CVEs from 2013
Total
5,687
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.1%
% with KEV
0.7%
% with exploit
11.6%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-2287 | medium | — | 5.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) notify or … | |||
| CVE-2013-0807 | medium | — | 5.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the NewSectionPrompt function in include/tool/editing_page.php in gpEasy CMS 3.5.2 and earlier allows remote attackers to inject arbitrary web script or HT… | |||
| CVE-2013-2643 | medium | — | 5.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Sophos Web Appliance before 3.7.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) xss parameter in an allow action t… | |||
| CVE-2013-1636 | medium | — | 5.3 | 12y ago | Cross-site scripting (XSS) vulnerability in open-flash-chart.swf in Open Flash Chart (aka Open-Flash Chart), as used in the Pretty Link Lite plugin before 1.6.3 for WordPress, JNews (com_jnews) compo… | |||
| CVE-2013-2289 | medium | — | 5.3 | 12y ago | Cross-site scripting (XSS) vulnerability in admin/templates/default.php in Batavi 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to admin/index.php. | |||
| CVE-2013-6031 | medium | — | 5.3 | 12y ago | The Huawei E355 adapter with firmware 21.157.37.01.910 does not require authentication for API pages, which allows remote attackers to change passwords and settings, or obtain sensitive information, … | |||
| CVE-2013-6233 | medium | — | 5.3 | 12y ago | Cross-site scripting (XSS) vulnerability in SpagoBI before 4.1 allows remote authenticated users to inject arbitrary web script or HTML via the Description field in the "Short document metadata." | |||
| CVE-2013-1409 | medium | — | 5.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the CommentLuv plugin before 2.92.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the _ajax_nonce parameter to wp-admin/… | |||
| CVE-2013-6674 | medium | — | 5.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject ar… | |||
| CVE-2013-6229 | medium | — | 5.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in Atmail Webmail Server 7.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) filter parameter to index.php/mail/mail/li… | |||
| CVE-2013-2639 | medium | — | 5.3 | 13y ago | Cross-site scripting (XSS) vulnerability in CTERA Cloud Storage OS before 3.2.29.0, 3.2.42.0, and earlier allows remote attackers to inject arbitrary web script or HTML via the description in a proje… | |||
| CVE-2013-7319 | medium | — | 5.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the Download Manager plugin before 2.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the title field. | |||
| CVE-2013-3639 | medium | — | 5.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in Xaraya 2.4.0-b1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) interface, (3) name, or (4) tabmod… | |||
| CVE-2013-1466 | medium | — | 5.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in glFusion before 1.2.2.pl4 allow remote attackers to inject arbitrary web script or HTML via the (1) subject parameter to profiles.php; (2) addre… | |||
| CVE-2013-5092 | medium | — | 5.3 | 13y ago | Cross-site scripting (XSS) vulnerability in afa/php/Login.php in AlgoSec Firewall Analyzer 6.1-b86 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | |||
| CVE-2013-4888 | medium | — | 5.3 | 13y ago | Cross-site scripting (XSS) vulnerability in index.php in Digital Signage Xibo 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the layout parameter in the layout page. | |||
| CVE-2013-5094 | medium | — | 5.3 | 13y ago | Cross-site scripting (XSS) vulnerability in index.exp in McAfee Vulnerability Manager 7.5 allows remote attackers to inject arbitrary web script or HTML via the cert_cn cookie parameter. | |||
| CVE-2013-7316 | medium | — | 5.3 | 13y ago | Cross-site scripting (XSS) vulnerability in GitLab 6.0 and other versions before 6.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML file, as demonstrated by READM… | |||
| CVE-2013-7184 | medium | — | 5.3 | 13y ago | Gretech GOM Media Player 2.2.56.5158 and earlier allows remote attackers to cause a denial of service (memory corruption) via a crafted AVI file. | |||
| CVE-2013-2750 | medium | — | 5.3 | 13y ago | Cross-site scripting (XSS) vulnerability in e107_plugins/content/handlers/content_preset.php in e107 before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the query string. | |||
| CVE-2013-4884 | medium | — | 5.3 | 13y ago | Cross-site scripting (XSS) vulnerability in McAfee SuperScan 4.0 allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded sequences in a server response, which is not properly… | |||
| CVE-2013-6017 | medium | — | 5.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Atmail Webmail Server before 7.2 allows remote attackers to inject arbitrary web script or HTML via the body of an e-mail message, as demonstrated by the S… | |||
| CVE-2013-6923 | medium | — | 5.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in Seagate BlackArmor NAS 220 devices with firmware sg2000-2000.1331 allow remote attackers to inject arbitrary web script or HTML via the (1) full… | |||
| CVE-2013-7280 | medium | — | 5.3 | 13y ago | Buffer overflow in HansoTools Hanso Player 2.1.0, 2.5.0, and earlier allows remote attackers to cause a denial of service (crash) via a long string in a .m3u file. | |||
| CVE-2013-5573 | medium | — | 5.3 | 13y ago | Jenkins allows Cross-Site Scripting (XSS) in User Configuration | |||
| CVE-2013-4858 | medium | — | 5.3 | 13y ago | Microsoft Windows Movie Maker 2.1.4026.0 on Windows XP SP3 allows remote attackers to cause a denial of service (application crash) via a crafted .wav file, as demonstrated by movieMaker.wav. | |||
| CVE-2013-2504 | medium | — | 5.3 | 13y ago | Cross-site scripting (XSS) vulnerability in SPS/Portal/default.aspx in Service Desk in Matrix42 Service Store 5.3 SP3 (aka 5.33.946.0) allows remote attackers to inject arbitrary web script or HTML v… | |||
| CVE-2013-6162 | medium | — | 5.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Code-Crafters Ability Mail Server 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the body of an email. | |||
| CVE-2013-6882 | medium | — | 5.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in CRU Ditto Forensic FieldStation with firmware 2013Oct15a and earlier allow (1) remote attackers to inject arbitrary web script or HTML via the u… | |||
| CVE-2013-4624 | medium | — | 5.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in Jahia xCM 6.6.1.0 before hotfix 7 allow remote attackers to inject arbitrary web script or HTML via (1) the site parameter to engines/manager.js… | |||
| CVE-2013-0221 | medium | — | 5.3 | 13y ago | The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a long string to the sort command, when using the (1… | |||
| CVE-2013-4579 | medium | — | 5.3 | 13y ago | The ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC addresses on which a … | |||
| CVE-2013-6042 | medium | — | 5.3 | 13y ago | Cross-site scripting (XSS) vulnerability in filemanager/login.php in the File Manager module in Softaculous Webuzo before 2.1.4 allows remote attackers to inject arbitrary web script or HTML via the … | |||
| CVE-2013-6794 | medium | — | 5.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the Calendar module in Olat 7.8.0.1 (b20130821 N1) allows remote attackers to inject arbitrary web script or HTML via the Location field. NOTE: the proven… | |||
| CVE-2013-6793 | medium | — | 5.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Calendar module in Olat 7.8.0.1 (b20130821 N1) allow remote attackers to inject arbitrary web script or HTML via the (1) event name or (2) d… | |||
| CVE-2013-3986 | medium | — | 5.3 | 13y ago | IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote attackers to cause a denial of service (WebPlayer Firefox extension crash) via a crafted Audio Visual (AV) session. | |||
| CVE-2013-1743 | medium | — | 5.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in report.cgi in Bugzilla 4.1.x and 4.2.x before 4.2.7 and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HT… | |||
| CVE-2013-1742 | medium | — | 5.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in editflagtypes.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allow remote att… | |||
| CVE-2013-5693 | medium | — | 5.3 | 13y ago | Cross-site scripting (XSS) vulnerability in X2Engine X2CRM before 3.5 allows remote attackers to inject arbitrary web script or HTML via the model parameter to index.php/admin/editor. | |||
| CVE-2013-5118 | medium | — | 5.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the Good for Enterprise app before 2.2.4.1659 for iOS allows remote attackers to inject arbitrary web script or HTML via an HTML e-mail message. | |||
| CVE-2013-4341 | medium | — | 5.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 allow remote attackers to inject arbitrary web script or H… | |||
| CVE-2013-3179 | medium | — | 5.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka … | |||
| CVE-2013-5716 | medium | — | 5.3 | 13y ago | Gretech GOM Media Player 2.2.53.5169 and possibly earlier allows remote attackers to cause a denial of service (application crash) via a crafted WAV file. | |||
| CVE-2013-1649 | medium | — | 5.3 | 13y ago | Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 uses the crypt and SHA-1 algorithms for password hashing, which makes it easier for context-dependent attackers t… | |||
| CVE-2013-1646 | medium | — | 5.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allow remote attackers to inject arbitrary web script or H… | |||
| CVE-2013-5314 | medium | — | 5.3 | 13y ago | Cross-site scripting (XSS) vulnerability in serendipity_admin_image_selector.php in Serendipity 1.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the serendipity[ht… | |||
| CVE-2013-5312 | medium | — | 5.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in Vastal I-Tech phpVID 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to browse_videos.php or the (2)… | |||
| CVE-2013-1942 | medium | — | 5.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.2.20, as used in ownCloud Server before 5.0.4 and other pro… | |||
| CVE-2013-4880 | medium | — | 5.3 | 13y ago | Cross-site scripting (XSS) vulnerability in core/admin/modules/developer/modules/views/add.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to inject arbitrary web script or HTML via th… | |||
| CVE-2013-4759 | medium | — | 5.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Magnolia Form module 1.x before 1.4.7 and 2.x before 2.0.2 for Magnolia CMS allow remote attackers to inject arbitrary web script or HTML vi… | |||
| CVE-2013-4625 | medium | — | 5.3 | 13y ago | Cross-site scripting (XSS) vulnerability in files/installer.cleanup.php in the Duplicator plugin before 0.4.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pack… | |||
| CVE-2013-4620 | medium | — | 5.3 | 13y ago | Cross-site scripting (XSS) vulnerability in interface/main/onotes/office_comments_full.php in OpenEMR 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the note parameter. | |||
| CVE-2013-5020 | medium | — | 5.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in bb_admin.php in MiniBB before 3.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) forum_name, (2) forum_group, (3) f… | |||
| CVE-2013-5006 | medium | — | 5.3 | 13y ago | main_internet.php on the Western Digital My Net N600 and N750 with firmware 1.03.12 and 1.04.16, and the N900 and N900C with firmware 1.05.12, 1.06.18, and 1.06.28, allows remote attackers to discove… | |||
| CVE-2013-4951 | medium | — | 5.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in Mintboard 0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) pass parameter in views/login.php or (3) nam… | |||
| CVE-2013-4950 | medium | — | 5.3 | 13y ago | Cross-site scripting (XSS) vulnerability in view.php in Machform 2 allows remote attackers to inject arbitrary web script or HTML via the element_2 parameter. | |||
| CVE-2013-4946 | medium | — | 5.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in BMC Service Desk Express (SDE) 10.2.1.95 allow remote attackers to inject arbitrary web script or HTML via the (1) SelTab parameter to QV_admin.… | |||
| CVE-2013-3515 | medium | — | 5.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in OpenX Source 2.8.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) package parameter to www/admin/plugin-… | |||
| CVE-2013-4883 | medium | — | 5.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePO Extension for the McAfee Agent (MA) 4.5 through 4.6, allow remote attackers to inject… | |||
| CVE-2013-4117 | medium | — | 5.3 | 13y ago | Cross-site scripting (XSS) vulnerability in includes/CatGridPost.php in the Category Grid View Gallery plugin 2.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via th… | |||
| CVE-2013-3166 | medium | — | 5.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to inject arbitrary web script or HTML via vectors involving incorrect auto-selection of t… | |||
| CVE-2013-1950 | medium | — | 5.3 | 13y ago | The svc_dg_getargs function in libtirpc 0.2.3 and earlier allows remote attackers to cause a denial of service (rpcbind crash) via a Sun RPC request with crafted arguments that trigger a free of an i… | |||
| CVE-2013-3299 | medium | — | 5.3 | 13y ago | RealNetworks RealPlayer 16.0.2.32 and earlier allows remote attackers to cause a denial of service (resource consumption or application crash) via an HTML document containing JavaScript code that con… | |||
| CVE-2013-1670 | medium | — | 5.3 | 13y ago | The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acqui… | |||
| CVE-2013-3538 | medium | — | 5.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in todooforum.php in Todoo Forum 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id_post or (2) pg parameter. | |||
| CVE-2013-3535 | medium | — | 5.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in CMSLogik 1.2.0 and 1.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_email, (2) header_title, (3) site_title… | |||
| CVE-2013-3529 | medium | — | 5.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in user/obits.php in the WP FuneralPress plugin before 1.1.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1… | |||
| CVE-2013-3526 | medium | — | 5.3 | 13y ago | Cross-site scripting (XSS) vulnerability in js/ta_loaded.js.php in the Traffic Analyzer plugin, possibly 3.3.2 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTM… | |||
| CVE-2013-2416 | medium | — | 5.3 | 13y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployme… | |||
| CVE-2013-0125 | medium | — | 5.3 | 13y ago | Cross-site scripting (XSS) vulnerability in fileview.asp in C2 WebResource allows remote attackers to inject arbitrary web script or HTML via the File parameter. | |||
| CVE-2013-2501 | medium | — | 5.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the Terillion Reviews plugin before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ProfileId field. | |||
| CVE-2013-1114 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unity Express before 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud87527. | |||
| CVE-2013-1464 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in assets/player.swf in the Audio Player plugin before 2.0.4.6 for Wordpress allows remote attackers to inject arbitrary web script or HTML via the playerID p… | |||
| CVE-2013-1463 | medium | — | 5.3 | 14y ago | Cross-site scripting (XSS) vulnerability in js/tabletools/zeroclipboard.swf in the WP-Table Reloaded module before 1.9.4 for Wordpress allows remote attackers to inject arbitrary web script or HTML v… | |||
| CVE-2013-1471 | medium | — | 5.3 | 14y ago | Multiple cross-site scripting (XSS) vulnerabilities in admin/FEAdmin.html in Fortinet FortiMail before 4.3.4 on FortiMail Identity-Based Encryption (IBE) appliances allow user-assisted remote attacke… | |||
| CVE-2013-0653 | medium | — | 5.3 | 14y ago | Directory traversal vulnerability in substitute.bcl in the WebView CimWeb subsystem in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPL… | |||
| CVE-2013-5757 | medium | — | 5.0 | 12y ago | Absolute path traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a full pathname in the dumpConfigFile function in the command parame… | |||
| CVE-2013-5756 | medium | — | 5.0 | 12y ago | Directory traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a .. (dot dot) in the page parameter to cgi-bin/cgiServer.exx. | |||
| CVE-2013-5676 | medium | — | 5.0 | 13y ago | Jenkins SonarQube Plugin Stores Passwords in Cleartext | |||
| CVE-2013-4034 | medium | — | 5.0 | 13y ago | IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4, 10.1.1 before IF4, 10.2.0 before IF4, 10.2.1 before IF2, and 10.2.1.1 before IF1 allows remote authenticated users to read arbitr… | |||
| CVE-2013-6025 | medium | — | 5.0 | 13y ago | The XMLParse procedure in SAP Sybase Adaptive Server Enterprise (ASE) 15.7 ESD 2 allows remote authenticated users to read arbitrary files via a SQL statement containing an XML document with an exter… | |||
| CVE-2013-5528 | medium | — | 5.0 | 13y ago | Directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal … | |||
| CVE-2013-1727 | medium | — | 5.0 | 13y ago | Mozilla Firefox before 24.0 on Android allows attackers to bypass the Same Origin Policy, and consequently conduct cross-site scripting (XSS) attacks or obtain password or cookie information, by usin… | |||
| CVE-2013-1645 | medium | — | 5.0 | 13y ago | Directory traversal vulnerability in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 allows remote authenticated users to read arbitrary files via a .. (dot dot)… | |||
| CVE-2013-3241 | medium | — | 5.0 | 13y ago | export.php (aka the export script) in phpMyAdmin 4.x before 4.0.0-rc3 overwrites global variables on the basis of the contents of the POST superglobal array, which allows remote authenticated users t… | |||
| CVE-2013-1559 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1 and 11.1.1.6.0 allows remote authenticated users to affect availability via unknown vectors … | |||
| CVE-2013-1509 | medium | — | 5.0 | 13y ago | Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 7.6.2, 11.1.1.6.0, and 11.1.1.6.1 allows remote authenticated users to affect integrity via unknown vecto… | |||
| CVE-2013-1814 | medium | — | 5.0 | 13y ago | Apache Rave information disclosure vulnerability | |||
| CVE-2013-1469 | medium | — | 5.0 | 13y ago | Directory traversal vulnerability in install.php in Piwigo before 2.4.7 allows remote attackers to read and delete arbitrary files via a .. (dot dot) in the dl parameter. | |||
| CVE-2013-1451 | medium | — | 5.0 | 14y ago | Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not ensure that the SSL lock icon is consistent… | |||
| CVE-2013-3792 | low | — | 4.8 | 13y ago | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.18, 4.0.20, 4.1.28, and 4.2.18 allows local users to affect availability via unknown v… | |||
| CVE-2013-5147 | low | — | 4.7 | 13y ago | Passcode Lock in Apple iOS before 7 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging a race condition invo… | |||
| CVE-2013-1959 | low | — | 4.7 | 13y ago | kernel/user_namespace.c in the Linux kernel before 3.8.9 does not have appropriate capability requirements for the uid_map and gid_map files, which allows local users to gain privileges by opening a … | |||
| CVE-2013-3728 | low | — | 4.5 | 12y ago | Cross-site scripting (XSS) vulnerability in Kasseler CMS before 2 r1232 allows remote authenticated users with permissions to create categories to inject arbitrary web script or HTML via the cat para… | |||
| CVE-2013-6232 | low | — | 4.5 | 12y ago | Cross-site scripting (XSS) vulnerability in SpagoBI before 4.1 allows remote authenticated users to inject arbitrary web script or HTML via a document note in the execution page. | |||
| CVE-2013-0177 | low | — | 4.5 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in widget/screen/ModelScreenWidget.java in Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.05, 11.04.01, and possibly 09.04.x all… | |||
| CVE-2013-7274 | low | — | 4.5 | 13y ago | Cross-site scripting (XSS) vulnerability in Wallpaper Script 3.5.0082 allows remote authenticated users to inject arbitrary web script or HTML via the title field in a wallpaper file upload. | |||
| CVE-2013-7194 | low | — | 4.5 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in www/administrator.php in eFront 3.6.14 (build 18012) allow remote authenticated administrators to inject arbitrary web script or HTML via the (1… | |||
| CVE-2013-7025 | low | — | 4.5 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before… | |||
| CVE-2013-3617 | low | — | 4.5 | 13y ago | The XML API in Openbravo ERP 2.5, 3.0, and earlier allows remote authenticated users to read arbitrary files via an XML document with an external entity declaration in conjunction with an entity refe… |