Total
37050 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-10028 | 1 Eelv Newsletter Project | 1 Eelv Newsletter | 2024-11-21 | 3.5 Low |
| A vulnerability was found in EELV Newsletter Plugin 2.x on WordPress. It has been rated as problematic. Affected by this issue is the function style_newsletter of the file lettreinfo.php. The manipulation of the argument email leads to cross site scripting. The attack may be launched remotely. The name of the patch is 3339b42316c5edf73e56eb209b6a3bb3e868d6ed. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230660. | ||||
| CVE-2013-10026 | 1 Webfwd | 1 Mail Subscribe List | 2024-11-21 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in Mail Subscribe List Plugin up to 2.0.10 on WordPress. This issue affects some unknown processing of the file index.php. The manipulation of the argument sml_name/sml_email leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.1 is able to address this issue. The identifier of the patch is 484970ef8285cae51d2de3bd4e4684d33c956c28. It is recommended to upgrade the affected component. The identifier VDB-227765 was assigned to this vulnerability. | ||||
| CVE-2013-10022 | 1 Bestwebsoft | 1 Contact Form | 2024-11-21 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in BestWebSoft Contact Form Plugin 3.51 on WordPress. Affected by this issue is the function cntctfrm_display_form/cntctfrm_check_form of the file contact_form.php. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 3.52 is able to address this issue. The patch is identified as 642ef1dc1751ab6642ce981fe126325bb574f898. It is recommended to upgrade the affected component. VDB-225002 is the identifier assigned to this vulnerability. | ||||
| CVE-2013-10021 | 1 Wordpress | 1 Debug Bar | 2024-11-21 | 3.5 Low |
| A vulnerability was found in dd32 Debug Bar Plugin up to 0.8 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function render of the file panels/class-debug-bar-queries.php. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 0.8.1 is able to address this issue. The patch is named 0842af8f8a556bc3e39b9ef758173b0a8a9ccbfc. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222739. | ||||
| CVE-2013-10020 | 1 A-forms Project | 1 A-forms | 2024-11-21 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in MMDeveloper A Forms Plugin up to 1.4.2 on WordPress. This affects an unknown part of the file a-forms.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.4.3 is able to address this issue. The identifier of the patch is 3e693197bd69b7173cc16d8d2e0a7d501a2a0b06. It is recommended to upgrade the affected component. The identifier VDB-222609 was assigned to this vulnerability. | ||||
| CVE-2013-10010 | 1 Zerochplus Project | 1 Zerochplus | 2024-11-21 | 4.3 Medium |
| A vulnerability classified as problematic has been found in zerochplus. This affects the function PrintResList of the file test/mordor/thread.res.pl. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The patch is named 9ddf9ecca8565341d8d26a3b2f64540bde4fa273. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-218007. | ||||
| CVE-2013-0739 | 1 Chamilo | 1 Chamilo | 2024-11-21 | 6.1 Medium |
| Chamilo 1.9.4 has XSS due to improper validation of user-supplied input by the chat.php script. | ||||
| CVE-2013-0738 | 1 Chamilo | 1 Chamilo | 2024-11-21 | 6.1 Medium |
| Chamilo 1.9.4 has Multiple XSS and HTML Injection Vulnerabilities: blog.php and announcements.php. | ||||
| CVE-2013-0737 | 1 Boltwire | 1 Boltwire | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in BoltWire 3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the fieldnames parameter. | ||||
| CVE-2013-0592 | 1 Ibm | 1 Inotes | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 83815. | ||||
| CVE-2013-0286 | 1 Pinboard Project | 1 Pinboard | 2024-11-21 | 5.4 Medium |
| Pinboard 1.0.6 theme for Wordpress has XSS. | ||||
| CVE-2013-0283 | 1 Theforeman | 1 Katello | 2024-11-21 | 5.4 Medium |
| Katello: Username in Notification page has cross site scripting | ||||
| CVE-2013-0195 | 1 Matomo | 1 Matomo | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0193 and CVE-2013-0194. | ||||
| CVE-2013-0194 | 1 Matomo | 1 Matomo | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0193 and CVE-2013-0195. | ||||
| CVE-2013-0193 | 1 Matomo | 1 Matomo | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: This is a different vulnerability than CVE-2013-0194 and CVE-2013-0195. | ||||
| CVE-2013-0186 | 1 Redhat | 3 Cloudforms, Cloudforms Managementengine, Manageiq Enterprise Virtualization Manager | 2024-11-21 | 6.1 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in ManageIQ EVM allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2013-0161 | 1 Havalite | 1 Havalite | 2024-11-21 | 5.4 Medium |
| Havalite CMS 1.1.7 has a stored XSS vulnerability | ||||
| CVE-2012-6720 | 1 Socialengine | 1 Socialengine | 2024-11-21 | 6.1 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in SocialEngine before 4.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to music/create, (2) location parameter to events/create, or (3) search parameter to widget/index/content_id/*. | ||||
| CVE-2012-6718 | 1 Sharebar Project | 1 Sharebar | 2024-11-21 | N/A |
| The sharebar plugin before 1.2.2 for WordPress has XSS, a different issue than CVE-2013-3491. | ||||
| CVE-2012-6717 | 1 Redirection | 1 Redirection | 2024-11-21 | N/A |
| The redirection plugin before 2.2.12 for WordPress has XSS, a different issue than CVE-2011-4562. | ||||