Total
28117 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-6915 | 1 Cybozu | 1 Garoon | 2013-12-31 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the system-administration component in Cybozu Garoon before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-5210 | 1 Adtran | 3 Aos, Netvanta 7060, Netvanta 7100 | 2013-12-31 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the GUI login page in ADTRAN AOS before R10.8.1 on the NetVanta 7100 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-5218 | 1 Hot | 2 Hotbox Router, Hotbox Router Firmware | 2013-12-30 | 2.9 LOW | N/A |
| Cross-site scripting (XSS) vulnerability on the HOT HOTBOX router with software 2.1.11 allows remote attackers to inject arbitrary web script or HTML via a crafted DHCP Host Name option, which is not properly handled during rendering of the DHCP table in wlanAccess.asp. | |||||
| CVE-2013-6808 | 1 Zend | 1 Zendto | 2013-12-30 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in lib/NSSDropoff.php in ZendTo before 4.11-13 allows remote attackers to inject arbitrary web script or HTML via a modified emailAddr field to pickup.php. | |||||
| CVE-2013-4424 | 1 Redhat | 1 Jboss Enterprise Portal Platform | 2013-12-27 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the GateIn Portal component in Red Hat JBoss Portal 6.1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-3281 | 1 Emc | 7 Documentum Administrator, Documentum Capital Projects, Documentum Digital Asset Manager and 4 more | 2013-12-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop before 6.7 SP2 P07, Documentum WDK before 6.7 SP2 P07, Documentum Taskspace before 6.7 SP2 P07, Documentum Records Manager before 6.7 SP2 P07, Documentum Web Publisher before 6.5 SP7, Documentum Digital Asset Manager before 6.5 SP6, Documentum Administrator before 6.7 SP2 P07, and Documentum Capital Projects before 1.8 P01 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter in a URL. | |||||
| CVE-2013-6916 | 3 Cybozu, Google, Microsoft | 3 Garoon, Chrome, Internet Explorer | 2013-12-13 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Yahoo! User Interface Library in Cybozu Garoon before 3.7.2, when Internet Explorer 9 or 10 or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-6912 | 2 Cybozu, Microsoft | 2 Garoon, Internet Explorer | 2013-12-13 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in a calendar component in Cybozu Garoon before 3.7.2, when Internet Explorer 6 through 9 is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-6906 | 2 Cybozu, Microsoft | 2 Garoon, Internet Explorer | 2013-12-13 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon before 3.7.0, when Internet Explorer 6 through 8 is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-6901 | 2 Cybozu, Mozilla | 2 Garoon, Firefox | 2013-12-13 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Space function in Cybozu Garoon before 3.7.0, when Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-0785 | 1 Mozilla | 1 Bugzilla | 2013-12-13 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in show_bug.cgi in Bugzilla before 3.6.13, 3.7.x and 4.0.x before 4.0.10, 4.1.x and 4.2.x before 4.2.5, and 4.3.x and 4.4.x before 4.4rc2 allows remote attackers to inject arbitrary web script or HTML via the id parameter in conjunction with an invalid value of the format parameter. | |||||
| CVE-2012-4189 | 1 Mozilla | 1 Bugzilla | 2013-12-13 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Bugzilla 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via a field value that is not properly handled during construction of a tabular report, as demonstrated by the Version field. | |||||
| CVE-2012-3047 | 1 Cisco | 37 Scientific Atlanta Dpc2420, Scientific Atlanta Dpc3000\/epc3000, Scientific Atlanta Dpc3008\/epc3008 and 34 more | 2013-12-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web-wizard setup page on Cisco Scientific Atlanta D20 and D30 cable modems allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-3929 | 1 Cmsmadesimple | 1 Cms Made Simple | 2013-12-10 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in admin/editevent.php in CMS Made Simple (CMSMS) 1.11.9 allows remote authenticated users with the "Modify Events" permission to inject arbitrary web script or HTML via the handler parameter. | |||||
| CVE-2013-4171 | 1 Apache | 1 Roller | 2013-12-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to the search results in the (1) RSS and (2) Atom feed templates. | |||||
| CVE-2013-6804 | 1 Jamroom | 1 Search Module | 2013-12-06 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Search module before 1.1.1 for Jamroom allows remote attackers to inject arbitrary web script or HTML via the search_string parameter to search/results/all/1/4. | |||||
| CVE-2013-4624 | 1 Jahia | 1 Jahia Xcm | 2013-11-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Jahia xCM 6.6.1.0 before hotfix 7 allow remote attackers to inject arbitrary web script or HTML via (1) the site parameter to engines/manager.jsp, (2) the searchString parameter to administration/ in a search action, or the (3) username, (4) firstName, (5) lastName, (6) email, or (7) organization field to administration/ in a users action. | |||||
| CVE-2013-3920 | 1 Jahia | 1 Jahia Xcm | 2013-11-29 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Jahia xCM before 6.6.2 allows remote authenticated users to inject arbitrary web script or HTML via the "about me" field. | |||||
| CVE-2013-4573 | 1 Mediawiki | 1 Mediawiki | 2013-11-27 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the ZeroRatedMobileAccess extension for MediaWiki 1.19.x before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to inject arbitrary web script or HTML via the "to" parameter to index.php. | |||||
| CVE-2013-6870 | 1 Splunk | 1 Splunk | 2013-11-27 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||