Cross-site scripting (XSS) vulnerability in the Apache Solr for TYPO3 (solr) extension before 2.8.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.22%
Published
2013-10-28
Updated
2013-11-03
Cross-site scripting (XSS) vulnerability in codebase/spreadsheet.php in the Spreadsheet (dhtmlxSpreadsheet) plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "page" parameter.
Max CVSS
4.3
EPSS Score
0.33%
Published
2013-10-25
Updated
2013-10-25
Cross-site scripting (XSS) vulnerability in Social Sharing Toolkit plugin before 2.1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.10%
Published
2013-10-25
Updated
2013-10-25
The is_safe_url function in utils/http.py in Django 1.4.x before 1.4.6, 1.5.x before 1.5.2, and 1.6 before beta 2 treats a URL's scheme as safe even if it is not HTTP or HTTPS, which might introduce cross-site scripting (XSS) or other vulnerabilities into Django applications that use this function, as demonstrated by "the login view in django.contrib.auth.views" and the javascript: scheme.
Max CVSS
4.3
EPSS Score
0.76%
Published
2013-10-04
Updated
2017-11-17
Cross-site scripting (XSS) vulnerability in Tyler Technologies TaxWeb 3.13.3.1 allows remote attackers to inject arbitrary web script or HTML via the accountNum parameter to an unspecified component.
Max CVSS
4.3
EPSS Score
0.15%
Published
2013-10-28
Updated
2013-11-21
Cross-site scripting (XSS) vulnerability in the Comment Attachment plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "Attachment field title."
Max CVSS
4.3
EPSS Score
0.19%
Published
2013-10-03
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in the access policy logout page (logout.inc) in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.1.0 through 11.3.0 allows remote attackers to inject arbitrary web script or HTML via the LastMRH_Session cookie.
Max CVSS
4.3
EPSS Score
0.22%
Published
2013-10-01
Updated
2013-10-31
Cross-site scripting (XSS) vulnerability in CA SiteMinder 12.0 through 12.51, and SiteMinder 6 Web Agents, allows remote attackers to inject arbitrary web script or HTML via vectors involving a " (double quote) character.
Max CVSS
4.3
EPSS Score
0.25%
Published
2013-10-29
Updated
2021-04-12
Cross-site scripting (XSS) vulnerability in the getRecommSearch function in recommlist.php in OXID eShop before 4.6.7, Professional and Community Edition 4.7.x before 4.7.8, and Enterprise Edition 5.x before 5.0.8 allows remote attackers to inject arbitrary web script or HTML via the searchrecomm parameter.
Max CVSS
4.3
EPSS Score
0.20%
Published
2013-10-15
Updated
2018-03-22
Cross-site scripting (XSS) vulnerability in Feng Office 2.3.2-rc and earlier allows remote attackers to inject arbitrary web script or HTML via an arbitrary ref_XXX parameter.
Max CVSS
4.3
EPSS Score
0.21%
Published
2013-10-28
Updated
2013-10-29
Multiple cross-site scripting (XSS) vulnerabilities in WebCenter in WatchGuard WSM and Fireware before 11.8 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.
Max CVSS
4.3
EPSS Score
0.11%
Published
2013-10-19
Updated
2013-10-21
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite before 7.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) content with the text/xml MIME type or (2) the Status comment field of an appointment.
Max CVSS
3.5
EPSS Score
0.06%
Published
2013-10-03
Updated
2013-10-04
Cross-site scripting (XSS) vulnerability in the file-upload interface in Cisco Identity Services Engine (ISE) allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename, aka Bug ID CSCui67495.
Max CVSS
3.5
EPSS Score
0.06%
Published
2013-10-16
Updated
2013-10-16
Cross-site scripting (XSS) vulnerability in the troubleshooting page in Cisco Identity Services Engine (ISE) 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCug77655.
Max CVSS
4.3
EPSS Score
0.21%
Published
2013-10-10
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in the management interface on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuf77810.
Max CVSS
4.3
EPSS Score
0.25%
Published
2013-10-03
Updated
2013-10-17
Cross-site scripting (XSS) vulnerability in the monitoring console in IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, 8.5.0, and 8.6.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
3.5
EPSS Score
0.09%
Published
2013-10-16
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.3 before FP5 IF2 and 9.0 before IF5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN9AYK2X.
Max CVSS
4.3
EPSS Score
0.13%
Published
2013-10-22
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.3 before FP5 IF2 and 9.0 before IF5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN9AYK5F.
Max CVSS
4.3
EPSS Score
0.13%
Published
2013-10-22
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.2.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, related to a "cross frame scripting" attack against an administrative user.
Max CVSS
4.3
EPSS Score
0.13%
Published
2013-10-17
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in HP Service Manager 9.30 through 9.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.17%
Published
2013-10-16
Updated
2019-10-09
Cross-site scripting (XSS) vulnerability in Accela BizSearch 3.2 on Linux and Solaris allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.14%
Published
2013-10-04
Updated
2013-10-07
Open redirect vulnerability in the AbstractAuthenticationFormServlet in the Auth Core (org.apache.sling.auth.core) bundle before 1.1.4 in Apache Sling allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the resource parameter, related to "a custom login form and XSS."
Max CVSS
5.8
EPSS Score
0.17%
Published
2013-10-24
Updated
2013-10-25
Cross-site scripting (XSS) vulnerability in Google Site Search module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.10 for Drupal allows remote attackers to inject arbitrary web script or HTML by causing crafted data to be returned by the Google API.
Max CVSS
4.3
EPSS Score
0.22%
Published
2013-10-09
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in contrib/example.php in the SyntaxHighlight GeSHi extension for MediaWiki, possibly as downloaded before September 2013, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
Max CVSS
4.3
EPSS Score
0.27%
Published
2013-10-11
Updated
2017-08-29
Cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget widget in contrib/admin/widgets.py in Django 1.5.x before 1.5.2 and 1.6.x before 1.6 beta 2 allows remote attackers to inject arbitrary web script or HTML via a URLField.
Max CVSS
4.3
EPSS Score
0.32%
Published
2013-10-04
Updated
2017-08-29
36 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!