Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-3538 | 1 Wesley Destailleur | 1 Todoo Forum | 2017-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in todooforum.php in Todoo Forum 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id_post or (2) pg parameter. | |||||
| CVE-2013-0502 | 1 Ibm | 1 Infosphere Information Server | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM InfoSphere Information Server 8.1, 8.5 through FP3, 8.7 through FP2, and 9.1 allows remote attackers to inject arbitrary web script or HTML via a malformed URL. | |||||
| CVE-2013-0492 | 1 Ibm | 1 Informix Open Admin Tool | 2017-08-28 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Informix Open Admin Tool (OAT) 2.x and 3.x before 3.11.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2013-1972 | 2 Alexey Sukhotin, Drupal | 2 Elfinder, Drupal | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the elFinder file manager module 6.x-0.x before 6.x-0.8 and 7.x-0.x before 7.x-0.8 for Drupal allows remote attackers to hijack the authentication of unspecified victims to create, modify, or delete files via unknown vectors. | |||||
| CVE-2013-0461 | 1 Ibm | 1 Websphere Application Server | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the virtual member manager (VMM) administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.27, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-0499 | 1 Ibm | 14 Websphere Datapower B2b Appliance Xb62, Websphere Datapower B2b Appliance Xb62 Firmware, Websphere Datapower Integration Appliance Xi50 and 11 more | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the echo functionality on IBM WebSphere DataPower SOA appliances with firmware 3.8.2, 4.0, 4.0.1, 4.0.2, and 5.0.0 allows remote attackers to inject arbitrary web script or HTML via a SOAP message, as demonstrated by the XML Firewall, Multi Protocol Gateway (MPGW), Web Service Proxy, and Web Token services. | |||||
| CVE-2013-0457 | 1 Ibm | 3 Maximo Asset Management, Maximo Asset Management Essentials, Smartcloud Control Desk | 2017-08-28 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to a uisessionid. | |||||
| CVE-2013-0473 | 1 Ibm | 2 Rational Policy Tester, Security Appscan | 2017-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 allow remote attackers to inject arbitrary web script or HTML via a crafted report. | |||||
| CVE-2013-0597 | 1 Ibm | 1 Websphere Application Server | 2017-08-28 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.29, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.0, when OAuth is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-0571 | 1 Ibm | 2 Application Support Facility, Document Connect For Application Support Facility | 2017-08-28 | 2.9 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Document Connect for Application Support Facility (aka DC4ASF) before 1.0.0.1218 in Application Support Facility (ASF) 3.4 for z/OS on Windows, Linux, and AIX allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2013-0548 | 1 Ibm | 2 Application Manager For Smart Business, Tivoli Monitoring | 2017-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 through FP3, 6.2.1 through FP4, 6.2.2 through FP9, and 6.2.3 before FP3, as used in IBM Application Manager for Smart Business (formerly Tivoli Foundations Application Manager) 1.2.1 before 1.2.1.0-TIV-IAMSB-FP0004 and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-0590 | 1 Ibm | 2 Lotus Domino, Lotus Inotes | 2017-08-28 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN95XNR3, a different vulnerability than CVE-2013-0591. | |||||
| CVE-2013-4052 | 1 Ibm | 1 Websphere Application Server | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the UDDI Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-4747 | 2 Kasper Skarhoj, Typo3 | 2 Accessible Is Browse Results, Typo3 | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Accessible browse results for indexed search (accessible_is_browse_results) extension 1.2.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-4749 | 2 Typo3, Usertask Center Messaging Project | 2 Typo3, Usertask Center Messaging | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the UserTask Center, Messaging (sys_messages) extension 1.1.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-4004 | 1 Ibm | 1 Websphere Application Server | 2017-08-28 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 8.0 before 8.0.0.7 and 8.5 before 8.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-1466 | 1 Glfusion | 1 Glfusion | 2017-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in glFusion before 1.2.2.pl4 allow remote attackers to inject arbitrary web script or HTML via the (1) subject parameter to profiles.php; (2) address1, (3) address2, (4) calendar_type, (5) city, (6) state, (7) title, (8) url, or (9) zipcode parameter to calendar/index.php; (10) title or (11) url parameter to links/index.php; or (12) PATH_INFO to admin/plugins/mediagallery/xppubwiz.php/. | |||||
| CVE-2013-0587 | 1 Ibm | 1 Websphere Portal | 2017-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere Portal before 8.0.0.1 CF07 allow remote attackers to inject arbitrary web script or HTML via vectors involving the (1) Portal, (2) Portal 7.0.0.2, (3) Portal 8.0, or (4) PortalWeb2 theme. | |||||
| CVE-2013-4759 | 1 Magnolia-cms | 2 Magnolia Cms, Magnolia Form Module | 2017-08-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Magnolia Form module 1.x before 1.4.7 and 2.x before 2.0.2 for Magnolia CMS allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) fullname, or (3) email parameter to magnoliaPublic/demo-project/members-area/registration.html. | |||||
| CVE-2013-0503 | 1 Ibm | 1 Lotus Connections | 2017-08-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Bookmarks component in IBM Lotus Connections before 4.0 CR3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||