CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 3 and 3.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3151 CVE-2013-7231 79 XSS 2013-12-29 2013-12-30
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Mobile Content Server in ESRI ArcGIS for Server 10.1 and 10.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-5222.
3152 CVE-2013-7194 79 XSS 2013-12-20 2017-08-28
3.5
None Remote Medium Single system None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in www/administrator.php in eFront 3.6.14 (build 18012) allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) Last name, (2) Lesson name, or (3) Course name field.
3153 CVE-2013-7074 79 XSS 2013-12-20 2017-08-28
3.5
None Remote Medium Single system None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Content Editing Wizards in TYPO3 4.5.x before 4.5.32, 4.7.x before 4.7.17, 6.0.x before 6.0.12, 6.1.x before 6.1.7, and the development versions of 6.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters.
3154 CVE-2013-7048 264 2014-01-23 2018-11-16
3.3
None Local Medium Not required Partial Partial None
OpenStack Compute (Nova) Grizzly 2013.1.4, Havana 2013.2.1, and earlier uses world-writable and world-readable permissions for the temporary directory used to store live snapshots, which allows local users to read and modify live snapshots.
3155 CVE-2013-7025 79 1 XSS 2013-12-09 2018-03-12
3.5
None Remote Medium Single system None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in ematStaticAlertTypes.jsp in the Alert Settings section in Dell SonicWALL Global Management System (GMS), Analyzer, and UMA EM5000 7.1 SP1 before Hotfix 134235 allow remote authenticated users to inject arbitrary web script or HTML via the (1) valfield_1 or (2) value_1 parameter to createNewThreshold.jsp.
3156 CVE-2013-6964 264 Bypass 2013-12-14 2017-11-28
3.5
None Remote Medium Single system None Partial None
Cisco WebEx Meeting Center allows remote authenticated users to bypass access control and inject content from a different WebEx site via unspecified vectors, aka Bug ID CSCul36197.
3157 CVE-2013-6915 79 XSS 2013-12-05 2013-12-31
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the system-administration component in Cybozu Garoon before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
3158 CVE-2013-6914 79 XSS 2013-12-05 2013-12-31
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in a calendar component in Cybozu Garoon before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
3159 CVE-2013-6913 79 XSS 2013-12-05 2013-12-13
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in a search component in Cybozu Garoon before 3.7.2, when Internet Explorer is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
3160 CVE-2013-6912 79 XSS 2013-12-05 2013-12-13
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in a calendar component in Cybozu Garoon before 3.7.2, when Internet Explorer 6 through 9 is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
3161 CVE-2013-6911 79 XSS 2013-12-05 2013-12-13
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the bulletin-board component in Cybozu Garoon before 3.7.2, when Internet Explorer or Firefox is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
3162 CVE-2013-6892 200 +Info 2015-01-21 2016-08-26
3.5
None Remote Medium Single system Partial None None
WebSVN 2.3.3 allows remote authenticated users to read arbitrary files via a symlink attack in a commit.
3163 CVE-2013-6745 79 XSS 2013-12-22 2017-08-28
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote authenticated users to inject arbitrary web script or HTML via crafted input to an unspecified dynamic web form.
3164 CVE-2013-6743 79 XSS 2014-02-14 2017-08-28
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving an IMG element.
3165 CVE-2013-6741 200 +Info 2014-05-26 2017-08-28
3.5
None Remote Medium Single system Partial None None
IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration Management Database (CCMDB) 7.x before 7.1.1.7 LAFIX.20140319-0837 allow remote authenticated users to obtain potentially sensitive stack-trace information by triggering a Birt error.
3166 CVE-2013-6734 264 +Info 2014-02-22 2017-08-28
3.5
None Remote Medium Single system Partial None None
IBM WebSphere eXtreme Scale Client 7.1 through 8.6.0.4 does not properly isolate the cached data of different users, which allows remote authenticated users to obtain sensitive information in opportunistic circumstances by leveraging access to the same web container.
3167 CVE-2013-6729 79 XSS 2014-03-21 2017-08-28
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in IBM QuickFile 1.0.0.0 before iFix 4 and 1.1.0.1 before iFix 3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
3168 CVE-2013-6726 79 XSS 2014-05-07 2017-08-28
3.5
None Remote Medium Single system None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in WebProcess.srv in IBM TRIRIGA Application Platform 3.2.x and 3.3.x before 3.3.1.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
3169 CVE-2013-6725 79 XSS 2014-01-16 2017-08-28
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Administrative Console in IBM WebSphere Application Server 7.x before 7.0.0.31, 8.0.x before 8.0.0.8, and 8.5.x before 8.5.5.2 allows remote authenticated administrators to inject arbitrary web script or HTML via a crafted URL.
3170 CVE-2013-6721 79 XSS 2013-12-17 2017-08-28
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in IBM WebSphere Service Registry and Repository (WSRR) 7.5.x before 7.5.0.4 and 8.x through 8.0.0.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving widgets.
3171 CVE-2013-6465 79 XSS 2017-12-19 2018-01-05
3.5
None Remote Medium Single system None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in JBPM KIE Workbench 6.0.x allow remote authenticated users to inject arbitrary web script or HTML via vectors related to task name html inputs.
3172 CVE-2013-6446 264 +Info 2017-03-23 2017-03-28
3.5
None Remote Medium Single system Partial None None
The JobHistory Server in Cloudera CDH 4.x before 4.6.0 and 5.x before 5.0.0 Beta 2, when using MRv2/YARN with HTTP authentication, allows remote authenticated users to obtain sensitive job information by leveraging failure to enforce job ACLs.
3173 CVE-2013-6374 79 XSS 2013-11-25 2016-07-15
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.5.1 for Jenkins allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
3174 CVE-2013-6333 79 XSS 2014-03-05 2017-08-28
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-6299, CVE-2013-6300, CVE-2013-6301, and CVE-2013-6320.
3175 CVE-2013-6330 200 +Info 2014-01-16 2017-08-28
3.5
None Remote Medium Single system Partial None None
IBM WebSphere Application Server 7.x before 7.0.0.31, when simpleFileServlet static file caching is enabled, allows remote authenticated users to obtain sensitive information via unspecified vectors.
3176 CVE-2013-6323 79 XSS 2014-05-01 2017-08-28
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.33, 8.x before 8.0.0.9, and 8.5.x before 8.5.5.2, and WebSphere Virtual Enterprise 7.x before 7.0.0.5, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
3177 CVE-2013-6322 79 XSS 2013-11-27 2017-08-28
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in Sterling Order Management in IBM Sterling Selling and Fulfillment Suite 8.0 before HF128 and 8.5 before HF93 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
3178 CVE-2013-6320 79 XSS 2014-03-05 2017-08-28
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-6299, CVE-2013-6300, CVE-2013-6301, and CVE-2013-6333.
3179 CVE-2013-6314 79 XSS 2014-03-06 2017-08-28
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in IBM InfoSphere Enterprise Records 4.5.1 before 4.5.1.7-IER-IF001 and Enterprise Records 5.1.1 before 5.1.1.1-IER-IF003 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
3180 CVE-2013-6310 79 XSS 2014-06-27 2017-08-28
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
3181 CVE-2013-6307 79 XSS 2013-11-29 2017-08-28
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
3182 CVE-2013-6301 79 XSS 2014-03-05 2017-08-28
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-6299, CVE-2013-6300, CVE-2013-6320, and CVE-2013-6333.
3183 CVE-2013-6300 79 XSS 2014-03-05 2017-08-28
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-6299, CVE-2013-6301, CVE-2013-6320, and CVE-2013-6333.
3184 CVE-2013-6299 79 XSS 2014-03-05 2017-08-28
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-6300, CVE-2013-6301, CVE-2013-6320, and CVE-2013-6333.
3185 CVE-2013-6237 200 +Info 2013-12-10 2017-08-28
3.5
None Remote Medium Single system Partial None None
The ISL Desktop plugin for Windows before 1.4.7 for ISL Light 3.5.4 and earlier allows remote authenticated users to obtain sensitive information by pasting the clipboard contents that have been copied by another user in the session.
3186 CVE-2013-6232 79 1 XSS 2014-03-09 2018-10-09
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in SpagoBI before 4.1 allows remote authenticated users to inject arbitrary web script or HTML via a document note in the execution page.
3187 CVE-2013-6219 Bypass 2014-04-19 2014-04-21
3.8
None Local High Single system None Complete None
Unspecified vulnerability in HP HP-UX Whitelisting (aka WLI) before A.01.02.02 on HP-UX B.11.31 allows local users to bypass intended access restrictions via unknown vectors.
3188 CVE-2013-6196 79 XSS 2013-12-21 2017-08-28
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in HP Autonomy Ultraseek 5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
3189 CVE-2013-6177 22 Dir. Trav. 2013-11-20 2015-07-22
3.5
None Remote Medium Single system Partial None None
Directory traversal vulnerability in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allows remote authenticated users to read arbitrary files by leveraging xDashboard access.
3190 CVE-2013-6124 59 2014-08-31 2014-09-02
3.3
None Local Medium Not required None Partial Partial
The Qualcomm Innovation Center (QuIC) init scripts in Code Aurora Forum (CAF) releases of Android 4.1.x through 4.4.x allow local users to modify file metadata via a symlink attack on a file accessed by a (1) chown or (2) chmod command, as demonstrated by changing the permissions of an arbitrary file via an attack on the sensor-settings file.
3191 CVE-2013-6033 79 XSS 2014-02-04 2014-02-04
3.5
None Remote Medium Single system None Partial None
Multiple cross-site scripting (XSS) vulnerabilities on Lexmark W840 through LS.HA.P252, T64x before LS.ST.P344, C935dn through LC.JO.P091, C920 through LS.TA.P152, C53x through LS.SW.P069, C52x through LS.FA.P150, E450 through LM.SZ.P124, E350 through LE.PH.P129, and E250 through LE.PM.P126 printers allow remote authenticated users to inject arbitrary web script or HTML by using (1) SNMP or (2) the Embedded Web Server (EWS) to set the (a) Contact or (b) Location field.
3192 CVE-2013-6003 20 2013-12-05 2014-01-03
3.5
None Remote Medium Single system None Partial None
CRLF injection vulnerability in Cybozu Garoon 3.1 through 3.5 SP5, when Phone Messages forwarding is enabled, allows remote authenticated users to inject arbitrary e-mail headers via unspecified vectors.
3193 CVE-2013-5892 2014-01-15 2017-08-28
3.5
None Local High Single system Partial Partial Partial
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.22, and 4.3.6 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.
3194 CVE-2013-5883 2014-01-15 2017-08-28
3.2
None Local Low Single system None Partial Partial
Unspecified vulnerability in Oracle Solaris 8 allows local users to affect integrity and availability via unknown vectors related to Kernel.
3195 CVE-2013-5871 2014-01-15 2014-02-06
3.5
None Remote Medium Single system Partial None None
Unspecified vulnerability in the Oracle AutoVue Electro-Mechanical Professional component in Oracle Supply Chain Products Suite 20.1.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Web General, a different vulnerability than CVE-2013-5868 and CVE-2014-0444.
3196 CVE-2013-5868 2014-01-15 2014-02-06
3.5
None Remote Medium Single system Partial None None
Unspecified vulnerability in the Oracle AutoVue Electro-Mechanical Professional component in Oracle Supply Chain Products Suite 20.1.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Web General, a different vulnerability than CVE-2013-5871 and CVE-2014-0444.
3197 CVE-2013-5857 2013-10-16 2013-10-30
3.6
None Remote High Single system Partial Partial None
Unspecified vulnerability in the Oracle Health Sciences InForm component in Oracle Industry Applications 4.5 SP3, 4.5 SP3a-k, 4.6 SP0, 4.6 SP0a-c, 4.6 SP1, 4.6 SP1a-c, 4.6 SP2, 4.6 SP2a-c, 5.0 SP0, 5.0 SP0a, 5.0 SP1, and 5.0 SP1a-b allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Web.
3198 CVE-2013-5856 2013-10-16 2013-10-30
3.6
None Remote High Single system Partial Partial None
Unspecified vulnerability in the Oracle Health Sciences InForm component in Oracle Industry Applications 4.5 SP3, 4.5 SP3a-k, 4.6 SP0, 4.6 SP0a-c, 4.6 SP1, 4.6 SP1a-c, 4.6 SP2, 4.6 SP2a-c, 5.0 SP0, 5.0 SP0a, 5.0 SP1, 5.0 SP1a-b, 5.5 SP0, 5.5 SP0b, 5.5.1, and 6.0.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Web.
3199 CVE-2013-5811 2013-10-16 2013-10-17
3.5
None Remote Medium Single system Partial None None
Unspecified vulnerability in the Oracle Health Sciences InForm component in Oracle Industry Applications 4.5 SP3, 4.5 SP3a-k, 4.6 SP0, 4.6 SP0a-c, 4.6 SP1, 4.6 SP1a-c, 4.6 SP2, 4.6 SP2a-c, 5.0 SP0, 5.0 SP0a, 5.0 SP1, and 5.0 SP1a-b allows remote authenticated users to affect confidentiality via unknown vectors related to Web.
3200 CVE-2013-5797 2013-10-16 2018-01-04
3.5
None Remote Medium Single system None Partial None
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and JavaFX 2.2.40 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Javadoc.
Total number of vulnerabilities : 4305   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 (This Page)65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.