Security Vulnerabilities, CVEs, Published In August 2013 (XSS)

CVE-2013-5664

Cross-site scripting (XSS) vulnerability in the web-based device-management API browser in Palo Alto Networks PAN-OS before 4.1.13 and 5.0.x before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via crafted data, aka Ref ID 50908.
Max CVSS
4.3
EPSS Score
0.13%
Published
2013-08-31
Updated
2020-02-17

CVE-2013-5646

Cross-site scripting (XSS) vulnerability in Roundcube webmail 1.0-git allows remote authenticated users to inject arbitrary web script or HTML via the Name field of an addressbook group.
Max CVSS
3.5
EPSS Score
0.07%
Published
2013-08-29
Updated
2013-08-29

CVE-2013-5645

Multiple cross-site scripting (XSS) vulnerabilities in Roundcube webmail before 0.9.3 allow user-assisted remote attackers to inject arbitrary web script or HTML via the body of a message visited in (1) new or (2) draft mode, related to compose.inc; and (3) might allow remote authenticated users to inject arbitrary web script or HTML via an HTML signature, related to save_identity.inc.
Max CVSS
4.3
EPSS Score
0.38%
Published
2013-08-29
Updated
2013-09-12

CVE-2013-5588

Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the step parameter to install/index.php or (2) the id parameter to cacti/host.php.
Max CVSS
4.3
EPSS Score
0.24%
Published
2013-08-29
Updated
2018-10-30

CVE-2013-5587

Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.13, when MakeClicky is configured, allows remote attackers to inject arbitrary web script or HTML via a URL in a ticket. NOTE: this issue has been SPLIT from CVE-2013-3371 due to different affected versions.
Max CVSS
2.6
EPSS Score
0.17%
Published
2013-08-23
Updated
2013-08-26

CVE-2013-5570

Cross-site scripting (XSS) vulnerability in the Javascript and CSS Optimizer extension before 1.1.14 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.22%
Published
2013-08-23
Updated
2017-08-29

CVE-2013-5323

Cross-site scripting (XSS) vulnerability in the Static Info Tables (static_info_tables) extension before 2.3.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.25%
Published
2013-08-20
Updated
2017-08-29

CVE-2013-5320

Cross-site scripting (XSS) vulnerability in Forums/EditPost.aspx in mojoPortal before 2.3.9.8 allows remote attackers to inject arbitrary web script or HTML via the txtSubject parameter.
Max CVSS
4.3
EPSS Score
0.24%
Published
2013-08-20
Updated
2017-08-29

CVE-2013-5319

Cross-site scripting (XSS) vulnerability in secure/admin/user/views/deleteuserconfirm.jsp in the Admin Panel in Atlassian JIRA before 6.0.5 allows remote attackers to inject arbitrary web script or HTML via the name parameter to secure/admin/user/DeleteUser!default.jspa.
Max CVSS
4.3
EPSS Score
0.30%
Published
2013-08-20
Updated
2013-08-21

CVE-2013-5317

Cross-site scripting (XSS) vulnerability in RiteCMS 1.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the mode parameter to cms/index.php.
Max CVSS
3.5
EPSS Score
0.13%
Published
2013-08-20
Updated
2017-08-29

CVE-2013-5315

Cross-site scripting (XSS) vulnerability in the Resource Manager in the MEE submodule (mee.module) in the Scald module 6.x-1.x before 6.x-1.0-beta3 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the atom title, a different vector than CVE-2013-4174.
Max CVSS
2.6
EPSS Score
0.49%
Published
2013-08-19
Updated
2017-08-29

CVE-2013-5314

Cross-site scripting (XSS) vulnerability in serendipity_admin_image_selector.php in Serendipity 1.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the serendipity[htmltarget] parameter.
Max CVSS
4.3
EPSS Score
0.24%
Published
2013-08-19
Updated
2013-08-20

CVE-2013-5312

Multiple cross-site scripting (XSS) vulnerabilities in Vastal I-Tech phpVID 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to browse_videos.php or the (2) cat parameter to groups.php.
Max CVSS
4.3
EPSS Score
1.57%
Published
2013-08-19
Updated
2013-08-20

CVE-2013-5309

Cross-site scripting (XSS) vulnerability in install/forum_data/src/custom_fields.inc.t in FUDforum 3.0.4.1 and earlier, when registering a new user, allows remote attackers to inject arbitrary web script or HTML via a custom profile field to index.php. NOTE: some of these details are obtained from third party information.
Max CVSS
2.6
EPSS Score
0.19%
Published
2013-08-16
Updated
2019-11-25

CVE-2013-5308

Cross-site scripting (XSS) vulnerability in the RealURL Management (realurlmanagement) extension 0.3.4 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.22%
Published
2013-08-16
Updated
2017-08-29

CVE-2013-5307

Cross-site scripting (XSS) vulnerability in the Faceted Search (ke_search) extension before 1.4.1 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.26%
Published
2013-08-16
Updated
2017-08-29

CVE-2013-5305

Cross-site scripting (XSS) vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.26%
Published
2013-08-16
Updated
2017-08-29

CVE-2013-5300

Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) before 4.3.0 allow remote attackers to inject arbitrary web script or HTML via the withoutmenu parameter to (1) vulnmeter/index.php or (2) vulnmeter/sched.php; the (3) section parameter to av_inventory/task_edit.php; the (4) profile parameter to nfsen/rrdgraph.php; or the (5) scan_server or (6) targets parameter to vulnmeter/simulate.php.
Max CVSS
4.3
EPSS Score
0.30%
Published
2013-08-15
Updated
2017-08-29

CVE-2013-5100

Cross-site scripting (XSS) vulnerability in the Static Methods since 2007 (div2007) extension before 0.10.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the t3lib_div::quoteJSvalue function.
Max CVSS
4.3
EPSS Score
0.26%
Published
2013-08-09
Updated
2017-08-29

CVE-2013-5099

Cross-site scripting (XSS) vulnerability in article.php in Anchor CMS 0.9.1, when comments are enabled, allows remote attackers to inject arbitrary web script or HTML via the Name field. NOTE: some sources have reported that comments.php is vulnerable, but certain functions from comments.php are used by article.php.
Max CVSS
2.6
EPSS Score
0.20%
Published
2013-08-09
Updated
2017-08-29

CVE-2013-5098

Cross-site scripting (XSS) vulnerability in admin/admin.php in the Download Monitor plugin before 3.3.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the sort parameter, a different vulnerability than CVE-2013-3262.
Max CVSS
4.3
EPSS Score
0.22%
Published
2013-08-09
Updated
2017-08-29

CVE-2013-5095

Cross-site scripting (XSS) vulnerability in the web-based interface in Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka PR 884469.
Max CVSS
4.3
EPSS Score
0.14%
Published
2013-08-16
Updated
2013-09-12

CVE-2013-4880

Cross-site scripting (XSS) vulnerability in core/admin/modules/developer/modules/views/add.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to inject arbitrary web script or HTML via the module parameter.
Max CVSS
4.3
EPSS Score
0.26%
Published
2013-08-14
Updated
2017-08-29

CVE-2013-4759

Multiple cross-site scripting (XSS) vulnerabilities in the Magnolia Form module 1.x before 1.4.7 and 2.x before 2.0.2 for Magnolia CMS allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) fullname, or (3) email parameter to magnoliaPublic/demo-project/members-area/registration.html.
Max CVSS
4.3
EPSS Score
0.53%
Published
2013-08-09
Updated
2017-08-29

CVE-2013-4676

Multiple cross-site scripting (XSS) vulnerabilities in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a (1) custom-reports generation page, (2) Storage Devices creation page, or (3) jobs creation page in the management console; or (4) a Backup Exec server-management page in the beutility console.
Max CVSS
4.3
EPSS Score
85.31%
Published
2013-08-05
Updated
2013-08-22
77 vulnerabilities found
1 2 3 4
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close