Total
28117 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-3192 | 1 Linkorcms | 1 Linkorcms | 2013-09-13 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in LinkorCMS 1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the searchstr parameter in a search action; or the (2) nikname, (3) realname, (4) homepage, or (5) city parameter in a registration action. | |||||
| CVE-2013-5645 | 1 Roundcube | 1 Webmail | 2013-09-12 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Roundcube webmail before 0.9.3 allow user-assisted remote attackers to inject arbitrary web script or HTML via the body of a message visited in (1) new or (2) draft mode, related to compose.inc; and (3) might allow remote authenticated users to inject arbitrary web script or HTML via an HTML signature, related to save_identity.inc. | |||||
| CVE-2013-5095 | 1 Juniper | 3 Junos Space, Junos Space Ja1500 Appliance, Junos Space Virtual Appliance | 2013-09-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web-based interface in Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka PR 884469. | |||||
| CVE-2013-2201 | 1 Wordpress | 1 Wordpress | 2013-09-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) uploads of media files, (2) editing of media files, (3) installation of plugins, (4) updates to plugins, (5) installation of themes, or (6) updates to themes. | |||||
| CVE-2013-4899 | 1 Twilightcms | 1 Twilight Cms | 2013-09-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Twilight CMS 5.17 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the gallery/ page. | |||||
| CVE-2010-4109 | 1 Hp | 1 Palm Webos | 2013-09-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Contacts Application in HP Palm webOS before 2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted vCard file. | |||||
| CVE-2008-1228 | 1 Minigal | 1 Mg2 | 2013-09-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin.php in MG2 (formerly Minigal) allows remote attackers to inject arbitrary web script or HTML via the list parameter in an import action. | |||||
| CVE-2013-3742 | 1 Phpmyadmin | 1 Phpmyadmin | 2013-09-07 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in view_create.php (aka the Create View page) in phpMyAdmin 4.x before 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via an invalid SQL CREATE VIEW statement with a crafted name that triggers an error message. | |||||
| CVE-2012-5990 | 1 Cisco | 2 Prime Network Control System, Wireless Control System | 2013-09-06 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Health Monitor Login pages in Cisco Prime Network Control System (NCS) and Wireless Control System (WCS) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCud18375. | |||||
| CVE-2013-3603 | 1 Trivantis | 1 Coursemill Learning Management System | 2013-09-06 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Coursemill Learning Management System (LMS) 6.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages. | |||||
| CVE-2013-3604 | 1 Trivantis | 1 Coursemill Learning Management System | 2013-09-06 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Coursemill Learning Management System (LMS) 6.6 allow remote attackers to inject arbitrary web script or HTML via crafted input. | |||||
| CVE-2013-5706 | 1 Trivantis | 1 Coursemill Learning Management System | 2013-09-06 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Coursemill Learning Management System (LMS) 6.8 allow remote attackers to inject arbitrary web script or HTML via vectors related to error messages and (1) crafted event attributes or (2) > (greater than) characters that are optional within a browser's HTML implementation, a different issue than CVE-2013-3603. | |||||
| CVE-2013-5698 | 1 Open-xchange | 2 Open-xchange Appsuite, Open-xchange Server | 2013-09-06 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite and Server before 6.22.0 rev16, 6.22.1 before rev19, 7.0.1 before rev7, 7.0.2 before rev11, and 7.2.0 before rev8 allows remote authenticated users to inject arbitrary web script or HTML via a delivery=view action, aka Bug ID 26373, a different vulnerability than CVE-2013-3106. | |||||
| CVE-2013-5707 | 1 Trivantis | 1 Coursemill Learning Management System | 2013-09-06 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Coursemill Learning Management System (LMS) 6.8 allow remote attackers to inject arbitrary web script or HTML via crafted input containing a %22 sequence, a different issue than CVE-2013-3604. | |||||
| CVE-2012-5744 | 1 Cisco | 1 Identity Services Engine Software | 2013-08-30 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the guest portal in Cisco Identity Services Engine (ISE) Software allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs CSCud11139 and CSCug02904. | |||||
| CVE-2013-5646 | 1 Roundcube | 1 Webmail | 2013-08-29 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Roundcube webmail 1.0-git allows remote authenticated users to inject arbitrary web script or HTML via the Name field of an addressbook group. | |||||
| CVE-2013-4274 | 2 Drupal, Erikwebb | 2 Drupal, Password Policy | 2013-08-29 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the password_policy_admin_view function in password_policy.admin.inc in the Password Policy module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with the "Administer policies" permission to inject arbitrary web script or HTML via the "Password Expiration Warning" field to the admin/config/people/password_policy/add page. | |||||
| CVE-2012-6587 | 1 Myrephp | 1 Myre Vacation Rental | 2013-08-27 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in vacation/1_mobile/alert_members.php in MYRE Vacation Rental Software allows remote attackers to inject arbitrary web script or HTML via the link_idd parameter in a login action. | |||||
| CVE-2013-3372 | 1 Bestpractical | 1 Rt | 2013-08-27 | 4.3 MEDIUM | N/A |
| Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject multiple Content-Disposition HTTP headers and possibly conduct cross-site scripting (XSS) attacks via unspecified vectors. | |||||
| CVE-2013-3720 | 2 Feedweb, Wordpress | 2 Feedweb, Wordpress | 2013-08-27 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in widget_remove.php in the Feedweb plugin before 1.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML via the wp_post_id parameter. | |||||