Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-1743 | 1 Mozilla | 1 Bugzilla | 2013-10-24 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in report.cgi in Bugzilla 4.1.x and 4.2.x before 4.2.7 and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via a field value that is not properly handled during construction of a tabular report, as demonstrated by the (1) summary or (2) real name field. NOTE: this issue exists because of an incomplete fix for CVE-2012-4189. | |||||
| CVE-2013-5151 | 1 Apple | 1 Iphone Os | 2013-10-22 | 4.3 MEDIUM | N/A |
| Mobile Safari in Apple iOS before 7 does not prevent HTML interpretation of a document served with a text/plain content type, which allows remote attackers to conduct cross-site scripting (XSS) attacks by uploading a file. | |||||
| CVE-2013-5702 | 1 Watchguard | 2 Fireware, Watchguard System Manager | 2013-10-21 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WebCenter in WatchGuard WSM and Fireware before 11.8 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||||
| CVE-2013-5519 | 1 Cisco | 1 Wireless Lan Controller | 2013-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the management interface on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuf77810. | |||||
| CVE-2013-5541 | 1 Cisco | 2 Identity Services Engine, Identity Services Engine Software | 2013-10-16 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the file-upload interface in Cisco Identity Services Engine (ISE) allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename, aka Bug ID CSCui67495. | |||||
| CVE-2013-3616 | 1 Knowledgeview | 1 Knowledgeview Editorial And Management Application | 2013-10-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the KnowledgeView Editorial and Management application allows remote attackers to inject arbitrary web script or HTML via the username parameter. | |||||
| CVE-2013-5911 | 1 Tenable | 1 Securitycenter | 2013-10-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in devform.php in Tenable SecurityCenter 4.6 through 4.7 allows remote attackers to inject arbitrary web script or HTML via the message parameter. | |||||
| CVE-2013-4167 | 1 Cmsmadesimple | 1 Cms Made Simple | 2013-10-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) before 1.11.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-6576 | 2 Antti Alamki, Drupal | 2 Prh Search, Drupal | 2013-10-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the PRH Search module 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers from certain sources to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-3648 | 2 Kent-web, Microsoft | 2 Post-mail, Internet Explorer | 2013-10-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in KENT-WEB POST-MAIL before 6.7, when Internet Explorer 7 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an unspecified form field. | |||||
| CVE-2013-3649 | 2 Kent-web, Microsoft | 2 Clip-mail, Internet Explorer | 2013-10-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in KENT-WEB CLIP-MAIL before 3.4, when Internet Explorer 7 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an unspecified form field. | |||||
| CVE-2013-3652 | 1 Lockon | 1 Ec-cube | 2013-10-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in data/class/pages/products/LC_Page_Products_List.php in LOCKON EC-CUBE 2.11.0 through 2.12.4 allows remote attackers to inject arbitrary web script or HTML via vectors involving the classcategory_id2 field, a different vulnerability than CVE-2013-3653. | |||||
| CVE-2013-3653 | 1 Lockon | 1 Ec-cube | 2013-10-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the RecommendSearch feature in the management screen in LOCKON EC-CUBE before 2.12.5 allow remote attackers to inject arbitrary web script or HTML via vectors involving the rank parameter, a different vulnerability than CVE-2013-3652. | |||||
| CVE-2012-4932 | 1 Simple Invoices | 1 Simple Invoices | 2013-10-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SimpleInvoices before stable-2012-1-CIS3000 allow remote attackers to inject arbitrary web script or HTML via (1) the having parameter in a manage action to index.php; (2) the Email field in an Add User action; (3) the Customer Name field in an Add Customer action; the (4) Street address, (5) Street address 2, (6) City, (7) Zip code, (8) State, (9) Country, (10) Mobile Phone, (11) Phone, (12) Fax, (13) Email, (14) PayPal business name, (15) PayPal notify url, (16) PayPal return url, (17) Eway customer ID, (18) Custom field 1, (19) Custom field 2, (20) Custom field 3, or (21) Custom field 4 field in an Add Biller action; (22) the Customer field in an Add Invoice action; the (23) Invoice or (24) Notes field in a Process Payment action; (25) the Payment type description field in a Payment Types action; (26) the Description field in an Invoice Preferences action; (27) the Description field in a Manage Products action; or (28) the Description field in a Tax Rates action. | |||||
| CVE-2013-5495 | 1 Cisco | 1 Unified Meetingplace | 2013-10-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web framework in the Application Server in Cisco Unified MeetingPlace allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui44681. | |||||
| CVE-2013-5693 | 1 X2engine | 1 X2crm | 2013-10-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in X2Engine X2CRM before 3.5 allows remote attackers to inject arbitrary web script or HTML via the model parameter to index.php/admin/editor. | |||||
| CVE-2013-5964 | 2 Drupal, Joachim Noreiko | 2 Drupal, Flag Module | 2013-10-10 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the administration page in the Flag module 7.x-3.x before 7.x-3.1 for Drupal allows remote authenticated users with the "Administer flags" permission to inject arbitrary web script or HTML via the flag title. | |||||
| CVE-2013-0455 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2013-10-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling B2B Integrator 5.2.4 and Sterling File Gateway allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-4378 | 1 Emeric Vernat | 1 Javamelody | 2013-10-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in HtmlSessionInformationsReport.java in JavaMelody 1.46 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted X-Forwarded-For header. | |||||
| CVE-2013-4704 | 1 Chamanet | 1 Chamacargo | 2013-10-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ChamaNet ChamaCargo 7.0000 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||