Total
36305 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-0739 | 1 Chamilo | 1 Chamilo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Chamilo 1.9.4 has XSS due to improper validation of user-supplied input by the chat.php script. | |||||
| CVE-2013-0738 | 1 Chamilo | 1 Chamilo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Chamilo 1.9.4 has Multiple XSS and HTML Injection Vulnerabilities: blog.php and announcements.php. | |||||
| CVE-2013-0737 | 1 Boltwire | 1 Boltwire | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in BoltWire 3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the fieldnames parameter. | |||||
| CVE-2013-0592 | 1 Ibm | 1 Inotes | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 83815. | |||||
| CVE-2013-0286 | 1 Pinboard Project | 1 Pinboard | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Pinboard 1.0.6 theme for Wordpress has XSS. | |||||
| CVE-2013-0283 | 1 Theforeman | 1 Katello | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Katello: Username in Notification page has cross site scripting | |||||
| CVE-2013-0195 | 1 Matomo | 1 Matomo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0193 and CVE-2013-0194. | |||||
| CVE-2013-0194 | 1 Matomo | 1 Matomo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0193 and CVE-2013-0195. | |||||
| CVE-2013-0193 | 1 Matomo | 1 Matomo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0194 and CVE-2013-0195. | |||||
| CVE-2013-0186 | 1 Redhat | 2 Cloudforms, Manageiq Enterprise Virtualization Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in ManageIQ EVM allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-0161 | 1 Havalite | 1 Havalite | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Havalite CMS 1.1.7 has a stored XSS vulnerability | |||||
| CVE-2012-6720 | 1 Socialengine | 1 Socialengine | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in SocialEngine before 4.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to music/create, (2) location parameter to events/create, or (3) search parameter to widget/index/content_id/*. | |||||
| CVE-2012-6718 | 1 Sharebar Project | 1 Sharebar | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The sharebar plugin before 1.2.2 for WordPress has XSS, a different issue than CVE-2013-3491. | |||||
| CVE-2012-6717 | 1 Redirection | 1 Redirection | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The redirection plugin before 2.2.12 for WordPress has XSS, a different issue than CVE-2011-4562. | |||||
| CVE-2012-6716 | 1 Pixelite | 1 Events Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The events-manager plugin before 5.1.7 for WordPress has XSS via JSON call links. | |||||
| CVE-2012-6715 | 1 Formbuilder Project | 1 Formbuilder | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The formbuilder plugin before 0.9.1 for WordPress has XSS via a Referer header. | |||||
| CVE-2012-6714 | 1 Count Per Day Project | 1 Count Per Day | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The count-per-day plugin before 3.2.3 for WordPress has XSS via search words. | |||||
| CVE-2012-6713 | 1 Wp-jobmanager | 1 Job Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The job-manager plugin before 0.7.19 for WordPress has multiple XSS issues. | |||||
| CVE-2012-6708 | 1 Jquery | 1 Jquery | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common. | |||||
| CVE-2012-6682 | 1 Dragonbyte-tech | 1 Vbdownloads Module | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in downloads/actions/editdownload.php in the DragonByte Technologies vBDownloads module 1.3.2 and earlier for vBulletin allows remote attackers to inject arbitrary web script or HTML via the mirrors[] parameter. | |||||