| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2013-3538 |
79 |
|
XSS |
2013-05-13 |
2013-05-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in todooforum.php in Todoo Forum 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id_post or (2) pg parameter. |
|
2 |
CVE-2013-3535 |
79 |
|
XSS CSRF |
2013-05-13 |
2013-05-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in CMSLogik 1.2.0 and 1.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_email, (2) header_title, (3) site_title parameter to admin/settings; (4) recaptcha_private or (5) recaptcha_public parameter to admin/captcha_settings; (6) fb_appid, (7) fp_secret, (8) tw_consumer_key, or (9) tw_consumer_secret parameter to admin/social_settings; (10) slug parameter to admin/gallery/save_item_settings; or (11) item_link parameter to admin/edit_menu_item_ajax. NOTE: this issue might be resultant from CSRF. |
|
3 |
CVE-2013-3534 |
79 |
|
XSS |
2013-05-13 |
2013-05-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the aiContactSafe component before 2.0.21 for Joomla! allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
4 |
CVE-2013-3529 |
79 |
1
|
XSS |
2013-05-10 |
2013-05-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in user/obits.php in the WP FuneralPress plugin before 1.1.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) message, (2) photo-message, or (3) youtube-message parameter. |
|
5 |
CVE-2013-3526 |
79 |
|
XSS |
2013-05-10 |
2013-05-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in js/ta_loaded.js.php in the Traffic Analyzer plugin, possibly 3.3.2 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the aoid parameter. |
|
6 |
CVE-2013-3513 |
352 |
|
XSS CSRF |
2013-05-08 |
2013-05-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the Noma component in GroundWork Monitor Enterprise 6.7.0 allow remote attackers to hijack the authentication of unspecified victims for requests that (1) store XSS sequences or (2) delete entries. |
|
7 |
CVE-2013-3501 |
79 |
|
XSS |
2013-05-08 |
2013-05-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in GroundWork Monitor Enterprise 6.7.0 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the foundation-webapp/admin/ directory, (2) the NeDi component, or (3) the Noma component. |
|
8 |
CVE-2013-3498 |
79 |
|
XSS |
2013-05-08 |
2013-05-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Juniper SmartPass WLAN Security Management before 7.7 MR3 and 8.0 before MR2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
9 |
CVE-2013-3267 |
79 |
|
XSS |
2013-05-03 |
2013-05-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the highlighter plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
10 |
CVE-2013-3254 |
79 |
|
XSS |
2013-05-10 |
2013-05-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in the WP Photo Album Plus plugin before 5.0.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the commentid parameter in a wppa_manage_comments edit action. |
|
11 |
CVE-2013-3059 |
79 |
|
XSS |
2013-05-03 |
2013-05-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Voting plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
12 |
CVE-2013-3058 |
79 |
|
XSS |
2013-05-03 |
2013-05-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
13 |
CVE-2013-2849 |
79 |
|
XSS |
2013-05-22 |
2013-05-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome before 27.0.1453.93 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) drag-and-drop or (2) copy-and-paste operation. |
|
14 |
CVE-2013-2848 |
200 |
|
XSS +Info |
2013-05-22 |
2013-05-22 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The XSS Auditor in Google Chrome before 27.0.1453.93 might allow remote attackers to obtain sensitive information via unspecified vectors. |
|
15 |
CVE-2013-2766 |
79 |
|
XSS |
2013-04-10 |
2013-05-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 4.3.0 through 4.3.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
16 |
CVE-2013-2715 |
79 |
|
XSS |
2013-03-27 |
2013-03-28 |
2.1 |
None |
Remote |
High |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the admin view in the Search API (search_api) module 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a crafted field name. |
|
17 |
CVE-2013-2709 |
352 |
|
XSS CSRF |
2013-04-26 |
2013-05-01 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in the FourSquare Checkins plugin before 1.3 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. |
|
18 |
CVE-2013-2697 |
352 |
|
XSS CSRF |
2013-04-19 |
2013-04-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in the WP-DownloadManager plugin before 1.61 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. |
|
19 |
CVE-2013-2696 |
352 |
|
XSS CSRF |
2013-04-25 |
2013-04-26 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in the All in One Webmaster plugin before 8.2.4 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. |
|
20 |
CVE-2013-2640 |
264 |
|
XSS |
2013-03-22 |
2013-04-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
ajax.functions.php in the MailUp plugin before 1.3.2 for WordPress does not properly restrict access to unspecified Ajax functions, which allows remote attackers to modify plugin settings and conduct cross-site scripting (XSS) attacks via unspecified vectors related to "formData=save" requests, a different version than CVE-2013-0731. |
|
21 |
CVE-2013-2501 |
79 |
|
XSS |
2013-03-22 |
2013-03-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Terillion Reviews plugin before 1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ProfileId field. |
|
22 |
CVE-2013-2372 |
79 |
|
XSS |
2013-03-15 |
2013-03-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Engine in TIBCO Spotfire Web Player 3.3.x before 3.3.3, 4.0.x before 4.0.3, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
23 |
CVE-2013-2321 |
79 |
|
XSS |
2013-05-01 |
2013-05-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in HP Service Manager Web Tier 9.31 before 9.31.2004 p2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
24 |
CVE-2013-2311 |
79 |
|
XSS |
2013-05-22 |
2013-05-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in static/js/share.js (aka the social bookmarking widget) in Web2py before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
25 |
CVE-2013-2290 |
79 |
|
XSS |
2013-03-28 |
2013-03-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the dashboard of the ArubaOS Administration WebUI in Aruba Networks ArubaOS 6.2.x before 6.2.0.3, 6.1.3.x before 6.1.3.7, 6.1.x-FIPS before 6.1.4.3-FIPS, and 6.1.x-AirGroup before 6.1.3.6-AirGroup, as used by Mobility Controller, allows remote wireless access points to inject arbitrary web script or HTML via a crafted SSID. |
|
26 |
CVE-2013-1937 |
79 |
|
XSS |
2013-04-16 |
2013-04-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in tbl_gis_visualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the (1) visualizationSettings[width] or (2) visualizationSettings[height] parameter. |
|
27 |
CVE-2013-1887 |
79 |
|
XSS |
2013-03-27 |
2013-03-28 |
2.1 |
None |
Remote |
High |
Single system |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in the Views module 7.x-3.x before 7.x-3.6 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via certain view configuration fields. |
|
28 |
CVE-2013-1857 |
79 |
|
XSS |
2013-03-19 |
2013-05-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The sanitize helper in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle encoded : (colon) characters in URLs, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted scheme name, as demonstrated by including a : sequence. |
|
29 |
CVE-2013-1855 |
79 |
|
XSS |
2013-03-19 |
2013-05-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The sanitize_css method in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle \n (newline) characters, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via crafted Cascading Style Sheets (CSS) token sequences. |
|
30 |
CVE-2013-1844 |
79 |
|
XSS |
2013-03-21 |
2013-04-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Piwik before 1.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
31 |
CVE-2013-1833 |
79 |
|
XSS |
2013-03-25 |
2013-03-26 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in the File Picker module in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted filename. |
|
32 |
CVE-2013-1823 |
79 |
|
XSS |
2013-04-02 |
2013-04-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Notifications form in Red Hat Subscription Asset Manager before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the username field. |
|
33 |
CVE-2013-1808 |
79 |
|
XSS |
2013-04-01 |
2013-04-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and ZeroClipboard10.swf in ZeroClipboard before 1.0.8, as used in em-shorty, RepRapCalculator, Fulcrum, Django, aCMS, and other products, allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this is probably the same vulnerability as CVE-2013-1463. If so, it is likely that CVE-2013-1463 will be REJECTed. |
|
34 |
CVE-2013-1787 |
79 |
|
XSS |
2013-03-27 |
2013-03-28 |
2.1 |
None |
Remote |
High |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Simple Corporate theme before 7.x-1.4 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors. |
|
35 |
CVE-2013-1786 |
79 |
|
XSS |
2013-03-27 |
2013-03-28 |
2.1 |
None |
Remote |
High |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Company theme before 7.x-1.4 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors. |
|
36 |
CVE-2013-1785 |
79 |
|
XSS |
2013-03-27 |
2013-03-28 |
2.1 |
None |
Remote |
High |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Premium Responsive theme before 7.x-1.6 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors. |
|
37 |
CVE-2013-1784 |
79 |
|
XSS |
2013-03-27 |
2013-03-28 |
2.1 |
None |
Remote |
High |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Clean Theme before 7.x-1.3 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors. |
|
38 |
CVE-2013-1783 |
79 |
|
XSS |
2013-03-27 |
2013-03-28 |
2.1 |
None |
Remote |
High |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the 3 slide gallery in page--front.tpl.php in the Business theme before 7.x-1.8 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors. |
|
39 |
CVE-2013-1782 |
79 |
|
XSS |
2013-03-27 |
2013-03-28 |
2.1 |
None |
Remote |
High |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Responsive Blog Theme 7.x-1.x before 7.x-1.6 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via vectors related to social icons. |
|
40 |
CVE-2013-1781 |
79 |
|
XSS |
2013-03-27 |
2013-03-28 |
2.1 |
None |
Remote |
High |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Professional theme before 7.x-1.4 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors. |
|
41 |
CVE-2013-1780 |
79 |
|
XSS |
2013-03-27 |
2013-03-28 |
2.1 |
None |
Remote |
High |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Best Responsive Theme 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via vectors related to social icons. |
|
42 |
CVE-2013-1779 |
79 |
|
XSS |
2013-03-27 |
2013-03-28 |
2.1 |
None |
Remote |
High |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the Fresh theme before 7.x-1.4 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via unspecified vectors. |
|
43 |
CVE-2013-1778 |
79 |
|
XSS |
2013-03-27 |
2013-03-28 |
2.1 |
None |
Remote |
High |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Creative Theme 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the administer themes permission to inject arbitrary web script or HTML via vectors related to social icons. |
|
44 |
CVE-2013-1749 |
79 |
|
XSS |
2013-04-18 |
2013-04-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in edit.php in PHP Address Book 8.2.5 allows user-assisted remote attackers to inject arbitrary web script or HTML via the Address field. |
|
45 |
CVE-2013-1670 |
264 |
|
XSS Bypass |
2013-05-16 |
2013-05-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 does not prevent acquisition of chrome privileges during calls to content level constructors, which allows remote attackers to bypass certain read-only restrictions and conduct cross-site scripting (XSS) attacks via a crafted web site. |
|
46 |
CVE-2013-1611 |
79 |
|
XSS |
2013-05-09 |
2013-05-10 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in administrative-interface pages in the management console in Symantec Brightmail Gateway 9.5.x allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
|
47 |
CVE-2013-1471 |
79 |
|
XSS |
2013-02-04 |
2013-02-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in admin/FEAdmin.html in Fortinet FortiMail before 4.3.4 on FortiMail Identity-Based Encryption (IBE) appliances allow user-assisted remote attackers to inject arbitrary web script or HTML via (1) the Add field for the Black List under Antispam Management User Preferences or (2) the User name field for the Personal Black/White List in the AntiSpam section. |
|
48 |
CVE-2013-1464 |
79 |
|
XSS |
2013-02-07 |
2013-02-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in ssets/player.swf in the Audio Player plugin before 2.0.4.6 for Wordpress allows remote attackers to inject arbitrary web script or HTML via the playerID parameter. |
|
49 |
CVE-2013-1463 |
79 |
|
XSS |
2013-02-07 |
2013-04-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in js/tabletools/zeroclipboard.swf in the WP-Table Reloaded module before 1.9.4 for Wordpress allows remote attackers to inject arbitrary web script or HTML via the id parameter. |
|
50 |
CVE-2013-1289 |
79 |
|
XSS |
2013-04-09 |
2013-04-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability." |
