Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-7467 | 1 Simplemachines | 1 Simple Machines Forum | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Simple Machines Forum (SMF) 2.0.4 allows XSS via the index.php?action=pm;sa=settings;save sa parameter.
|
|||||
| CVE-2013-7371 | 2 Debian, Sencha | 2 Debian Linux, Connect | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
node-connects before 2.8.2 has cross site scripting in Sencha Labs Connect middleware (vulnerability due to incomplete fix for CVE-2013-7370)
|
|||||
| CVE-2013-7370 | 4 Debian, Opensuse, Redhat and 1 more | 4 Debian Linux, Opensuse, Openshift and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware
|
|||||
| CVE-2013-7351 | 1 Shaarli Project | 1 Shaarli | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Shaarli allow remote attackers to inject arbitrary web script or HTML via the URL to the (1) showRSS, (2) showATOM, or (3) showDailyRSS function; a (4) file name to the importFile function; or (5) vectors related to bookmarks.
|
|||||
| CVE-2013-7071 | 1 Fibranet | 1 Monitorix | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the handle_request function in lib/HTTPServer.pm in Monitorix before 3.4.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
|
|||||
| CVE-2013-7062 | 1 Plone | 1 Plone | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in Zope, as used in Plone 3.3.x through 3.3.6, 4.0.x through 4.0.9, 4.1.x through 4.1.6, 4.2.x through 4.2.7, and 4.3 through 4.3.2, allow remote attackers to inject arbitrary web script or HTML via unspecified input in the (1) browser_id_manager or (2) OFS.Image method.
|
|||||
| CVE-2013-7054 | 1 Dlink | 2 Dir-100, Dir-100 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
D-Link DIR-100 4.03B07: cli.cgi XSS
|
|||||
| CVE-2013-6880 | 1 Elvedia | 1 Flashcanvas | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Open redirect in proxy.php in FlashCanvas before 1.6 allows remote attackers to redirect users to arbitrary web sites and conduct cross-site scripting (XSS) attacks via the HTTP Referer header.
|
|||||
| CVE-2013-6878 | 1 Miwisoft | 1 Mijosearch | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the Mijosoft MijoSearch component 2.0.4 and earlier for Joomla! allows remote attackers to inject arbitrary web script or HTML via the query parameter to component/mijosearch/search.
|
|||||
| CVE-2013-6495 | 1 Redhat | 2 Jboss Enterprise Application Platform, Jboss Portal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
JBossWeb Bayeux has reflected XSS
|
|||||
| CVE-2013-6451 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in MediaWiki 1.19.9 before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via unspecified CSS values.
|
|||||
| CVE-2013-6430 | 1 Pivotal Software | 1 Spring Framework | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a (1) line separator or (2) paragraph separator Unicode character or (3) left or (4) right angle bracket.
|
|||||
| CVE-2013-6364 | 2 Debian, Horde | 2 Debian Linux, Groupware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book
|
|||||
| CVE-2013-6242 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 6.22.3 before 6.22.3-rev5 and 6.22.4 before 6.22.4-rev12 allows remote attackers to inject arbitrary web script or HTML via the subject of an email. NOTE: the vulnerabilities related to the body of the email and the publication name were SPLIT from this CVE ID because they affect different sets of versions.
|
|||||
| CVE-2013-6239 | 1 Exis-ti | 1 Exis Contexis | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the photo gallery model in Exis Contexis before 2.0 allows remote attackers to inject arbitrary web script or HTML via the image parameter in a detail action.
|
|||||
| CVE-2013-6022 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A Cross-Site Scripting (XSS) vulnerability exists in Tiki Wiki CMG Groupware 11.0 via the id paraZeroClipboard.swf, which could let a remote malicious user execute arbitrary code.
|
|||||
| CVE-2013-5988 | 1 Semperplugins | 1 All In One Seo Pack | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A Cross-site Scripting (XSS) vulnerability exists in the All in One SEO Pack plugin before 2.0.3.1 for WordPress via the Search parameter.
|
|||||
| CVE-2013-5978 | 1 Cart66 | 1 Cart66 Lite Plugin | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in products.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) Product name or (2) Price description fields via a request to wp-admin/admin.php. NOTE: This issue may only cross privilege boundaries if used in combination with CVE-2013-5977.
|
|||||
| CVE-2013-5658 | 1 Aultware | 1 Pwstore | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
AultWare pwStore 2010.8.30.0 has XSS
|
|||||
| CVE-2013-5638 | 1 Transcend-info | 2 Wifisd, Wifisd Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Transcend WiFiSD 1.8 has persistent XSS
|
|||||
| CVE-2013-5637 | 1 Pqigroup | 2 Air Card, Air Card Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
PQI AirCard has persistent XSS
|
|||||
| CVE-2013-5212 | 1 Easyxdm | 1 Easyxdm | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site Scripting (XSS) in EasyXDM before 2.4.18 allows remote attackers to inject arbitrary web script or html via the easyxdm.swf file.
|
|||||
| CVE-2013-4968 | 1 Puppet | 1 Puppet Enterprise | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Puppet Enterprise before 3.0.1 allows remote attackers to (1) conduct clickjacking attacks via unspecified vectors related to the console, and (2) conduct cross-site scripting (XSS) attacks via unspecified vectors related to "live management."
|
|||||
| CVE-2013-4891 | 1 Codeigniter | 1 Codeigniter | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The xss_clean function in CodeIgniter before 2.1.4 might allow remote attackers to bypass an intended protection mechanism and conduct cross-site scripting (XSS) attacks via an unclosed HTML tag.
|
|||||
| CVE-2013-4791 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
PrestaShop before 1.4.11 allows Logistician, translators and other low level profiles/accounts to inject a persistent XSS vector on TinyMCE.
|
|||||
| CVE-2013-4770 | 1 Eucalyptus | 1 Eucalyptus Management Console | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in Eucalyptus Management Console (EMC) 4.0.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2013-4752 | 2 Fedoraproject, Sensiolabs | 2 Fedora, Symfony | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an issue in the HttpFoundation component. The Host header can be manipulated by an attacker when the framework is generating an absolute URL. A remote attacker could exploit this vulnerability to inject malicious content into the Web application page and conduct various attacks.
|
|||||
| CVE-2013-4718 | 1 Otrs | 2 Otrs, Otrs Itsm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) ITSM 3.0.x before 3.0.9, 3.1.x before 3.1.10, and 3.2.x before 3.2.7 allows remote authenticated users to inject arbitrary web script or HTML via an ITSM ConfigItem search.
|
|||||
| CVE-2013-4693 | 1 Xorbin | 1 Digital Flash Clock | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
WordPress Xorbin Digital Flash Clock 1.0 has XSS
|
|||||
| CVE-2013-4692 | 1 Xorbin | 1 Analog Flash Clock | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Xorbin Analog Flash Clock 1.0 extension for Joomia has XSS
|
|||||
| CVE-2013-4691 | 1 Sencha | 1 Connect | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Sencha Labs Connect has XSS with connect.methodOverride()
|
|||||
| CVE-2013-4664 | 1 Spbas | 1 Business Automation Software | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
SPBAS Business Automation Software 2012 has XSS.
|
|||||
| CVE-2013-4395 | 1 Simplemachines | 1 Simple Machines Forum | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Simple Machines Forum (SMF) through 2.0.5 has XSS
|
|||||
| CVE-2013-4303 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 does not properly detect extensions when there are an even number of "." (period) characters in a string, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the siprop parameter in a query action to wiki/api.php.
|
|||||
| CVE-2013-4275 | 1 Zen Project | 1 Zen | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the zen_breadcrumb function in template.php in the Zen theme 6.x-1.x, 7.x-3.x before 7.x-3.2, and 7.x-5.x before 7.x-5.4 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via the breadcrumb separator field.
|
|||||
| CVE-2013-4241 | 1 Hitmyserver | 1 Hms Testimonials | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities in the HMS Testimonials plugin before 2.0.11 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) image, (3) url, or (4) testimonial parameter to the Testimonial form (hms-testimonials-addnew page); (5) date_format parameter to the Settings - Default form (hms-testimonials-settings page); (6) name parameter in a Save action to the Settings - Custom Fields form (hms-testimonials-settings-fields page); ...
Show More |
|||||
| CVE-2013-4225 | 1 Restful Web Services Project | 1 Restful Web Services | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
The RESTful Web Services (restws) module 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.1 for Drupal does not properly restrict access to entity write operations, which makes it easier for remote authenticated users with the "access resource node" and "create page content" permissions (or equivalents) to conduct cross-site scripting (XSS) or execute arbitrary PHP code via a crafted text field.
|
|||||
| CVE-2013-4170 | 1 Emberjs | 1 Ember.js | 2024-11-21 | 2.6 LOW | 6.1 MEDIUM |
|
In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, the `tagName` property of an `Ember.View` was inserted into such a string without being sanitized. This means that if an application assigns a view's `tagName` to user-supplied data, a specially-crafted payload could execute arbitrary JavaScript in the context of the current domain ("XSS"). This vulnerability only affects applications that assign or bind user-p ...
Show More |
|||||
| CVE-2013-4168 | 3 Debian, Fedoraproject, Smokeping | 3 Debian Linux, Fedora, Smokeping | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in SmokePing 2.6.9 in the start and end time fields.
|
|||||
| CVE-2013-4158 | 3 Debian, Fedoraproject, Smokeping | 3 Debian Linux, Fedora, Smokeping | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
smokeping before 2.6.9 has XSS (incomplete fix for CVE-2012-0790)
|
|||||