Vulnerabilities (CVE)

Filtered by CWE-79
Total 36824 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-7486 1 Open-xchange 1 Open-xchange Appsuite 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev27 and 7.4.x before 7.4.0-rev20 allows remote attackers to inject arbitrary web script or HTML via the body of an email. NOTE: this vulnerability was SPLIT from CVE-2013-6242 because it affects different sets of versions.
CVE-2013-7485 1 Open-xchange 1 Open-xchange Appsuite 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the backend in Open-Xchange (OX) AppSuite 7.2.x before 7.2.2-rev26 and 7.4.x before 7.4.0-rev16 allows remote attackers to inject arbitrary web script or HTML via the publication name, which is not properly handled in an error message. NOTE: this vulnerability was SPLIT from CVE-2013-6242 because it affects different sets of versions.
CVE-2013-7482 1 Reflex Gallery Project 1 Reflex Gallery 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The reflex-gallery plugin before 1.4.3 for WordPress has XSS.
CVE-2013-7481 1 Bestwebsoft 1 Contact Form 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The contact-form-plugin plugin before 3.3.5 for WordPress has XSS.
CVE-2013-7480 1 Pixelite 1 Events Manager 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The events-manager plugin before 5.3.6.1 for WordPress has XSS via the booking form and admin areas.
CVE-2013-7479 1 Pixelite 1 Events Manager 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The events-manager plugin before 5.3.9 for WordPress has XSS in the search form field.
CVE-2013-7478 1 Pixelite 1 Events Manager 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The events-manager plugin before 5.5 for WordPress has XSS via EM_Ticket::get_post.
CVE-2013-7477 1 Pixelite 1 Events Manager 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The events-manager plugin before 5.5.2 for WordPress has XSS in the booking form.
CVE-2013-7475 1 Bestwebsoft 1 Contact Form 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The contact-form-plugin plugin before 3.52 for WordPress has XSS.
CVE-2013-7474 1 Windu 1 Windu Cms 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Windu CMS 2.2 allows XSS via the name parameter to admin/content/edit or admin/content/add, or the username parameter to admin/users.
CVE-2013-7472 1 Count Per Day Project 1 Count Per Day 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The "Count per Day" plugin before 3.2.6 for WordPress allows XSS via the wp-admin/?page=cpd_metaboxes daytoshow parameter.
CVE-2013-7467 1 Simplemachines 1 Simple Machines Forum 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Simple Machines Forum (SMF) 2.0.4 allows XSS via the index.php?action=pm;sa=settings;save sa parameter.
CVE-2013-7371 2 Debian, Sencha 2 Debian Linux, Connect 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
node-connects before 2.8.2 has cross site scripting in Sencha Labs Connect middleware (vulnerability due to incomplete fix for CVE-2013-7370)
CVE-2013-7370 4 Debian, Opensuse, Redhat and 1 more 4 Debian Linux, Opensuse, Openshift and 1 more 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware
CVE-2013-7351 1 Shaarli Project 1 Shaarli 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Shaarli allow remote attackers to inject arbitrary web script or HTML via the URL to the (1) showRSS, (2) showATOM, or (3) showDailyRSS function; a (4) file name to the importFile function; or (5) vectors related to bookmarks.
CVE-2013-7071 1 Fibranet 1 Monitorix 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the handle_request function in lib/HTTPServer.pm in Monitorix before 3.4.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVE-2013-7062 1 Plone 1 Plone 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Multiple cross-site scripting (XSS) vulnerabilities in Zope, as used in Plone 3.3.x through 3.3.6, 4.0.x through 4.0.9, 4.1.x through 4.1.6, 4.2.x through 4.2.7, and 4.3 through 4.3.2, allow remote attackers to inject arbitrary web script or HTML via unspecified input in the (1) browser_id_manager or (2) OFS.Image method.
CVE-2013-7054 1 Dlink 2 Dir-100, Dir-100 Firmware 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
D-Link DIR-100 4.03B07: cli.cgi XSS
CVE-2013-6880 1 Elvedia 1 Flashcanvas 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Open redirect in proxy.php in FlashCanvas before 1.6 allows remote attackers to redirect users to arbitrary web sites and conduct cross-site scripting (XSS) attacks via the HTTP Referer header.
CVE-2013-6878 1 Miwisoft 1 Mijosearch 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the Mijosoft MijoSearch component 2.0.4 and earlier for Joomla! allows remote attackers to inject arbitrary web script or HTML via the query parameter to component/mijosearch/search.