Total
36824 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-7486 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev27 and 7.4.x before 7.4.0-rev20 allows remote attackers to inject arbitrary web script or HTML via the body of an email. NOTE: this vulnerability was SPLIT from CVE-2013-6242 because it affects different sets of versions. | |||||
CVE-2013-7485 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev26 and 7.4.x before 7.4.0-rev16 allows remote attackers to inject arbitrary web script or HTML via the publication name, which is not properly handled in an error message. NOTE: this vulnerability was SPLIT from CVE-2013-6242 because it affects different sets of versions. | |||||
CVE-2013-7482 | 1 Reflex Gallery Project | 1 Reflex Gallery | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
The reflex-gallery plugin before 1.4.3 for WordPress has XSS. | |||||
CVE-2013-7481 | 1 Bestwebsoft | 1 Contact Form | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
The contact-form-plugin plugin before 3.3.5 for WordPress has XSS. | |||||
CVE-2013-7480 | 1 Pixelite | 1 Events Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
The events-manager plugin before 5.3.6.1 for WordPress has XSS via the booking form and admin areas. | |||||
CVE-2013-7479 | 1 Pixelite | 1 Events Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
The events-manager plugin before 5.3.9 for WordPress has XSS in the search form field. | |||||
CVE-2013-7478 | 1 Pixelite | 1 Events Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
The events-manager plugin before 5.5 for WordPress has XSS via EM_Ticket::get_post. | |||||
CVE-2013-7477 | 1 Pixelite | 1 Events Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
The events-manager plugin before 5.5.2 for WordPress has XSS in the booking form. | |||||
CVE-2013-7475 | 1 Bestwebsoft | 1 Contact Form | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
The contact-form-plugin plugin before 3.52 for WordPress has XSS. | |||||
CVE-2013-7474 | 1 Windu | 1 Windu Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Windu CMS 2.2 allows XSS via the name parameter to admin/content/edit or admin/content/add, or the username parameter to admin/users. | |||||
CVE-2013-7472 | 1 Count Per Day Project | 1 Count Per Day | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
The "Count per Day" plugin before 3.2.6 for WordPress allows XSS via the wp-admin/?page=cpd_metaboxes daytoshow parameter. | |||||
CVE-2013-7467 | 1 Simplemachines | 1 Simple Machines Forum | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Simple Machines Forum (SMF) 2.0.4 allows XSS via the index.php?action=pm;sa=settings;save sa parameter. | |||||
CVE-2013-7371 | 2 Debian, Sencha | 2 Debian Linux, Connect | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
node-connects before 2.8.2 has cross site scripting in Sencha Labs Connect middleware (vulnerability due to incomplete fix for CVE-2013-7370) | |||||
CVE-2013-7370 | 4 Debian, Opensuse, Redhat and 1 more | 4 Debian Linux, Opensuse, Openshift and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware | |||||
CVE-2013-7351 | 1 Shaarli Project | 1 Shaarli | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Shaarli allow remote attackers to inject arbitrary web script or HTML via the URL to the (1) showRSS, (2) showATOM, or (3) showDailyRSS function; a (4) file name to the importFile function; or (5) vectors related to bookmarks. | |||||
CVE-2013-7071 | 1 Fibranet | 1 Monitorix | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the handle_request function in lib/HTTPServer.pm in Monitorix before 3.4.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | |||||
CVE-2013-7062 | 1 Plone | 1 Plone | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Multiple cross-site scripting (XSS) vulnerabilities in Zope, as used in Plone 3.3.x through 3.3.6, 4.0.x through 4.0.9, 4.1.x through 4.1.6, 4.2.x through 4.2.7, and 4.3 through 4.3.2, allow remote attackers to inject arbitrary web script or HTML via unspecified input in the (1) browser_id_manager or (2) OFS.Image method. | |||||
CVE-2013-7054 | 1 Dlink | 2 Dir-100, Dir-100 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
D-Link DIR-100 4.03B07: cli.cgi XSS | |||||
CVE-2013-6880 | 1 Elvedia | 1 Flashcanvas | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Open redirect in proxy.php in FlashCanvas before 1.6 allows remote attackers to redirect users to arbitrary web sites and conduct cross-site scripting (XSS) attacks via the HTTP Referer header. | |||||
CVE-2013-6878 | 1 Miwisoft | 1 Mijosearch | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the Mijosoft MijoSearch component 2.0.4 and earlier for Joomla! allows remote attackers to inject arbitrary web script or HTML via the query parameter to component/mijosearch/search. |