Export limit exceeded: 352837 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 352837 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46157 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-6793 | 1 Olat | 1 Olat | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Calendar module in Olat 7.8.0.1 (b20130821 N1) allow remote attackers to inject arbitrary web script or HTML via the (1) event name or (2) date field. | ||||
| CVE-2013-6690 | 1 Cisco | 1 Prime Collaboration | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the web interface in the Assurance component in Cisco Prime Collaboration allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs CSCui92643, CSCui94038, and CSCui94161. | ||||
| CVE-2013-6388 | 1 Drupal | 1 Drupal | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Color module in Drupal 7.x before 7.24 allows remote attackers to inject arbitrary web script or HTML via vectors related to CSS. | ||||
| CVE-2013-6387 | 1 Drupal | 1 Drupal | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the Image module in Drupal 7.x before 7.24 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the description field. | ||||
| CVE-2013-6178 | 1 Emc | 1 Rsa Archer Egrc | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer GRC 5.x before 5.4 SP1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-6175 | 1 Emc | 1 Document Sciences Xpression | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allow remote attackers to inject arbitrary web script or HTML via unspecified input to a (1) xAdmin or (2) xDashboard form. | ||||
| CVE-2013-6163 | 1 Projeqtor | 1 Projeqtor | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ProjeQtOr (formerly Project'Or RIA) before 4.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) type parameter to view/parameter.php, (2) p1value parameter to view/main.php, or (3) objectClass parameter to view/objectDetail.php. | ||||
| CVE-2013-6162 | 1 Code-crafters | 1 Ability Mail Server | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in Code-Crafters Ability Mail Server 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the body of an email. | ||||
| CVE-2013-6111 | 1 Modpagespeed | 1 Mod Pagespeed | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.x, 1.0.22.7, 1.1.x, 1.24.1, 1.3.25.1 through 1.3.25.4, 1.4.26.1 through 1.4.26.4, 1.5.27.1 through 1.5.27.3, and 1.6.29.1 through 1.6.29.6 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-5992 | 1 Lockon | 1 Ec-cube | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the displaySystemError function in html/handle_error.php in LOCKON EC-CUBE 2.11.0 through 2.11.5 allows remote attackers to inject arbitrary web script or HTML by leveraging incorrect handling of error-message output. | ||||
| CVE-2013-5976 | 1 F5 | 1 Big-ip Access Policy Manager | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the access policy logout page (logout.inc) in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.1.0 through 11.3.0 allows remote attackers to inject arbitrary web script or HTML via the LastMRH_Session cookie. | ||||
| CVE-2013-5966 | 1 Zkoss | 1 Zk Framework | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in ZK Framework before 5.0.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-5964 | 2 Drupal, Joachim Noreiko | 2 Drupal, Flag Module | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the administration page in the Flag module 7.x-3.x before 7.x-3.1 for Drupal allows remote authenticated users with the "Administer flags" permission to inject arbitrary web script or HTML via the flag title. | ||||
| CVE-2013-5739 | 1 Wordpress | 1 Wordpress | 2025-04-11 | N/A |
| The default configuration of WordPress before 3.6.1 does not prevent uploads of .swf and .exe files, which might make it easier for remote authenticated users to conduct cross-site scripting (XSS) attacks via a crafted file, related to the get_allowed_mime_types function in wp-includes/functions.php. | ||||
| CVE-2013-5711 | 1 Slickremix | 1 Design Approval System Plugin | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/walkthrough/walkthrough.php in the Design Approval System plugin before 3.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via the step parameter. | ||||
| CVE-2013-5706 | 1 Trivantis | 1 Coursemill Learning Management System | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Coursemill Learning Management System (LMS) 6.8 allow remote attackers to inject arbitrary web script or HTML via vectors related to error messages and (1) crafted event attributes or (2) > (greater than) characters that are optional within a browser's HTML implementation, a different issue than CVE-2013-3603. | ||||
| CVE-2013-5695 | 1 Opsview | 1 Opsview | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Opsview before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/auditlog/, (2) PATH_INFO to info/host/ or (3) viewport/, (4) back parameter to login, or (5) "from" parameter to status/service/recheck. | ||||
| CVE-2013-5505 | 1 Cisco | 1 Identity Services Engine Software | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in an administration page in Cisco Identity Services Engine (ISE) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui30275. | ||||
| CVE-2013-5495 | 1 Cisco | 1 Unified Meetingplace | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in the web framework in the Application Server in Cisco Unified MeetingPlace allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCui44681. | ||||
| CVE-2013-5406 | 1 Ibm | 2 Sterling B2b Integrator, Sterling File Gateway | 2025-04-11 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, leading to improper interaction with the Windows MHTML protocol handler. | ||||