CVEs from 2013
Total
5,688
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.1%
% with KEV
0.7%
% with exploit
11.6%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-1555 | medium | — | 4.0 | 13y ago | Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, and 5.5.29 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Partition. | |||
| CVE-2013-1544 | medium | — | 4.0 | 13y ago | Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data M… | |||
| CVE-2013-1543 | medium | — | 4.0 | 13y ago | Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Open UI … | |||
| CVE-2013-1536 | medium | — | 4.0 | 13y ago | Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 5.5.05 and 6.2 allows remote authenticated users to affect confidentiality via unknow… | |||
| CVE-2013-1532 | medium | — | 4.0 | 13y ago | Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Inform… | |||
| CVE-2013-1527 | medium | — | 4.0 | 13y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote authenticated users to affect confidentiality via unknown… | |||
| CVE-2013-1526 | medium | — | 4.0 | 13y ago | Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication. | |||
| CVE-2013-1525 | medium | — | 4.0 | 13y ago | Unspecified vulnerability in the Oracle Retail Integration Bus component in Oracle Industry Applications 13.0, 13.1, and 13.2 allows remote authenticated users to affect confidentiality via unknown v… | |||
| CVE-2013-1516 | medium | — | 4.0 | 13y ago | Unspecified vulnerability in the Oracle WebCenter Capture component in Oracle Fusion Middleware 10.1.3.5.1 allows remote authenticated users to affect availability via unknown vectors related to Impo… | |||
| CVE-2013-1514 | medium | — | 4.0 | 13y ago | Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5 allows remote authenticated users to affect integrity via vectors related to RMI Support. | |||
| CVE-2013-1512 | medium | — | 4.0 | 13y ago | Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language. | |||
| CVE-2013-0416 | medium | — | 4.0 | 13y ago | Unspecified vulnerability in the Siebel Enterprise Application Integration component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vecto… | |||
| CVE-2013-0470 | medium | — | 4.0 | 13y ago | HTTPD in IBM Netezza Performance Portal 1.0.2 allows remote authenticated users to list application directories containing asset files via a direct request to a directory URI, as demonstrated by list… | |||
| CVE-2013-1901 | medium | — | 4.0 | 13y ago | PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) … | |||
| CVE-2013-2761 | medium | — | 4.0 | 13y ago | The Schneider Electric M340 BMXNOE01xx and BMXP3420xx PLC modules allow remote authenticated users to cause a denial of service (module crash) via crafted FTP traffic, as demonstrated by the FileZill… | |||
| CVE-2013-0454 | medium | — | 4.0 | 13y ago | The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the IBM Storwize V7000 Unified 1.3 before 1.3.2.3 and 1.4 before 1.4.0.1 and possibly other products, does not properly enforce CIFS sh… | |||
| CVE-2013-1834 | medium | — | 4.0 | 13y ago | Moodle allows remote authenticated users to reassign notes | |||
| CVE-2013-1832 | medium | — | 4.0 | 13y ago | Moodle includes the WebDAV password in the configuration form | |||
| CVE-2013-1829 | medium | — | 4.0 | 13y ago | calendar/managesubscriptions.php in Moodle 2.4.x before 2.4.2 does not consider capability requirements before displaying calendar subscriptions, which allows remote authenticated users to obtain pot… | |||
| CVE-2013-0679 | medium | — | 4.0 | 13y ago | Directory traversal vulnerability in the web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote authenticated users to read arbitrary files v… | |||
| CVE-2013-0678 | medium | — | 4.0 | 13y ago | Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly represent WebNavigator credentials in a database, which makes it easier for remote authenticated… | |||
| CVE-2013-0676 | medium | — | 4.0 | 13y ago | Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly assign privileges for the database containing WebNavigator credentials, which allows remote auth… | |||
| CVE-2013-0671 | medium | — | 4.0 | 13y ago | Directory traversal vulnerability in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to read HMI web-application source code and user-defined scripts via a crafted URL. | |||
| CVE-2013-0669 | medium | — | 4.0 | 13y ago | The HMI web application in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to cause a denial of service (daemon crash) via a crafted HTTP request. | |||
| CVE-2013-0715 | medium | — | 4.0 | 13y ago | The WebCLI component in Wind River VxWorks 5.5 through 6.9 allows remote authenticated users to cause a denial of service (CLI session crash) via a crafted command string. | |||
| CVE-2013-2275 | medium | — | 4.0 | 13y ago | The default configuration for puppet masters 0.25.0 and later in Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and Puppet Enterprise before 1.2.7 and 2.7.x before 2.7.2, allows r… | |||
| CVE-2013-0331 | medium | — | 4.0 | 13y ago | Jenkins Vulnerable to Denial of Service (DoS) via Crafted Payload | |||
| CVE-2013-0330 | medium | — | 4.0 | 13y ago | Jenkins allows Remote Users to Build Arbitrary Jobs | |||
| CVE-2013-0168 | medium | — | 4.0 | 13y ago | The MoveDisk command in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier does not properly check permissions on storage domains, which allows remote authenticated storage admins to … | |||
| CVE-2013-1774 | medium | — | 4.0 | 13y ago | The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /de… | |||
| CVE-2013-1772 | medium | — | 4.0 | 13y ago | The log_prefix function in kernel/printk.c in the Linux kernel 3.x before 3.4.33 does not properly remove a prefix string from a syslog header, which allows local users to cause a denial of service (… | |||
| CVE-2013-1139 | medium | — | 4.0 | 13y ago | The nsAPI interface in Cisco Cloud Portal 9.1 SP1 and SP2, and 9.3 through 9.3.2, does not properly check privileges, which allows remote authenticated users to obtain sensitive information via a cra… | |||
| CVE-2013-0212 | medium | — | 4.0 | 14y ago | OpenStack Glance logs user name and password in cleartext | |||
| CVE-2013-0467 | medium | — | 4.0 | 14y ago | IBM Eclipse Help System (IEHS), as used in IBM Data Studio 3.1 and 3.1.1 and other products, allows remote authenticated users to read source code via a crafted URL. | |||
| CVE-2013-2506 | medium | — | 4.0 | 14y ago | spree_auth_devise allows remote authenticated users to assign themselves arbitrary roles | |||
| CVE-2013-0776 | medium | — | 4.0 | 14y ago | Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow man-in-the-middle attackers to spoof the ad… | |||
| CVE-2013-1624 | medium | — | 4.0 | 14y ago | Improper Input Validation in Bouncy Castle | |||
| CVE-2013-1619 | medium | — | 4.0 | 14y ago | The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the pr… | |||
| CVE-2013-1618 | medium | — | 4.0 | 14y ago | The TLS implementation in Opera before 12.13 does not properly consider timing side-channel attacks on a MAC check operation during the processing of malformed CBC padding, which allows remote attack… | |||
| CVE-2013-1107 | medium | — | 4.0 | 14y ago | The search function in Cisco Webex Social (formerly Cisco Quad) allows remote authenticated users to read files via unspecified parameters, aka Bug ID CSCud40235. | |||
| CVE-2013-0443 | medium | — | 4.0 | 14y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 an… | |||
| CVE-2013-1450 | medium | — | 4.0 | 14y ago | Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not properly reuse TCP sessions to the proxy se… | |||
| CVE-2013-1110 | medium | — | 4.0 | 14y ago | Cisco WebEx Training Center allow remote authenticated users to bypass intended privilege restrictions and (1) enable or (2) disable training-center recordings via a crafted URL, aka Bug ID CSCzu8106… | |||
| CVE-2013-1108 | medium | — | 4.0 | 14y ago | Cisco WebEx Training Center allows remote authenticated users to remove hands-on lab-session reservations via a crafted URL, aka Bug ID CSCzu81064. | |||
| CVE-2013-0395 | medium | — | 4.0 | 14y ago | Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote authenticated users to affect integrity via unknown vectors related to Secu… | |||
| CVE-2013-0371 | medium | — | 4.0 | 14y ago | Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability, related to MyISAM. | |||
| CVE-2013-0368 | medium | — | 4.0 | 14y ago | Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. | |||
| CVE-2013-0367 | medium | — | 4.0 | 14y ago | Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Partition. | |||
| CVE-2013-0365 | medium | — | 4.0 | 14y ago | Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Security. | |||
| CVE-2013-5218 | low | — | 3.9 | 13y ago | Cross-site scripting (XSS) vulnerability on the HOT HOTBOX router with software 2.1.11 allows remote attackers to inject arbitrary web script or HTML via a crafted DHCP Host Name option, which is not… | |||
| CVE-2013-6219 | low | — | 3.8 | 12y ago | Unspecified vulnerability in HP HP-UX Whitelisting (aka WLI) before A.01.02.02 on HP-UX B.11.31 allows local users to bypass intended access restrictions via unknown vectors. | |||
| CVE-2013-2140 | low | — | 3.8 | 13y ago | The dispatch_discard_io function in drivers/block/xen-blkback/blkback.c in the Xen blkback implementation in the Linux kernel before 3.10.5 allows guest OS users to cause a denial of service (data lo… | |||
| CVE-2013-1530 | low | — | 3.8 | 13y ago | Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via unknown vectors related to Kernel. | |||
| CVE-2013-5229 | low | — | 3.7 | 11y ago | The Remote Desktop full-screen feature in Apple OS X before 10.9 and Apple Remote Desktop before 3.7 sends dialog-box text to a connected remote host upon being woken from sleep, which allows physica… | |||
| CVE-2013-7347 | low | — | 3.7 | 12y ago | Luci in Red Hat Conga does not properly enforce the user session timeout, which might allow attackers to gain access to the session by reading the __ac session cookie. NOTE: this issue has been SPLI… | |||
| CVE-2013-5710 | low | — | 3.7 | 13y ago | The nullfs implementation in sys/fs/nullfs/null_vnops.c in the kernel in FreeBSD 8.3 through 9.2 allows local users with certain permissions to bypass access restrictions via a hardlink in a nullfs i… | |||
| CVE-2013-2451 | low | — | 3.7 | 13y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidenti… | |||
| CVE-2013-0404 | low | — | 3.7 | 13y ago | Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel/Boot. | |||
| CVE-2013-0219 | low | — | 3.7 | 14y ago | System Security Services Daemon (SSSD) before 1.9.4, when (1) creating, (2) copying, or (3) removing a user home directory tree, allows local users to create, modify, or delete arbitrary files via a … | |||
| CVE-2013-4426 | low | — | 3.6 | 12y ago | pyxtrlock before 0.1 uses an incorrect variable name, which allows physically proximate attackers to bypass the lock screen via multiple failed authentication attempts, which trigger a crash. | |||
| CVE-2013-5364 | low | — | 3.6 | 13y ago | Secunia CSI Agent 6.0.0.15017 and earlier, 6.0.1.1007 and earlier, and 7.0.0.21 and earlier, when running on Red Hat Linux, uses world-readable and world-writable permissions for /etc/csia_config.xml… | |||
| CVE-2013-4270 | low | — | 3.6 | 13y ago | The net_ctl_permissions function in net/sysctl_net.c in the Linux kernel before 3.11.5 does not properly determine uid and gid values, which allows local users to bypass intended /proc/sys/net restri… | |||
| CVE-2013-2930 | low | — | 3.6 | 13y ago | The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable fun… | |||
| CVE-2013-5857 | low | — | 3.6 | 13y ago | Unspecified vulnerability in the Oracle Health Sciences InForm component in Oracle Industry Applications 4.5 SP3, 4.5 SP3a-k, 4.6 SP0, 4.6 SP0a-c, 4.6 SP1, 4.6 SP1a-c, 4.6 SP2, 4.6 SP2a-c, 5.0 SP0, 5… | |||
| CVE-2013-5856 | low | — | 3.6 | 13y ago | Unspecified vulnerability in the Oracle Health Sciences InForm component in Oracle Industry Applications 4.5 SP3, 4.5 SP3a-k, 4.6 SP0, 4.6 SP0a-c, 4.6 SP1, 4.6 SP1a-c, 4.6 SP2, 4.6 SP2a-c, 5.0 SP0, 5… | |||
| CVE-2013-4157 | low | — | 3.6 | 13y ago | Red Hat Storage 2.0 allows local users to overwrite arbitrary files via a symlink attack on the (1) e, (2) local-bricks.list, (3) bricks.err, or (4) limits.conf files in /tmp. | |||
| CVE-2013-4956 | low | — | 3.6 | 13y ago | Puppet Module Tool (PMT), as used in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, installs modules with weak permissions if thos… | |||
| CVE-2013-5099 | low | — | 3.6 | 13y ago | Cross-site scripting (XSS) vulnerability in article.php in Anchor CMS 0.9.1, when comments are enabled, allows remote attackers to inject arbitrary web script or HTML via the Name field. NOTE: some … | |||
| CVE-2013-4954 | low | — | 3.6 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Genetech Solutions Pie-Register plugin before 1.31 for WordPress, when "Allow New Registrations to set their own Password" i… | |||
| CVE-2013-1500 | low | — | 3.6 | 13y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows loca… | |||
| CVE-2013-2387 | low | — | 3.6 | 13y ago | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 4.1.0 allows remote authenticated users to affect confidentiality and int… | |||
| CVE-2013-0412 | low | — | 3.6 | 13y ago | Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect integrity and availability via unknown vectors related to Utility/pax. | |||
| CVE-2013-0914 | low | — | 3.6 | 13y ago | The flush_signal_handlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sa_restorer field across an exec operation, which makes it easier for local users to … | |||
| CVE-2013-1766 | low | — | 3.6 | 13y ago | libvirt 1.0.2 and earlier sets the group owner to kvm for device files, which allows local users to write to these files via unspecified vectors. | |||
| CVE-2013-0164 | low | — | 3.6 | 14y ago | The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in Red Hat OpenShift Origin before 1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with a… | |||
| CVE-2013-0254 | low | — | 3.6 | 14y ago | The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before 4.7.6, and other versions including 4.4.0 uses weak permissions (world-readable and world-writable) for shared memory segments, w… | |||
| CVE-2013-0964 | low | — | 3.6 | 14y ago | The kernel in Apple iOS before 6.1 and Apple TV before 5.2 does not properly validate copyin and copyout arguments, which allows local users to bypass intended pointer restrictions and access locatio… | |||
| CVE-2013-4278 | low | — | 3.5 | 4y ago | The "create an instance" API in OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly enforce the os-flavor-access:is_public property, which allows remote authenticated users to boot… | |||
| CVE-2013-6892 | low | — | 3.5 | 12y ago | WebSVN 2.3.3 allows remote authenticated users to read arbitrary files via a symlink attack in a commit. | |||
| CVE-2013-4754 | low | — | 3.5 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Owl Intranet Knowledgebase 1.10 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Search field to browse.php o… | |||
| CVE-2013-4753 | low | — | 3.5 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.11.9 and earlier allow remote authenticated users to inject arbitrary web script or HTML via (1) the Search field in an inbox action… | |||
| CVE-2013-3065 | low | — | 3.5 | 12y ago | Cross-site scripting (XSS) vulnerability in the Parental Controls section in Linksys EA6500 with firmware 1.1.28.147876 allows remote authenticated users to inject arbitrary web script or HTML via ve… | |||
| CVE-2013-3004 | low | — | 3.5 | 12y ago | Directory traversal vulnerability in BIRT-Report Viewer in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.x and 7.2.x before 7.2.1.5 allows remote authenticated users to read arbitra… | |||
| CVE-2013-6310 | low | — | 3.5 | 12y ago | Cross-site scripting (XSS) vulnerability in IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-6741 | low | — | 3.5 | 12y ago | IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Managem… | |||
| CVE-2013-5460 | low | — | 3.5 | 12y ago | IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to bypass intended access restrictions, and r… | |||
| CVE-2013-2998 | low | — | 3.5 | 12y ago | frontcontroller.jsp in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote authenticated users to obtain sensitive i… | |||
| CVE-2013-6726 | low | — | 3.5 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in WebProcess.srv in IBM TRIRIGA Application Platform 3.2.x and 3.3.x before 3.3.1.2 allow remote authenticated users to inject arbitrary web scrip… | |||
| CVE-2013-6323 | low | — | 3.5 | 12y ago | Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.33, 8.x before 8.0.0.9, and 8.5.x before 8.5.5.2, and WebSphere Virtu… | |||
| CVE-2013-3069 | low | — | 3.5 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR WNDR4700 with firmware 1.0.0.34 allow remote authenticated users to inject arbitrary web script or HTML via the (1) UserName or (2) Pass… | |||
| CVE-2013-3998 | low | — | 3.5 | 12y ago | CRLF injection vulnerability in the Web Application Enterprise Console in IBM InfoSphere BigInsights 1.1 and 2.x before 2.1 FP2 allows remote authenticated users to inject arbitrary HTTP headers and … | |||
| CVE-2013-6729 | low | — | 3.5 | 12y ago | Cross-site scripting (XSS) vulnerability in IBM QuickFile 1.0.0.0 before iFix 4 and 1.1.0.1 before iFix 3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||
| CVE-2013-2150 | low | — | 3.5 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in js/viewer.js in ownCloud before 4.5.12 and 5.x before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to… | |||
| CVE-2013-2149 | low | — | 3.5 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.16 and 5.x before 5.0.7 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to share… | |||
| CVE-2013-2042 | low | — | 3.5 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11, and 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via … | |||
| CVE-2013-2041 | low | — | 3.5 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via the (1) tag parameter to apps/bookmarks/… | |||
| CVE-2013-2040 | low | — | 3.5 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11, and 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via … | |||
| CVE-2013-1851 | low | — | 3.5 | 12y ago | Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.13 and 4.5.x before 4.5.8, when the user_migrate application is enabled, allows remote authenticated users to import arbit… | |||
| CVE-2013-0307 | low | — | 3.5 | 12y ago | Cross-site scripting (XSS) vulnerability in settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allows remote administrators to inject arbitrary web script or HTML via the group input field… | |||
| CVE-2013-0297 | low | — | 3.5 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) site_… |