CVEs from 2013
Total
5,684
critical
critical 917
high
high 949
medium
medium 3,166
low
low 557
% Critical
16.1%
% with KEV
0.7%
% with exploit
11.6%
Top vendors
Top products
- chrome 11,665
- ffmpeg 3,379
- seamonkey 2,231
- acrobat_reader 1,911
- acrobat 1,909
- itunes 1,678
- firefox 1,634
- moodle 1,560
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-3534 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the aiContactSafe component before 2.0.21 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-2021 | medium | — | 4.3 | 13y ago | pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted length value in an encrypted PDF file. | |||
| CVE-2013-3254 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in the WP Photo Album Plus plugin before 5.0.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the comm… | |||
| CVE-2013-0938 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, Documentum Taskspace before 6.7 SP2, and Documentum Records Manager before 6.7 SP2 all… | |||
| CVE-2013-0518 | medium | — | 4.3 | 13y ago | IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 does not refuse to be rendered in different-origin frames, whic… | |||
| CVE-2013-0688 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal allows remote attackers to inject arbitrary web script or HTML via un… | |||
| CVE-2013-3498 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Juniper SmartPass WLAN Security Management before 7.7 MR3 and 8.0 before MR2 allows remote attackers to inject arbitrary web script or HTML via unspecified… | |||
| CVE-2013-3501 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in GroundWork Monitor Enterprise 6.7.0 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the foundation-weba… | |||
| CVE-2013-0933 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework 4.x, allow remote attackers to inject arbitrary web script or HTML via un… | |||
| CVE-2013-3267 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the highlighter plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified… | |||
| CVE-2013-3059 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the Voting plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vect… | |||
| CVE-2013-3058 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-0582 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.12, 6.2.1 before 6.2.1.5, and 6.2.2 before 6.2.2.4 and Tivoli Federated Identity Manager Bu… | |||
| CVE-2013-1849 | medium | — | 4.3 | 13y ago | The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through 1.6.20 and 1.7.0 through 1.7.8 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a P… | |||
| CVE-2013-2321 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in HP Service Manager Web Tier 9.31 before 9.31.2004 p2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-3107 | medium | — | 4.3 | 13y ago | VMware vCenter Server 5.1 before Update 1, when anonymous LDAP binding for Active Directory is enabled, allows remote attackers to bypass authentication by providing a valid username in conjunction w… | |||
| CVE-2013-1160 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the OpenView web menus in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to inject arbitrary web script or HTML via an unspe… | |||
| CVE-2013-1159 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the Netcool Impact (NCI) web menus in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to inject arbitrary web script or HTML … | |||
| CVE-2013-1158 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the IBM Tivoli Monitoring (ITM) help menus in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to inject arbitrary web script … | |||
| CVE-2013-1157 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the IBM Tivoli Monitoring (ITM) Java servlet container in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to inject arbitrary… | |||
| CVE-2013-0538 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 allows remote attackers to inject arbitrary web script or HTML via a SCRIPT… | |||
| CVE-2013-0141 | medium | — | 4.3 | 13y ago | Directory traversal vulnerability in McAfee ePolicy Orchestrator (ePO) before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to upload arbitrary files via a crafted request over the Agent-Serve… | |||
| CVE-2013-1227 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the web framework in Cisco Unified Communications Domain Manager allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, ak… | |||
| CVE-2013-1198 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in a Flash component in Cisco Unified Computing System (UCS) Central allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a… | |||
| CVE-2013-0569 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the Communities component in IBM Connections 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-0338 | medium | — | 4.3 | 13y ago | libxml2 2.9.0 and earlier allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via an XML file containing an entity declaration with long replacement text and … | |||
| CVE-2013-0565 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the RPC adapter for the Web 2.0 and Mobile toolkit in IBM WebSphere Application Server (WAS) 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary… | |||
| CVE-2013-0542 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 a… | |||
| CVE-2013-0503 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the Bookmarks component in IBM Lotus Connections before 4.0 CR3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-1086 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise before 8.0.3 HP3, and 2012 before SP2, allows remote attackers to inject arbitrary web script or HTML via vectors involving a… | |||
| CVE-2013-1749 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in edit.php in PHP Address Book 8.2.5 allows user-assisted remote attackers to inject arbitrary web script or HTML via the Address field. | |||
| CVE-2013-2433 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect integrity via unknown… | |||
| CVE-2013-1540 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect integrity via unknown… | |||
| CVE-2013-2411 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 7.0, 8.1, and 8.2 allows remote attackers to affect integrity via un… | |||
| CVE-2013-2408 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect integrity via vectors related to PIA … | |||
| CVE-2013-2404 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect integrity via unknown vectors related… | |||
| CVE-2013-2402 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect integrity via unknown vectors related… | |||
| CVE-2013-2396 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 12.0.6 and 12.1.3 allows remote attackers to affect integrity via vectors related to HTML OAM client. | |||
| CVE-2013-2390 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2, 10.3.5, 10.3.6, and 12.1.1 allows remote attackers to affect integrity via unknown vectors relate… | |||
| CVE-2013-1550 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect integrity via unknown vectors related to Wor… | |||
| CVE-2013-1542 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect integrity via unknown vectors related to Servlet Runtime. | |||
| CVE-2013-1529 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in the Oracle WebCenter Interaction component in Oracle Fusion Middleware 6.5.1 and 10.3.3.0 allows remote attackers to affect integrity via unknown vectors related to Image… | |||
| CVE-2013-1528 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in the Oracle HRMS component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related… | |||
| CVE-2013-1524 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6 and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to At… | |||
| CVE-2013-1522 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1 and 11.1.1.6.0 allows remote attackers to affect integrity via unknown vectors related to Co… | |||
| CVE-2013-1515 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Middleware Products 3.0.1 and 3.1.2 allows remote attackers to affect integrity via vectors related to ADMIN Interface. | |||
| CVE-2013-1513 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect integrity via vectors related to PIA … | |||
| CVE-2013-1508 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Middleware Products 3.0.1 and 3.1.2 allows remote attackers to affect integrity via vectors related to REST Interface. | |||
| CVE-2013-1504 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2, 10.3.5, 10.3.6, and 12.1.1 allows remote attackers to affect integrity via unknown vectors relate… | |||
| CVE-2013-1501 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors related to Login. | |||
| CVE-2013-1497 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in the Oracle COREid Access component in Oracle Fusion Middleware 10.1.4.3.0 allows remote attackers to affect integrity via unknown vectors related to WebGate - WebServer p… | |||
| CVE-2013-0410 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in the Agile EDM component in Oracle Supply Chain Products Suite 6.1.1.0, 6.1.2.0, and 6.1.2.2 allows remote attackers to affect confidentiality via unknown vectors related … | |||
| CVE-2013-0406 | medium | — | 4.3 | 13y ago | Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect integrity via unknown vectors via vectors related to Kernel/IPsec. | |||
| CVE-2013-2766 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 4.3.0 through 4.3.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-1289 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to injec… | |||
| CVE-2013-1789 | medium | — | 4.3 | 13y ago | splash/Splash.cc in poppler before 0.22.1 allows context-dependent attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to the (1) Splash::arbitraryTransfor… | |||
| CVE-2013-0134 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the web interface in AirDroid allows remote attackers to inject arbitrary web script or HTML via a crafted text message that is transmitted by a managed ph… | |||
| CVE-2013-0798 | medium | — | 4.3 | 13y ago | Mozilla Firefox before 20.0 on Android uses world-writable and world-readable permissions for the app_tmp installation directory in the local filesystem, which allows attackers to modify add-ons befo… | |||
| CVE-2013-0793 | medium | — | 4.3 | 13y ago | Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey before 2.17 do not ensure the correctness of the address bar … | |||
| CVE-2013-0792 | medium | — | 4.3 | 13y ago | Mozilla Firefox before 20.0 and SeaMonkey before 2.17, when gfx.color_management.enablev4 is used, do not properly handle color profiles during PNG rendering, which allows remote attackers to obtain … | |||
| CVE-2013-1823 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the Notifications form in Red Hat Subscription Asset Manager before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the username f… | |||
| CVE-2013-1808 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and ZeroClipboard10.swf in ZeroClipboard before 1.0.8, as used in em-shorty, RepRapCalculator, Fulcrum, Django, aCMS, and other products,… | |||
| CVE-2013-1799 | medium | — | 4.3 | 13y ago | Gnome Online Accounts (GOA) 3.6.x before 3.6.3 and 3.7.x before 3.7.91, does not properly validate SSL certificates when creating accounts for providers who use the libsoup library, which allows man-… | |||
| CVE-2013-0240 | medium | — | 4.3 | 13y ago | Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.5, does not properly validate SSL certificates when creating accounts such as Windows Live and Facebook accounts, which all… | |||
| CVE-2013-1171 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in the element-list implementation in Cisco Connected Grid Network Management System (CG-NMS) allow remote attackers to inject arbitrary web script… | |||
| CVE-2013-0502 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in IBM InfoSphere Information Server 8.1, 8.5 through FP3, 8.7 through FP2, and 9.1 allows remote attackers to inject arbitrary web script or HTML via a malfo… | |||
| CVE-2013-2301 | medium | — | 4.3 | 13y ago | The OMRON OpenWnn application before 1.3.6 for Android uses weak permissions for unspecified files, which allows attackers to obtain sensitive information via an application that accesses the local f… | |||
| CVE-2013-0512 | medium | — | 4.3 | 13y ago | Stack-based buffer overflow in the Manual Explore browser plug-in for Firefox in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allow… | |||
| CVE-2013-0510 | medium | — | 4.3 | 13y ago | IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 includes a security test that sends session cookies to a specific external server, which allows man-in-the-middle attackers to hijack the test a… | |||
| CVE-2013-0474 | medium | — | 4.3 | 13y ago | The Manual Explore browser plug-in in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allows remote attackers to discover test Platfor… | |||
| CVE-2013-0473 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allow remote attackers to injec… | |||
| CVE-2013-2290 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the dashboard of the ArubaOS Administration WebUI in Aruba Networks ArubaOS 6.2.x before 6.2.0.3, 6.1.3.x before 6.1.3.7, 6.1.x-FIPS before 6.1.4.3-FIPS, a… | |||
| CVE-2013-0936 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in EMC Smarts IP Manager, Smarts Service Assurance Manager, Smarts Server Manager, Smarts VoIP Availability Manager, Smarts Network Protocol Manager, and Smar… | |||
| CVE-2013-0325 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Varnish module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.0-beta2 for Drupal allow remote attackers to inject arbitrary web script or H… | |||
| CVE-2013-0323 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the Display Suite module 7.x-1.x before 7.x-1.7 and 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via th… | |||
| CVE-2013-0322 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Views in the Ubercart module 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via the full name field. | |||
| CVE-2013-0321 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Views in the Ubercart Views (uc_views) module 6.x before 6.x-3.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the full nam… | |||
| CVE-2013-0319 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the Yandex.Metrics module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via v… | |||
| CVE-2013-0317 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the Manager Change for Organic Groups (og_manager_change) module 7.x-2.x before 7.x-2.1 for Drupal might allow remote attackers to inject arbitrary web scr… | |||
| CVE-2013-0488 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in webadmin.nsf (aka the Web Administrator client) in IBM Domino 8.5.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-0486 | medium | — | 4.3 | 13y ago | Memory leak in the HTTP server in IBM Domino 8.5.x allows remote attackers to cause a denial of service (memory consumption and daemon crash) via GET requests, aka SPR KLYH92NKZY. | |||
| CVE-2013-1844 | medium | — | 4.3 | 13y ago | Piwik (now Matomo) Vulnerable to Cross-Site Scripting (XSS) | |||
| CVE-2013-0124 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in ASKIA askiaweb allow remote attackers to inject arbitrary web script or HTML via the (1) Number or (2) UpdatePag… | |||
| CVE-2013-1051 | medium | — | 4.3 | 13y ago | apt 0.8.16, 0.9.7, and possibly other versions does not properly handle InRelease files, which allows man-in-the-middle attackers to modify packages before installation via unknown vectors, possibly … | |||
| CVE-2013-0670 | medium | — | 4.3 | 13y ago | CRLF injection vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a cra… | |||
| CVE-2013-0668 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in the HMI web application in Siemens WinCC (TIA Portal) 11 allow remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||
| CVE-2013-0667 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||
| CVE-2013-0506 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in IBM Sterling Order Management 8.0 before HF127, 8.5 before HF89, 9.0 before HF69, 9.1.0 before FP41, and 9.2.0 before FP13 allows remote authenticated user… | |||
| CVE-2013-0328 | medium | — | 4.3 | 13y ago | Jenkins subject to Cross-site Scripting | |||
| CVE-2013-1855 | medium | — | 4.3 | 13y ago | The sanitize_css method in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2… | |||
| CVE-2013-1857 | medium | — | 4.3 | 13y ago | The sanitize helper in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 … | |||
| CVE-2013-2372 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in the Engine in TIBCO Spotfire Web Player 3.3.x before 3.3.3, 4.0.x before 4.0.3, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 allows remote attackers to injec… | |||
| CVE-2013-0970 | medium | — | 4.3 | 13y ago | Messages in Apple Mac OS X before 10.8.3 allows remote attackers to bypass the FaceTime call-confirmation prompt via a crafted FaceTime: URL. | |||
| CVE-2013-0967 | medium | — | 4.3 | 13y ago | CoreTypes in Apple Mac OS X before 10.8.3 includes JNLP files in the list of safe file types, which allows remote attackers to bypass a Java plug-in disabled setting, and trigger the launch of Java W… | |||
| CVE-2013-0275 | medium | — | 4.3 | 13y ago | Multiple cross-site scripting (XSS) vulnerabilities in Ganglia Web before 3.5.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2013-0083 | medium | — | 4.3 | 13y ago | Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via crafted content, leading to administrative command … | |||
| CVE-2013-0308 | medium | — | 4.3 | 13y ago | The imap-send command in GIT before 1.8.1.4 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which al… | |||
| CVE-2013-2493 | medium | — | 4.3 | 13y ago | The Hook_Terminate function in chrome_frame/protocol_sink_wrap.cc in the Google Chrome Frame plugin before 26.0.1410.28 for Internet Explorer does not properly handle attach tab requests, which allow… | |||
| CVE-2013-0215 | medium | — | 4.3 | 13y ago | oxenstored in Xen 4.1.x, Xen 4.2.x, and xen-unstable does not properly consider the state of the Xenstore ring during read operations, which allows guest OS users to cause a denial of service (daemon… | |||
| CVE-2013-1140 | medium | — | 4.3 | 13y ago | The XML parser in Cisco Security Monitoring, Analysis, and Response System (MARS) allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity refe… |