Total
36832 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-5978 | 1 Cart66 | 1 Cart66 Lite Plugin | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in products.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) Product name or (2) Price description fields via a request to wp-admin/admin.php. NOTE: This issue may only cross privilege boundaries if used in combination with CVE-2013-5977. | |||||
| CVE-2013-5658 | 1 Aultware | 1 Pwstore | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| AultWare pwStore 2010.8.30.0 has XSS | |||||
| CVE-2013-5638 | 1 Transcend-info | 2 Wifisd, Wifisd Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Transcend WiFiSD 1.8 has persistent XSS | |||||
| CVE-2013-5637 | 1 Pqigroup | 2 Air Card, Air Card Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| PQI AirCard has persistent XSS | |||||
| CVE-2013-5212 | 1 Easyxdm | 1 Easyxdm | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) in EasyXDM before 2.4.18 allows remote attackers to inject arbitrary web script or html via the easyxdm.swf file. | |||||
| CVE-2013-4968 | 1 Puppet | 1 Puppet Enterprise | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Puppet Enterprise before 3.0.1 allows remote attackers to (1) conduct clickjacking attacks via unspecified vectors related to the console, and (2) conduct cross-site scripting (XSS) attacks via unspecified vectors related to "live management." | |||||
| CVE-2013-4891 | 1 Codeigniter | 1 Codeigniter | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The xss_clean function in CodeIgniter before 2.1.4 might allow remote attackers to bypass an intended protection mechanism and conduct cross-site scripting (XSS) attacks via an unclosed HTML tag. | |||||
| CVE-2013-4791 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| PrestaShop before 1.4.11 allows Logistician, translators and other low level profiles/accounts to inject a persistent XSS vector on TinyMCE. | |||||
| CVE-2013-4770 | 1 Eucalyptus | 1 Eucalyptus Management Console | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Eucalyptus Management Console (EMC) 4.0.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-4752 | 2 Fedoraproject, Sensiolabs | 2 Fedora, Symfony | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an issue in the HttpFoundation component. The Host header can be manipulated by an attacker when the framework is generating an absolute URL. A remote attacker could exploit this vulnerability to inject malicious content into the Web application page and conduct various attacks. | |||||
| CVE-2013-4718 | 1 Otrs | 2 Otrs, Otrs Itsm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) ITSM 3.0.x before 3.0.9, 3.1.x before 3.1.10, and 3.2.x before 3.2.7 allows remote authenticated users to inject arbitrary web script or HTML via an ITSM ConfigItem search. | |||||
| CVE-2013-4693 | 1 Xorbin | 1 Digital Flash Clock | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| WordPress Xorbin Digital Flash Clock 1.0 has XSS | |||||
| CVE-2013-4692 | 1 Xorbin | 1 Analog Flash Clock | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Xorbin Analog Flash Clock 1.0 extension for Joomia has XSS | |||||
| CVE-2013-4691 | 1 Sencha | 1 Connect | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Sencha Labs Connect has XSS with connect.methodOverride() | |||||
| CVE-2013-4664 | 1 Spbas | 1 Business Automation Software | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| SPBAS Business Automation Software 2012 has XSS. | |||||
| CVE-2013-4395 | 1 Simplemachines | 1 Simple Machines Forum | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Simple Machines Forum (SMF) through 2.0.5 has XSS | |||||
| CVE-2013-4303 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 does not properly detect extensions when there are an even number of "." (period) characters in a string, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the siprop parameter in a query action to wiki/api.php. | |||||
| CVE-2013-4275 | 1 Zen Project | 1 Zen | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the zen_breadcrumb function in template.php in the Zen theme 6.x-1.x, 7.x-3.x before 7.x-3.2, and 7.x-5.x before 7.x-5.4 for Drupal allows remote authenticated users with the "administer themes" permission to inject arbitrary web script or HTML via the breadcrumb separator field. | |||||
| CVE-2013-4241 | 1 Hitmyserver | 1 Hms Testimonials | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the HMS Testimonials plugin before 2.0.11 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) image, (3) url, or (4) testimonial parameter to the Testimonial form (hms-testimonials-addnew page); (5) date_format parameter to the Settings - Default form (hms-testimonials-settings page); (6) name parameter in a Save action to the Settings - Custom Fields form (hms-testimonials-settings-fields page); or (7) name parameter in a Save action to the Settings - Template form (hms-testimonials-templates-new page). | |||||
| CVE-2013-4225 | 1 Restful Web Services Project | 1 Restful Web Services | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The RESTful Web Services (restws) module 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.1 for Drupal does not properly restrict access to entity write operations, which makes it easier for remote authenticated users with the "access resource node" and "create page content" permissions (or equivalents) to conduct cross-site scripting (XSS) or execute arbitrary PHP code via a crafted text field. | |||||