SocialMiner allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuh73868. | |||
| CVE-2013-5707 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in Coursemill Learning Management System (LMS) 6.8 allow remote attackers to inject arbitrary web script or HTML via crafted input containing a %22… | |||
| CVE-2013-5706 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in Coursemill Learning Management System (LMS) 6.8 allow remote attackers to inject arbitrary web script or HTML via vectors related to error messa… | |||
| CVE-2013-3604 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in Coursemill Learning Management System (LMS) 6.6 allow remote attackers to inject arbitrary web script or HTML via crafted input. | |||
| CVE-2013-3603 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Coursemill Learning Management System (LMS) 6.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages. | |||
| CVE-2013-1228 | medium | — | 4.3 | 13y ago | Cisco Jabber on Windows does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and modify the client-server data stream via a crafted certifica… | |||
| CVE-2013-3106 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev18, 6.22.0 before rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0… | |||
| CVE-2013-2583 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite and Server before 6.20.7 rev16, 6.22.0 before rev15, 6.22.1 before rev17, 7.0.1 before rev6, and 7.0.2 before rev7 allow r… | |||
| CVE-2013-1661 | medium | — | 4.3 | 13y ago | VMware ESXi 4.0 through 5.1, and ESX 4.0 and 4.1, does not properly implement the Network File Copy (NFC) protocol, which allows man-in-the-middle attackers to cause a denial of service (unhandled ex… | |||
| CVE-2013-5664 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the web-based device-management API browser in Palo Alto Networks PAN-OS before 4.1.13 and 5.0.x before 5.0.6 allows remote attackers to inject arbitrary w… | |||
| CVE-2013-5663 | medium | — | 4.3 | 13y ago | The App-ID cache feature in Palo Alto Networks PAN-OS before 4.0.14, 4.1.x before 4.1.11, and 5.0.x before 5.0.2 allows remote attackers to bypass intended security policies via crafted requests that… | |||
| CVE-2013-3463 | medium | — | 4.3 | 13y ago | The protocol-inspection feature on Cisco Adaptive Security Appliances (ASA) devices does not properly implement the idle timeout, which allows remote attackers to cause a denial of service (connectio… | |||
| CVE-2013-5645 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in Roundcube webmail before 0.9.3 allow user-assisted remote attackers to inject arbitrary web script or HTML via the body of a message visited in … | |||
| CVE-2013-5588 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the step parameter to install/index.php or (2) th… | |||
| CVE-2013-3471 | medium | — | 4.3 | 13y ago | The captive portal application in Cisco Identity Services Engine (ISE) allows remote attackers to discover cleartext usernames and passwords by leveraging unspecified use of hidden form fields in an … | |||
| CVE-2013-5018 | medium | — | 4.3 | 13y ago | The is_asn1 function in strongSwan 4.1.11 through 5.0.4 does not properly validate the return value of the asn1_length function, which allows remote attackers to cause a denial of service (segmentati… | |||
| CVE-2013-4272 | medium | — | 4.3 | 13y ago | The BOTCHA Spam Prevention module 7.x-1.x before 7.x-1.6, 7.x-2.x before 7.x-2.1, and 7.x-3.x before 7.x-3.3 for Drupal, when the debugging level is set to 5 or 6, logs the content of submitted forms… | |||
| CVE-2013-2197 | medium | — | 4.3 | 13y ago | The Login Security module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal, when using the login delay option, allows remote attackers to cause a denial of service (CPU consumption) via a… | |||
| CVE-2013-2076 | medium | — | 4.3 | 13y ago | Xen 4.0.x, 4.1.x, and 4.2.x, when running on AMD64 processors, only save/restore the FOP, FIP, and FDP x87 registers in FXSAVE/FXRSTOR when an exception is pending, which allows one domain to determi… | |||
| CVE-2013-3584 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Corporater EPM Suite allows remote attackers to inject arbitrary web script or HTML via the customerId parameter to an unspecified component. | |||
| CVE-2013-0595 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka… | |||
| CVE-2013-0566 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in the (1) Accelerator JSPs, (2) Organization Administration Console JSPs, and (3) Administration Console JSPs in WebSphere Commerce Tools in IBM W… | |||
| CVE-2013-3374 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13, when using the Apache::Session::File session store, allows remote attackers to obtain sensitive informat… | |||
| CVE-2013-3372 | medium | — | 4.3 | 13y ago | Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject multiple Content-Disposition HTTP headers and possibly conduct cross-site scripting (XSS) attacks vi… | |||
| CVE-2013-3371 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 3.8.3 through 3.8.16 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary web script or HTML via the filename of an att… | |||
| CVE-2013-5570 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the Javascript and CSS Optimizer extension before 1.1.14 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |