Latest CVE Feed
-
4.3
MEDIUMCVE-2013-3376
Open redirect vulnerability in the help page in Cisco Video Surveillance Operations Manager allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka Bug ID CSCty74490.... Read more
Affected Products : video_surveillance_operations_manager- Published: Jun. 14, 2013
- Modified: Apr. 11, 2025
-
4.3
MEDIUMCVE-2013-3375
Cross-site scripting (XSS) vulnerability in the portal page in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCue23798.... Read more
- Published: Jun. 14, 2013
- Modified: Apr. 11, 2025
-
4.3
MEDIUMCVE-2013-6733
Cross-site scripting (XSS) vulnerability in the Web Application in the Classic Meeting Server in IBM Sametime 7.5.1.2 through 8.5.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more
- Published: Dec. 17, 2013
- Modified: Apr. 11, 2025
-
4.3
MEDIUMCVE-2013-4298
The ReadGIFImage function in coders/gif.c in ImageMagick before 6.7.8-8 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted comment in a GIF image.... Read more
Affected Products : imagemagick- Published: Sep. 10, 2013
- Modified: Apr. 11, 2025
-
4.3
MEDIUMCVE-2013-1950
The svc_dg_getargs function in libtirpc 0.2.3 and earlier allows remote attackers to cause a denial of service (rpcbind crash) via a Sun RPC request with crafted arguments that trigger a free of an invalid pointer.... Read more
- Published: Jul. 09, 2013
- Modified: Apr. 11, 2025
-
4.3
MEDIUMCVE-2020-25685
A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash... Read more
- Published: Jan. 20, 2021
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2013-4231
Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) extension block in a GIF image or (2) GIF raster image to tools/gif2tiff.c or (3) a long filename for a TIFF imag... Read more
Affected Products : libtiff- Published: Jan. 19, 2014
- Modified: Apr. 11, 2025
-
4.3
MEDIUMCVE-2024-26196
Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability... Read more
- Published: Mar. 21, 2024
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2014-2104
Multiple cross-site scripting (XSS) vulnerabilities in the Business Voice Services Manager (BVSM) page in Cisco Unified Communications Domain Manager 9.0(.1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug... Read more
Affected Products : unified_communications_domain_manager- Published: Mar. 02, 2014
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2011-1524
Cross-site scripting (XSS) vulnerability in the management login GUI page in Symantec LiveUpdate Administrator (LUA) before 2.3 allows remote attackers to inject arbitrary web script or HTML via the username field, as demonstrated by injecting an IFRAME e... Read more
Affected Products : liveupdate_administrator- Published: Mar. 28, 2011
- Modified: Apr. 11, 2025
-
4.3
MEDIUMCVE-2022-36891
A missing permission check in Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier allows attackers with Item/Read permission but without Deploy Now/Deploy permission to read deployment logs.... Read more
Affected Products : deployer_framework- Published: Jul. 27, 2022
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2008-0415
Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and SeaMonkey before 1.1.8 allows remote attackers to execute script outside of the sandbox and conduct cross-site scripting (XSS) attacks via multiple vectors including the XMLDocument.load fu... Read more
- Published: Feb. 08, 2008
- Modified: Apr. 09, 2025
-
4.3
MEDIUM- Published: Feb. 23, 2024
- Modified: Nov. 29, 2024
-
4.3
MEDIUMCVE-2013-1967
Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in MediaElement.js before 2.11.2, as used in ownCloud Server 5.0.x before 5.0.5 and 4.5.x before 4.5.10, allows remote attackers to inject arbitrary web script or HTML via the file paramete... Read more
- Published: Feb. 05, 2014
- Modified: Apr. 11, 2025
-
4.3
MEDIUMCVE-2013-1946
The RESTful Web Services (RESTWS) module 7.x-1.x before 7.x-1.3 and 7.x-2.x before 7.x-2.0-alpha5 for Drupal, when page caching is enabled and anonymous users are assigned RESTWS permissions, allows remote attackers to cause a denial of service via a GET ... Read more
- Published: Apr. 06, 2014
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2013-6858
Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to (1) "Volumes" or (2) "Network Topology" page.... Read more
- Published: Nov. 23, 2013
- Modified: Apr. 11, 2025
-
4.3
MEDIUMCVE-2013-4228
The OG access fields (visibility fields) implementation in Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to private groups, which allows remote authenticated users to guess node IDs, subscribe to, and read ... Read more
Affected Products : organic_groups- Published: Feb. 18, 2020
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2013-3371
Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 3.8.3 through 3.8.16 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary web script or HTML via the filename of an attachment.... Read more
- Published: Aug. 23, 2013
- Modified: Apr. 11, 2025
-
4.3
MEDIUMCVE-2013-3372
Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject multiple Content-Disposition HTTP headers and possibly conduct cross-site scripting (XSS) attacks via unspecified vectors.... Read more
- Published: Aug. 23, 2013
- Modified: Apr. 11, 2025
-
4.3
MEDIUMCVE-2013-6786
Cross-site scripting (XSS) vulnerability in Allegro RomPager before 4.51, as used on the ZyXEL P660HW-D1, Huawei MT882, Sitecom WL-174, TP-LINK TD-8816, and D-Link DSL-2640R and DSL-2641R, when the "forbidden author header" protection mechanism is bypasse... Read more
- Published: Jan. 16, 2014
- Modified: Apr. 11, 2025