Search
Total
20468 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-2618 | 1 Network-weathermap | 1 .network Weathermap | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in editor.php in Network Weathermap before 0.97b allows remote attackers to inject arbitrary web script or HTML via the map_title parameter. | |||||
| CVE-2013-4117 | 2 Anshul Sharma, Wordpress | 2 Category-grid-view-gallery, Wordpress | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in includes/CatGridPost.php in the Category Grid View Gallery plugin 2.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ID parameter. | |||||
| CVE-2013-1780 | 2 Devsaran, Drupal | 2 Best Responsive, Drupal | 2017-08-29 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Best Responsive Theme 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via vectors related to social icons. | |||||
| CVE-2013-4140 | 2 Drupal, Drupalisme | 2 Drupal, Tinybox | 2017-08-29 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the TinyBox (Simple Splash) module before 7.x-2.2 for Drupal allows remote authenticated users with the "administer tinybox" permission to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-2651 | 1 Boltwire | 1 Boltwire | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in BoltWire 3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) "p" or (2) content parameter to index.php. | |||||
| CVE-2013-2955 | 1 Ibm | 1 Infosphere Optim Data Growth For Oracle E-business Suite | 2017-08-29 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, related to a stored XSS issue. | |||||
| CVE-2013-2957 | 1 Ibm | 1 Infosphere Optim Data Growth For Oracle E-business Suite | 2017-08-29 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, and 9.x before 9.1.0.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2013-2967 | 1 Ibm | 1 Websphere Application Server | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-4174 | 2 Drupal, Ows | 2 Drupal, Scald | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Scald module 7.x-1.x before 7.x-1.1 for Drupal allow remote attackers to inject arbitrary web script or HTML via the (1) flash_uri, (2) flash_width, or (3) flash_height in the scald_flash_scald_prerender function in providers/scald_flash/scald_flash.module; or the (4) caption in the scald_image_scald_prerender function in providers/scald_image/scald_image.module. | |||||
| CVE-2013-0502 | 1 Ibm | 1 Infosphere Information Server | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM InfoSphere Information Server 8.1, 8.5 through FP3, 8.7 through FP2, and 9.1 allows remote attackers to inject arbitrary web script or HTML via a malformed URL. | |||||
| CVE-2013-0503 | 1 Ibm | 1 Lotus Connections | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Bookmarks component in IBM Lotus Connections before 4.0 CR3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-0506 | 1 Ibm | 2 Sterling Multi-channel Fulfillment Solution, Sterling Selling And Fulfillment Foundation | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Sterling Order Management 8.0 before HF127, 8.5 before HF89, 9.0 before HF69, 9.1.0 before FP41, and 9.2.0 before FP13 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-0533 | 1 Ibm | 1 Lotus Sametime | 2017-08-29 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Sametime Links server in IBM Sametime 8.0.2 through 8.5.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-4229 | 2 Drupal, Monster Menus Module Project | 2 Drupal, Monster Menus | 2017-08-29 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Monster Menus module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated users with permissions to add pages to inject arbitrary web script or HTML via a title in the page settings. | |||||
| CVE-2013-0525 | 1 Ibm | 1 Lotus Inotes | 2017-08-29 | 1.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IBM iNotes 8.5.x allow local users to inject arbitrary web script or HTML via a shared mail file, aka SPR DKEN8PDNTX. | |||||
| CVE-2013-4249 | 1 Djangoproject | 1 Django | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget widget in contrib/admin/widgets.py in Django 1.5.x before 1.5.2 and 1.6.x before 1.6 beta 2 allows remote attackers to inject arbitrary web script or HTML via a URLField. | |||||
| CVE-2013-3262 | 2 Mikejolley, Wordpress | 2 Download Monitor, Wordpress | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/admin.php in the Download Monitor plugin before 3.3.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the p parameter. | |||||
| CVE-2013-2969 | 1 Ibm | 1 Sterling Control Center | 2017-08-29 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Sterling Control Center (SCC) 5.2 before 5.2.0.9, 5.3 before 5.3.0.4, and 5.4 through 5.4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving invalid characters. | |||||
| CVE-2013-2129 | 2 Drupal, Nathan Haug | 2 Drupal, Webform | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Webform module 6.x-3.x before 6.x-3.19 for Drupal allows remote authenticated users with the "edit own webform content" or "edit all webform content" permissions to inject arbitrary web script or HTML via a component label. | |||||
| CVE-2013-4305 | 1 Mediawiki | 1 Mediawiki | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in contrib/example.php in the SyntaxHighlight GeSHi extension for MediaWiki, possibly as downloaded before September 2013, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | |||||
| CVE-2013-4307 | 1 Mediawiki | 1 Mediawiki | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in repo/includes/EntityView.php in the Wikibase extension for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allow (1) remote attackers to inject arbitrary web script or HTML via a label in the "In other languages" section or (2) remote administrators to inject arbitrary web script or HTML via a description. | |||||
| CVE-2013-4308 | 2 Liquidthreads Project, Mediawiki | 2 Liquidthreads, Mediawiki | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in pages/TalkpageHistoryView.php in the LiquidThreads (LQT) extension 2.x and possibly 3.x for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allows remote attackers to inject arbitrary web script or HTML via a thread subject. | |||||
| CVE-2013-0535 | 1 Ibm | 2 Classic Meeting Server, Lotus Sametime | 2017-08-29 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Classic Meeting Server in IBM Sametime 7.5.1.2 through 8.5.2.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-2652 | 1 Andrew Simpson | 1 Webcollab | 2017-08-29 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in help/help_language.php in WebCollab 3.30 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the item parameter. | |||||
| CVE-2013-2670 | 1 Brother | 2 Mfc-9970cdw, Mfc-9970cdw Firmware | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Brother MFC-9970CDW printer with firmware G (1.03) and L (1.10) allows remote attackers to inject arbitrary web script or HTML via an arbitrary parameter name (QUERY_STRING) to admin/admin_main.html, a different vulnerability than CVE-2013-2507 and CVE-2013-2671. | |||||
| CVE-2013-3025 | 1 Ibm | 1 Rational Focal Point | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IBM Rational Focal Point 6.5.x and 6.6.x before 6.6.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-4384 | 2 Drupal, Google Site Search Project | 2 Drupal, Google Site Search Module | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Google Site Search module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.10 for Drupal allows remote attackers to inject arbitrary web script or HTML by causing crafted data to be returned by the Google API. | |||||
| CVE-2013-2036 | 2 Drupal, Yoran Brault | 2 Drupal, Filebrowser | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Filebrowser module 6.x-2.x before 6.x-2.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "lists of files." | |||||
| CVE-2013-1972 | 2 Alexey Sukhotin, Drupal | 2 Elfinder, Drupal | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the elFinder file manager module 6.x-0.x before 6.x-0.8 and 7.x-0.x before 7.x-0.8 for Drupal allows remote attackers to hijack the authentication of unspecified victims to create, modify, or delete files via unknown vectors. | |||||
| CVE-2013-1971 | 2 Drupal, Jordan De Laune | 2 Drupal, Mp3 Player | 2017-08-29 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the MP3 Player module for Drupal 6.x allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the file name of a MP3 file. | |||||
| CVE-2013-1636 | 3 Blair Williams, Civicrm, Joobi | 3 Pretty Link Lite, Civicrm, Com Jnews | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in open-flash-chart.swf in Open Flash Chart (aka Open-Flash Chart), as used in the Pretty Link Lite plugin before 1.6.3 for WordPress, JNews (com_jnews) component 8.0.1 for Joomla!, and CiviCRM 3.1.0 through 4.2.9 and 4.3.0 through 4.3.3, allows remote attackers to inject arbitrary web script or HTML via the get-data parameter. | |||||
| CVE-2013-4433 | 1 Php | 1 Xhprof | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in XHProf before 0.9.4 allows remote attackers to inject arbitrary web script or HTML via the run parameter. | |||||
| CVE-2013-1967 | 2 Mediaelementjs, Owncloud | 2 Mediaelement.js, Owncloud | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in MediaElement.js before 2.11.2, as used in ownCloud Server 5.0.x before 5.0.5 and 4.5.x before 4.5.10, allows remote attackers to inject arbitrary web script or HTML via the file parameter. | |||||
| CVE-2013-4447 | 1 Md-systems | 1 Simplenews | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the API in the Simplenews module 6.x-1.x before 6.x-1.5 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via an email address. | |||||
| CVE-2013-4453 | 1 Ldap-account-manager | 1 Ldap Account Manager | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in templates/login.php in LDAP Account Manager (LAM) 4.3 and 4.2.1 allows remote attackers to inject arbitrary web script or HTML via the language parameter. | |||||
| CVE-2013-1905 | 2 Catalin Florian Radut, Drupal | 2 Zeropoint, Drupal | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Zero Point theme 7.x-1.x before 7.x-1.9 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-3422 | 1 Cisco | 1 Secure Access Control System | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Administration pages in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud75165. | |||||
| CVE-2013-3423 | 1 Cisco | 1 Secure Access Control System | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified field, aka Bug ID CSCud75174. | |||||
| CVE-2013-1890 | 1 Owncloud | 1 Owncloud | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) new_name parameter to apps/bookmarks/ajax/renameTag.php or (2) multiple unspecified parameters to unknown files in apps/contacts/ajax/. | |||||
| CVE-2013-4499 | 1 Bean Project | 1 Bean | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Bean module 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via the bean title. | |||||
| CVE-2013-1879 | 1 Apache | 1 Activemq | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a message." | |||||
| CVE-2013-1885 | 1 Redhat | 2 Certificate System, Dogtag Certificate System | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the token processing system (pki-tps) in Red Hat Certificate System (RHCS) 8.1 and possibly Dogtag Certificate System 9 and 10 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) tus/ or (2) tus/tus/. | |||||
| CVE-2013-4519 | 1 Reviewboard | 1 Review Board | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Review Board 1.6.x before 1.6.21 and 1.7.x before 1.7.17 allow remote attackers to inject arbitrary web script or HTML via the (1) Branch field or (2) caption of an uploaded file. | |||||
| CVE-2013-0538 | 1 Ibm | 1 Lotus Notes | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element in an HTML e-mail message, aka SPRs JMOY95BLM6 and JMOY95BN49. | |||||
| CVE-2013-0542 | 1 Ibm | 1 Websphere Application Server | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via crafted field values. | |||||
| CVE-2013-3421 | 1 Cisco | 1 Secure Access Control System | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Help index page in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud75170. | |||||
| CVE-2013-0201 | 1 Owncloud | 1 Owncloud | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) QUERY_STRING to core/lostpassword/templates/resetpassword.php, (2) mime parameter to apps/files/ajax/mimeicon.php, or (3) token parameter to apps/gallery/sharing.php. | |||||
| CVE-2013-0473 | 1 Ibm | 2 Rational Policy Tester, Security Appscan | 2017-08-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allow remote attackers to inject arbitrary web script or HTML via a crafted report. | |||||
| CVE-2013-0461 | 1 Ibm | 1 Websphere Application Server | 2017-08-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the virtual member manager (VMM) administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.27, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-0453 | 1 Ibm | 1 Tivoli Endpoint Manager | 2017-08-29 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Web Reports in IBM Tivoli Endpoint Manager (TEM) before 8.2.1372 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||