Total
94000 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-6878 | 1 Miwisoft | 1 Mijosearch | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Mijosoft MijoSearch component 2.0.4 and earlier for Joomla! allows remote attackers to inject arbitrary web script or HTML via the query parameter to component/mijosearch/search. | |||||
| CVE-2013-6785 | 1 Supermicro | 1 Intelligent Platform Management Interface | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Directory traversal vulnerability in url_redirect.cgi in Supermicro IPMI before SMT_X9_315 allows authenticated attackers to read arbitrary files via the url_name parameter. | |||||
| CVE-2013-6772 | 1 Splunk | 1 Splunk | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Splunk before 5.0.4 lacks X-Frame-Options which can allow Clickjacking | |||||
| CVE-2013-6739 | 1 Ibm | 1 Spss Modeler | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| IBM SPSS Modeler before 16 on UNIX allows remote authenticated users to bypass intended access restrictions via an SSO token. IBM X-Force ID: 89855. | |||||
| CVE-2013-6681 | 1 Mapway | 1 Tube Map | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Tube Map Live Underground for Android before 3.0.22 has an Information Disclosure Vulnerability | |||||
| CVE-2013-6495 | 1 Redhat | 2 Jboss Enterprise Application Platform, Jboss Portal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| JBossWeb Bayeux has reflected XSS | |||||
| CVE-2013-6461 | 3 Debian, Nokogiri, Redhat | 7 Debian Linux, Nokogiri, Cloudforms Management Engine and 4 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits | |||||
| CVE-2013-6460 | 3 Debian, Nokogiri, Redhat | 7 Debian Linux, Nokogiri, Cloudforms Management Engine and 4 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents | |||||
| CVE-2013-6455 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The CentralAuth extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain usernames via vectors related to writing the names to the DOM of a page. | |||||
| CVE-2013-6451 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in MediaWiki 1.19.9 before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via unspecified CSS values. | |||||
| CVE-2013-6430 | 1 Pivotal Software | 1 Spring Framework | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a (1) line separator or (2) paragraph separator Unicode character or (3) left or (4) right angle bracket. | |||||
| CVE-2013-6365 | 3 Debian, Horde, Opensuse | 3 Debian Linux, Groupware, Opensuse | 2024-11-21 | 2.6 LOW | 5.3 MEDIUM |
| Horde Groupware Web mail 5.1.2 has CSRF with requests to change permissions | |||||
| CVE-2013-6275 | 2 Debian, Horde | 2 Debian Linux, Groupware | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earlier in basic.php. | |||||
| CVE-2013-6242 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 6.22.3 before 6.22.3-rev5 and 6.22.4 before 6.22.4-rev12 allows remote attackers to inject arbitrary web script or HTML via the subject of an email. NOTE: the vulnerabilities related to the body of the email and the publication name were SPLIT from this CVE ID because they affect different sets of versions. | |||||
| CVE-2013-6239 | 1 Exis-ti | 1 Exis Contexis | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the photo gallery model in Exis Contexis before 2.0 allows remote attackers to inject arbitrary web script or HTML via the image parameter in a detail action. | |||||
| CVE-2013-6022 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability exists in Tiki Wiki CMG Groupware 11.0 via the id paraZeroClipboard.swf, which could let a remote malicious user execute arbitrary code. | |||||
| CVE-2013-5988 | 1 Semperplugins | 1 All In One Seo Pack | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability exists in the All in One SEO Pack plugin before 2.0.3.1 for WordPress via the Search parameter. | |||||
| CVE-2013-5978 | 1 Cart66 | 1 Cart66 Lite Plugin | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in products.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) Product name or (2) Price description fields via a request to wp-admin/admin.php. NOTE: This issue may only cross privilege boundaries if used in combination with CVE-2013-5977. | |||||
| CVE-2013-5661 | 4 Isc, Nic, Nlnetlabs and 1 more | 4 Bind, Knot Resolver, Nsd and 1 more | 2024-11-21 | 2.6 LOW | 5.9 MEDIUM |
| Cache Poisoning issue exists in DNS Response Rate Limiting. | |||||
| CVE-2013-5658 | 1 Aultware | 1 Pwstore | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| AultWare pwStore 2010.8.30.0 has XSS | |||||