Total
36897 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-4664 | 1 Spbas | 1 Business Automation Software | 2024-11-21 | 6.1 Medium |
| SPBAS Business Automation Software 2012 has XSS. | ||||
| CVE-2013-4395 | 1 Simplemachines | 1 Simple Machines Forum | 2024-11-21 | 6.1 Medium |
| Simple Machines Forum (SMF) through 2.0.5 has XSS | ||||
| CVE-2013-4303 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 6.1 Medium |
| includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 does not properly detect extensions when there are an even number of "." (period) characters in a string, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the siprop parameter in a query action to wiki/api.php. | ||||
| CVE-2013-4275 | 1 Zen Project | 1 Zen | 2024-11-21 | 5.4 Medium |
| Cross-site scripting (XSS) vulnerability in the zen_breadcrumb function in template.php in the Zen theme 6.x-1.x, 7.x-3.x before 7.x-3.2, and 7.x-5.x before 7.x-5.4 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via the breadcrumb separator field. | ||||
| CVE-2013-4241 | 1 Hitmyserver | 1 Hms Testimonials | 2024-11-21 | 6.1 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in the HMS Testimonials plugin before 2.0.11 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) image, (3) url, or (4) testimonial parameter to the Testimonial form (hms-testimonials-addnew page); (5) date_format parameter to the Settings - Default form (hms-testimonials-settings page); (6) name parameter in a Save action to the Settings - Custom Fields form (hms-testimonials-settings-fields page); or (7) name parameter in a Save action to the Settings - Template form (hms-testimonials-templates-new page). | ||||
| CVE-2013-4225 | 2 Redhat, Restful Web Services Project | 2 Satellite, Restful Web Services | 2024-11-21 | 8.8 High |
| The RESTful Web Services (restws) module 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.1 for Drupal does not properly restrict access to entity write operations, which makes it easier for remote authenticated users with the "access resource node" and "create page content" permissions (or equivalents) to conduct cross-site scripting (XSS) or execute arbitrary PHP code via a crafted text field. | ||||
| CVE-2013-4170 | 1 Emberjs | 1 Ember.js | 2024-11-21 | 6.1 Medium |
| In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, the `tagName` property of an `Ember.View` was inserted into such a string without being sanitized. This means that if an application assigns a view's `tagName` to user-supplied data, a specially-crafted payload could execute arbitrary JavaScript in the context of the current domain ("XSS"). This vulnerability only affects applications that assign or bind user-provided content to `tagName`. | ||||
| CVE-2013-4168 | 3 Debian, Fedoraproject, Smokeping | 3 Debian Linux, Fedora, Smokeping | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in SmokePing 2.6.9 in the start and end time fields. | ||||
| CVE-2013-4158 | 3 Debian, Fedoraproject, Smokeping | 3 Debian Linux, Fedora, Smokeping | 2024-11-21 | 6.1 Medium |
| smokeping before 2.6.9 has XSS (incomplete fix for CVE-2012-0790) | ||||
| CVE-2013-4109 | 1 Cryptocat Project | 1 Cryptocat | 2024-11-21 | 6.1 Medium |
| An unspecified cross-site scripting (XSS) vulnerability exists in Cryptocat Message Handling 1.1.165. | ||||
| CVE-2013-4107 | 1 Cryptocat Project | 1 Cryptocat | 2024-11-21 | 6.1 Medium |
| Cryptocat before 2.0.22: cryptocat.js handlePresence() has cross site scripting | ||||
| CVE-2013-4106 | 1 Cryptocat Project | 1 Cryptocat | 2024-11-21 | 6.1 Medium |
| A Cross-site scripting (XSS) vulnerability exists in Conversation Overview Nickname in Cryptocat before 2.0.22. | ||||
| CVE-2013-3936 | 1 Opsview | 2 Opsview, Opsview Core | 2024-11-21 | 6.1 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in Opsview before 4.4.1 and Opsview Core before 20130522 allow remote attackers to inject arbitrary web script or HTML. | ||||
| CVE-2013-3931 | 1 Jomres | 1 Jomres | 2024-11-21 | 5.4 Medium |
| Cross-site scripting (XSS) vulnerability in the Jomres (com_jomres) component before 7.3.1 for Joomla! allows remote authenticated users with the "Business Manager" permission to inject arbitrary web script or HTML via the property_name parameter, related to editing property details. | ||||
| CVE-2013-3637 | 1 Projectpier | 1 Projectpier | 2024-11-21 | 5.4 Medium |
| ProjectPier 0.8.8 does not use the Secure flag for cookies | ||||
| CVE-2013-3636 | 1 Projectpier | 1 Projectpier | 2024-11-21 | 5.4 Medium |
| ProjectPier 0.8.8 has a Remote Information Disclosure Weakness because of the lack of the HttpOnly cookie flag | ||||
| CVE-2013-3635 | 1 Projectpier | 1 Projectpier | 2024-11-21 | 5.4 Medium |
| ProjectPier 0.8.8 has stored XSS | ||||
| CVE-2013-3565 | 2 Opensuse, Videolan | 2 Opensuse, Vlc Media Player | 2024-11-21 | 6.1 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command parameter to requests/vlm_cmd.xml, (2) dir parameter to requests/browse.xml, or (3) URI in a request, which is returned in an error message through share/lua/intf/http.lua. | ||||
| CVE-2013-3517 | 1 Netgear | 4 Wnr3500l, Wnr3500l Firmware, Wnr3500u and 1 more | 2024-11-21 | 5.4 Medium |
| Cross-site scripting (XSS) vulnerability in NETGEAR WNR3500U and WNR3500L. | ||||
| CVE-2013-3320 | 1 Netapp | 1 Oncommand System Manager | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) vulnerability in NetApp OnCommand System Manager before 2.2 allows remote attackers to inject arbitrary web script or HTML via the 'full-name' and 'comment' fields. | ||||