Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (44310 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-4626 2 Marketpress, Wordpress 2 Backwpup Plugin, Wordpress 2024-08-06 N/A
Cross-site scripting (XSS) vulnerability in the BackWPup plugin before 3.0.13 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tab parameter to wp-admin/admin.php.
CVE-2013-4714 1 Tiki 1 Tikiwiki Cms\/groupware 2024-08-06 N/A
Cross-site scripting (XSS) vulnerability in Tiki Wiki CMS Groupware 6 LTS before 6.13LTS, 9 LTS before 9.7LTS, 10.x before 10.4, and 11.x before 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-4705 1 Opera 1 Opera Browser 2024-08-06 N/A
Cross-site scripting (XSS) vulnerability in Opera before 15.00 allows remote attackers to inject arbitrary web script or HTML by leveraging UTF-8 encoding.
CVE-2013-4716 1 Tattyan 1 Tattyan Hptown 2024-08-06 N/A
Cross-site scripting (XSS) vulnerability in Tattyan HP TOWN 5_9_3 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string.
CVE-2013-4691 1 Sencha 1 Connect 2024-08-06 6.1 Medium
Sencha Labs Connect has XSS with connect.methodOverride()
CVE-2013-4624 1 Jahia 1 Jahia Xcm 2024-08-06 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Jahia xCM 6.6.1.0 before hotfix 7 allow remote attackers to inject arbitrary web script or HTML via (1) the site parameter to engines/manager.jsp, (2) the searchString parameter to administration/ in a search action, or the (3) username, (4) firstName, (5) lastName, (6) email, or (7) organization field to administration/ in a users action.
CVE-2013-4713 1 Iodata 2 Rockdisk, Rockdisk Firmware 2024-08-06 N/A
Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk with firmware before 1.05e1-2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-4674 1 Symantec 2 Encryption Management Server, Pgp Universal Server 2024-08-06 N/A
Cross-site scripting (XSS) vulnerability in the Web Email Protection component in Symantec Encryption Management Server (formerly Symantec PGP Universal Server) before 3.3.0 MP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted encrypted e-mail attachment.
CVE-2013-4612 2 Project-redcap, Vanderbilt 2 Redcap, Redcap 2024-08-06 N/A
Multiple cross-site scripting (XSS) vulnerabilities in REDCap before 5.1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving different modules.
CVE-2013-4608 2 Project-redcap, Vanderbilt 2 Redcap, Redcap 2024-08-06 N/A
Cross-site scripting (XSS) vulnerability in REDCap before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via vectors involving the Graphical Data View & Descriptive Stats page.
CVE-2013-4600 1 Alkacon 1 Opencms 2024-08-06 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Alkacon OpenCms before 8.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to system/workplace/views/admin/admin-main.jsp or the (2) requestedResource parameter to system/login/index.html.
CVE-2013-4523 1 Moodle 1 Moodle 2024-08-06 N/A
Cross-site scripting (XSS) vulnerability in message/lib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted message.
CVE-2013-4556 1 Spip 1 Spip 2024-08-06 N/A
Cross-site scripting (XSS) vulnerability in the author page (prive/formulaires/editer_auteur.php) in SPIP before 2.1.24 and 3.0.x before 3.0.12 allows remote attackers to inject arbitrary web script or HTML via the url_site parameter.
CVE-2013-4519 1 Reviewboard 1 Review Board 2024-08-06 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Review Board 1.6.x before 1.6.21 and 1.7.x before 1.7.17 allow remote attackers to inject arbitrary web script or HTML via the (1) Branch field or (2) caption of an uploaded file.
CVE-2013-4503 1 Feed Element Mapper Project 1 Feed Element Mapper 2024-08-06 N/A
Cross-site scripting (XSS) vulnerability in the Feed Element Mapper module for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via vectors related to options.
CVE-2013-4491 3 Redhat, Rhel Sam, Rubyonrails 5 Openstack, Rhel Software Collections, 1.4 and 2 more 2024-08-06 N/A
Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/translation_helper.rb in the internationalization component in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted string that triggers generation of a fallback string by the i18n gem.
CVE-2013-4573 1 Mediawiki 1 Mediawiki 2024-08-06 N/A
Cross-site scripting (XSS) vulnerability in the ZeroRatedMobileAccess extension for MediaWiki 1.19.x before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to inject arbitrary web script or HTML via the "to" parameter to index.php.
CVE-2013-4525 1 Moodle 1 Moodle 2024-08-06 N/A
Cross-site scripting (XSS) vulnerability in mod/quiz/report/responses/responses_table.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to inject arbitrary web script or HTML via an answer to a text-based quiz question.
CVE-2013-4574 1 Mediawiki 1 Mediawiki 2024-08-06 N/A
Cross-site scripting (XSS) vulnerability in the TimeMediaHandler extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to videos.
CVE-2013-4507 1 Collectiveaccess 2 Pawtucket, Providence 2024-08-06 N/A
Cross-site scripting (XSS) vulnerability in CollectiveAccess Providence and Pawtucket before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.