Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2013-4556

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-15 Nov, 2013 | 18:16
Updated At-06 Aug, 2024 | 16:45
Rejected At-
Credits

Cross-site scripting (XSS) vulnerability in the author page (prive/formulaires/editer_auteur.php) in SPIP before 2.1.24 and 3.0.x before 3.0.12 allows remote attackers to inject arbitrary web script or HTML via the url_site parameter.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:15 Nov, 2013 | 18:16
Updated At:06 Aug, 2024 | 16:45
Rejected At:
â–¼CVE Numbering Authority (CNA)

Cross-site scripting (XSS) vulnerability in the author page (prive/formulaires/editer_auteur.php) in SPIP before 2.1.24 and 3.0.x before 3.0.12 allows remote attackers to inject arbitrary web script or HTML via the url_site parameter.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.debian.org/security/2013/dsa-2794
vendor-advisory
x_refsource_DEBIAN
http://core.spip.org/projects/spip/repository/revisions/20880
x_refsource_CONFIRM
http://www.spip.net/fr_article5646.html
x_refsource_CONFIRM
http://www.securitytracker.com/id/1029317
vdb-entry
x_refsource_SECTRACK
http://www.openwall.com/lists/oss-security/2013/11/10/4
mailing-list
x_refsource_MLIST
http://secunia.com/advisories/55551
third-party-advisory
x_refsource_SECUNIA
http://www.spip.net/fr_article5648.html
x_refsource_CONFIRM
http://core.spip.org/projects/spip/repository/revisions/20879
x_refsource_CONFIRM
Hyperlink: https://www.debian.org/security/2013/dsa-2794
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://core.spip.org/projects/spip/repository/revisions/20880
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.spip.net/fr_article5646.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securitytracker.com/id/1029317
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.openwall.com/lists/oss-security/2013/11/10/4
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://secunia.com/advisories/55551
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.spip.net/fr_article5648.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://core.spip.org/projects/spip/repository/revisions/20879
Resource:
x_refsource_CONFIRM
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.debian.org/security/2013/dsa-2794
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://core.spip.org/projects/spip/repository/revisions/20880
x_refsource_CONFIRM
x_transferred
http://www.spip.net/fr_article5646.html
x_refsource_CONFIRM
x_transferred
http://www.securitytracker.com/id/1029317
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.openwall.com/lists/oss-security/2013/11/10/4
mailing-list
x_refsource_MLIST
x_transferred
http://secunia.com/advisories/55551
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.spip.net/fr_article5648.html
x_refsource_CONFIRM
x_transferred
http://core.spip.org/projects/spip/repository/revisions/20879
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.debian.org/security/2013/dsa-2794
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://core.spip.org/projects/spip/repository/revisions/20880
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.spip.net/fr_article5646.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securitytracker.com/id/1029317
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.openwall.com/lists/oss-security/2013/11/10/4
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://secunia.com/advisories/55551
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.spip.net/fr_article5648.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://core.spip.org/projects/spip/repository/revisions/20879
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:18 Nov, 2013 | 02:55
Updated At:11 Apr, 2025 | 00:51

Cross-site scripting (XSS) vulnerability in the author page (prive/formulaires/editer_auteur.php) in SPIP before 2.1.24 and 3.0.x before 3.0.12 allows remote attackers to inject arbitrary web script or HTML via the url_site parameter.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CPE Matches
spip
spip
>>spip>>Versions up to 2.1.23(inclusive)
cpe:2.3:a:spip:spip:*:*:*:*:*:*:*:*
spip
spip
>>spip>>2.0.0
cpe:2.3:a:spip:spip:2.0.0:*:*:*:*:*:*:*
spip
spip
>>spip>>2.0.1
cpe:2.3:a:spip:spip:2.0.1:*:*:*:*:*:*:*
spip
spip
>>spip>>2.0.2
cpe:2.3:a:spip:spip:2.0.2:*:*:*:*:*:*:*
spip
spip
>>spip>>2.0.3
cpe:2.3:a:spip:spip:2.0.3:*:*:*:*:*:*:*
spip
spip
>>spip>>2.0.4
cpe:2.3:a:spip:spip:2.0.4:*:*:*:*:*:*:*
spip
spip
>>spip>>2.0.5
cpe:2.3:a:spip:spip:2.0.5:*:*:*:*:*:*:*
spip
spip
>>spip>>2.0.6
cpe:2.3:a:spip:spip:2.0.6:*:*:*:*:*:*:*
spip
spip
>>spip>>2.0.7
cpe:2.3:a:spip:spip:2.0.7:*:*:*:*:*:*:*
spip
spip
>>spip>>2.0.8
cpe:2.3:a:spip:spip:2.0.8:*:*:*:*:*:*:*
spip
spip
>>spip>>2.0.9
cpe:2.3:a:spip:spip:2.0.9:*:*:*:*:*:*:*
spip
spip
>>spip>>2.0.10
cpe:2.3:a:spip:spip:2.0.10:*:*:*:*:*:*:*
spip
spip
>>spip>>2.0.11
cpe:2.3:a:spip:spip:2.0.11:*:*:*:*:*:*:*
spip
spip
>>spip>>2.0.12
cpe:2.3:a:spip:spip:2.0.12:*:*:*:*:*:*:*
spip
spip
>>spip>>2.0.13
cpe:2.3:a:spip:spip:2.0.13:*:*:*:*:*:*:*
spip
spip
>>spip>>2.0.14
cpe:2.3:a:spip:spip:2.0.14:*:*:*:*:*:*:*
spip
spip
>>spip>>2.0.15
cpe:2.3:a:spip:spip:2.0.15:*:*:*:*:*:*:*
spip
spip
>>spip>>2.0.16
cpe:2.3:a:spip:spip:2.0.16:*:*:*:*:*:*:*
spip
spip
>>spip>>2.0.17
cpe:2.3:a:spip:spip:2.0.17:*:*:*:*:*:*:*
spip
spip
>>spip>>2.0.18
cpe:2.3:a:spip:spip:2.0.18:*:*:*:*:*:*:*
spip
spip
>>spip>>2.0.19
cpe:2.3:a:spip:spip:2.0.19:*:*:*:*:*:*:*
spip
spip
>>spip>>2.0.20
cpe:2.3:a:spip:spip:2.0.20:*:*:*:*:*:*:*
spip
spip
>>spip>>2.0.21
cpe:2.3:a:spip:spip:2.0.21:*:*:*:*:*:*:*
spip
spip
>>spip>>2.0.22
cpe:2.3:a:spip:spip:2.0.22:*:*:*:*:*:*:*
spip
spip
>>spip>>2.1.1
cpe:2.3:a:spip:spip:2.1.1:*:*:*:*:*:*:*
spip
spip
>>spip>>2.1.2
cpe:2.3:a:spip:spip:2.1.2:*:*:*:*:*:*:*
spip
spip
>>spip>>2.1.3
cpe:2.3:a:spip:spip:2.1.3:*:*:*:*:*:*:*
spip
spip
>>spip>>2.1.4
cpe:2.3:a:spip:spip:2.1.4:*:*:*:*:*:*:*
spip
spip
>>spip>>2.1.5
cpe:2.3:a:spip:spip:2.1.5:*:*:*:*:*:*:*
spip
spip
>>spip>>2.1.6
cpe:2.3:a:spip:spip:2.1.6:*:*:*:*:*:*:*
spip
spip
>>spip>>2.1.7
cpe:2.3:a:spip:spip:2.1.7:*:*:*:*:*:*:*
spip
spip
>>spip>>2.1.8
cpe:2.3:a:spip:spip:2.1.8:*:*:*:*:*:*:*
spip
spip
>>spip>>2.1.9
cpe:2.3:a:spip:spip:2.1.9:*:*:*:*:*:*:*
spip
spip
>>spip>>2.1.10
cpe:2.3:a:spip:spip:2.1.10:*:*:*:*:*:*:*
spip
spip
>>spip>>2.1.11
cpe:2.3:a:spip:spip:2.1.11:*:*:*:*:*:*:*
spip
spip
>>spip>>2.1.12
cpe:2.3:a:spip:spip:2.1.12:*:*:*:*:*:*:*
spip
spip
>>spip>>2.1.13
cpe:2.3:a:spip:spip:2.1.13:*:*:*:*:*:*:*
spip
spip
>>spip>>2.1.14
cpe:2.3:a:spip:spip:2.1.14:*:*:*:*:*:*:*
spip
spip
>>spip>>2.1.15
cpe:2.3:a:spip:spip:2.1.15:*:*:*:*:*:*:*
spip
spip
>>spip>>2.1.16
cpe:2.3:a:spip:spip:2.1.16:*:*:*:*:*:*:*
spip
spip
>>spip>>2.1.17
cpe:2.3:a:spip:spip:2.1.17:*:*:*:*:*:*:*
spip
spip
>>spip>>2.1.18
cpe:2.3:a:spip:spip:2.1.18:*:*:*:*:*:*:*
spip
spip
>>spip>>2.1.19
cpe:2.3:a:spip:spip:2.1.19:*:*:*:*:*:*:*
spip
spip
>>spip>>2.1.20
cpe:2.3:a:spip:spip:2.1.20:*:*:*:*:*:*:*
spip
spip
>>spip>>2.1.21
cpe:2.3:a:spip:spip:2.1.21:*:*:*:*:*:*:*
spip
spip
>>spip>>2.1.22
cpe:2.3:a:spip:spip:2.1.22:*:*:*:*:*:*:*
spip
spip
>>spip>>3.0.0
cpe:2.3:a:spip:spip:3.0.0:*:*:*:*:*:*:*
spip
spip
>>spip>>3.0.1
cpe:2.3:a:spip:spip:3.0.1:*:*:*:*:*:*:*
spip
spip
>>spip>>3.0.2
cpe:2.3:a:spip:spip:3.0.2:*:*:*:*:*:*:*
spip
spip
>>spip>>3.0.3
cpe:2.3:a:spip:spip:3.0.3:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-79Primarynvd@nist.gov
CWE ID: CWE-79
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://core.spip.org/projects/spip/repository/revisions/20879secalert@redhat.com
Patch
http://core.spip.org/projects/spip/repository/revisions/20880secalert@redhat.com
N/A
http://secunia.com/advisories/55551secalert@redhat.com
Vendor Advisory
http://www.openwall.com/lists/oss-security/2013/11/10/4secalert@redhat.com
N/A
http://www.securitytracker.com/id/1029317secalert@redhat.com
N/A
http://www.spip.net/fr_article5646.htmlsecalert@redhat.com
N/A
http://www.spip.net/fr_article5648.htmlsecalert@redhat.com
N/A
https://www.debian.org/security/2013/dsa-2794secalert@redhat.com
N/A
http://core.spip.org/projects/spip/repository/revisions/20879af854a3a-2127-422b-91ae-364da2661108
Patch
http://core.spip.org/projects/spip/repository/revisions/20880af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/55551af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.openwall.com/lists/oss-security/2013/11/10/4af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id/1029317af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.spip.net/fr_article5646.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.spip.net/fr_article5648.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
https://www.debian.org/security/2013/dsa-2794af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://core.spip.org/projects/spip/repository/revisions/20879
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: http://core.spip.org/projects/spip/repository/revisions/20880
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/55551
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2013/11/10/4
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1029317
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.spip.net/fr_article5646.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.spip.net/fr_article5648.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://www.debian.org/security/2013/dsa-2794
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://core.spip.org/projects/spip/repository/revisions/20879
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://core.spip.org/projects/spip/repository/revisions/20880
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/55551
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.openwall.com/lists/oss-security/2013/11/10/4
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id/1029317
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.spip.net/fr_article5646.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.spip.net/fr_article5648.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.debian.org/security/2013/dsa-2794
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

12249Records found
CVE-2012-2151
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.56% / 67.66%
||
7 Day CHG~0.00%
Published-14 Aug, 2012 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in SPIP 1.9.x before 1.9.2.o, 2.0.x before 2.0.18, and 2.1.x before 2.1.13 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-spipn/a
Product-spipn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-15736
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.22% / 44.40%
||
7 Day CHG~0.00%
Published-21 Oct, 2017 | 22:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability (stored) in SPIP before 3.1.7 allows remote attackers to inject arbitrary web script or HTML via a crafted string, as demonstrated by a PGP field, related to prive/objets/contenu/auteur.html and ecrire/inc/texte_mini.php.

Action-Not Available
Vendor-spipn/a
Product-spipn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-7981
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-37.00% / 97.05%
||
7 Day CHG~0.00%
Published-18 Jan, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action.

Action-Not Available
Vendor-spipn/a
Product-spipn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-16392
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.65% / 70.20%
||
7 Day CHG-0.21%
Published-17 Sep, 2019 | 20:48
Updated-05 Aug, 2024 | 01:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SPIP before 3.1.11 and 3.2 before 3.2.5 allows prive/formulaires/login.php XSS via error messages.

Action-Not Available
Vendor-spipn/aCanonical Ltd.Debian GNU/Linux
Product-ubuntu_linuxdebian_linuxspipn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-9152
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.25% / 48.21%
||
7 Day CHG~0.00%
Published-05 Dec, 2016 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php in SPIP 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the rac parameter.

Action-Not Available
Vendor-spipn/a
Product-spipn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-9998
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.29% / 52.11%
||
7 Day CHG~0.00%
Published-17 Dec, 2016 | 03:34
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/info_plugin.php involving the `$plugin` parameter, as demonstrated by a /ecrire/?exec=info_plugin URL.

Action-Not Available
Vendor-spipn/a
Product-spipn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-9997
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.29% / 52.11%
||
7 Day CHG~0.00%
Published-17 Dec, 2016 | 03:34
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SPIP 3.1.x suffers from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/puce_statut.php involving the `$id` parameter, as demonstrated by a /ecrire/?exec=puce_statut URL.

Action-Not Available
Vendor-spipn/a
Product-spipn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-7303
Matching Score-10
Assigner-Debian GNU/Linux
ShareView Details
Matching Score-10
Assigner-Debian GNU/Linux
CVSS Score-4.3||MEDIUM
EPSS-0.43% / 61.75%
||
7 Day CHG~0.00%
Published-30 Jan, 2014 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in (1) squelettes-dist/formulaires/inscription.php and (2) prive/forms/editer_auteur.php in SPIP before 2.1.25 and 3.0.x before 3.0.13 allow remote attackers to inject arbitrary web script or HTML via the author name field.

Action-Not Available
Vendor-spipn/a
Product-spipn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-28959
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.01% / 76.67%
||
7 Day CHG~0.00%
Published-19 May, 2022 | 20:26
Updated-03 Aug, 2024 | 06:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in the component /spip.php of Spip Web Framework v3.1.13 and below allows attackers to execute arbitrary web scripts or HTML.

Action-Not Available
Vendor-spipn/a
Product-spipn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-7999
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.4||HIGH
EPSS-0.75% / 72.68%
||
7 Day CHG~0.00%
Published-18 Jan, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action.

Action-Not Available
Vendor-spipn/a
Product-spipn/a
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2006-1295
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.43% / 61.86%
||
7 Day CHG~0.00%
Published-19 Mar, 2006 | 23:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in recherche.php3 in SPIP 1.8.2-g allows remote attackers to inject arbitrary web script or HTML via the recherche parameter.

Action-Not Available
Vendor-spipn/a
Product-spipn/a
CVE-2006-0518
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-8.06% / 91.94%
||
7 Day CHG~0.00%
Published-02 Feb, 2006 | 11:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in index.php3 in SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

Action-Not Available
Vendor-spipn/a
Product-spipn/a
CVE-2021-44120
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.37% / 58.01%
||
7 Day CHG~0.00%
Published-26 Jan, 2022 | 11:26
Updated-04 Aug, 2024 | 04:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability in ecrire/public/interfaces.php, adding the function safehtml to the vulnerable fields. An editor is able to modify his personal information. If the editor has an article written and available, when a user goes to the public site and wants to read the author's information, the malicious code will be executed. The "Who are you" and "Website Name" fields are vulnerable.

Action-Not Available
Vendor-spipn/a
Product-spipn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-44118
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.10% / 28.56%
||
7 Day CHG~0.00%
Published-26 Jan, 2022 | 11:07
Updated-04 Aug, 2024 | 04:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability. To exploit the vulnerability, a visitor must browse to a malicious SVG file. The vulnerability allows an authenticated attacker to inject malicious code running on the client side into web pages visited by other users (stored XSS).

Action-Not Available
Vendor-spipn/a
Product-spipn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-53620
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.8||MEDIUM
EPSS-0.08% / 23.89%
||
7 Day CHG~0.00%
Published-26 Nov, 2024 | 00:00
Updated-03 Jul, 2025 | 00:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A cross-site scripting (XSS) vulnerability in the Article module of SPIP v4.3.3 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Title parameter.

Action-Not Available
Vendor-spipn/aspip
Product-spipn/aspip
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-23659
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.88% / 74.91%
||
7 Day CHG~0.00%
Published-19 Jan, 2024 | 00:00
Updated-02 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SPIP before 4.1.14 and 4.2.x before 4.2.8 allows XSS via the name of an uploaded file. This is related to javascript/bigup.js and javascript/bigup.utils.js.

Action-Not Available
Vendor-spipn/a
Product-spipn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-52322
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.12% / 31.06%
||
7 Day CHG~0.00%
Published-04 Jan, 2024 | 00:00
Updated-03 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ecrire/public/assembler.php in SPIP before 4.1.13 and 4.2.x before 4.2.7 allows XSS because input from _request() is not restricted to safe characters such as alphanumerics.

Action-Not Available
Vendor-spipn/a
Product-spipn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-53900
Matching Score-6
Assigner-VulnCheck
ShareView Details
Matching Score-6
Assigner-VulnCheck
CVSS Score-4.8||MEDIUM
EPSS-0.04% / 10.69%
||
7 Day CHG~0.00%
Published-16 Dec, 2025 | 17:06
Updated-31 Dec, 2025 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Spip 4.1.10 Admin Account Spoofing via Malicious SVG Upload

Spip 4.1.10 contains a file upload vulnerability that allows attackers to upload malicious SVG files with embedded external links. Attackers can trick administrators into clicking a crafted SVG logo that redirects to a potentially dangerous URL through improper file upload filtering.

Action-Not Available
Vendor-spipspip
Product-spipspip
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-4950
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-3.73% / 87.72%
||
7 Day CHG~0.00%
Published-29 Jul, 2013 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in view.php in Machform 2 allows remote attackers to inject arbitrary web script or HTML via the element_2 parameter.

Action-Not Available
Vendor-machformn/a
Product-machformn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-31738
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.34% / 56.57%
||
7 Day CHG~0.00%
Published-08 Jun, 2021 | 10:50
Updated-03 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adiscon LogAnalyzer 4.1.10 and 4.1.11 allow login.php XSS.

Action-Not Available
Vendor-adisconn/a
Product-loganalyzern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-4833
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.62% / 69.66%
||
7 Day CHG~0.00%
Published-16 Oct, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in HP Service Manager 9.30 through 9.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-service_managern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-4845
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.62% / 69.66%
||
7 Day CHG~0.00%
Published-14 Dec, 2013 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability on HP Officejet Pro 8500 (aka A909) All-in-One printers allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aHP Inc.
Product-officejet_pro_8500_firmwareofficejet_pro_8500n/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-11473
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.09% / 77.51%
||
7 Day CHG~0.00%
Published-25 May, 2018 | 19:00
Updated-05 Aug, 2024 | 08:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Monstra CMS 3.0.4 has XSS in the registration Form (i.e., the login parameter to users/registration).

Action-Not Available
Vendor-monstran/a
Product-monstran/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2006-0063
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.41% / 60.74%
||
7 Day CHG~0.00%
Published-05 Jan, 2006 | 19:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in phpBB 2.0.19, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary web script or HTML via a permitted HTML tag with ' (single quote) characters and active attributes such as onmouseover, a variant of CVE-2005-4357.

Action-Not Available
Vendor-phpbb_groupn/a
Product-phpbbn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-5095
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.26% / 49.34%
||
7 Day CHG~0.00%
Published-16 Aug, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the web-based interface in Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka PR 884469.

Action-Not Available
Vendor-n/aJuniper Networks, Inc.
Product-junos_space_virtual_appliancejunos_spacejunos_space_ja1500_appliancen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-11027
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.22% / 44.72%
||
7 Day CHG~0.00%
Published-29 May, 2018 | 20:00
Updated-05 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A reflected XSS vulnerability on Ruckus ICX7450-48 devices allows remote attackers to inject arbitrary web script or HTML.

Action-Not Available
Vendor-ruckussecurityn/a
Product-icx7450-48icx7450-48_firmwaren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-29239
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.11% / 30.06%
||
7 Day CHG~0.00%
Published-02 Dec, 2020 | 16:37
Updated-04 Aug, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Online Birth Certificate System Project V 1.0 is affected by cross-site scripting (XSS). This vulnerability can result in an attacker injecting the XSS payload in the User Registration section. When an admin visits the View Detail of Application section from the admin panel, the attacker can able to steal the cookie according to the crafted payload.

Action-Not Available
Vendor-n/ajanobe
Product-online_voting_systemn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-46387
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-28.49% / 96.41%
||
7 Day CHG~0.00%
Published-01 Mar, 2022 | 14:04
Updated-04 Aug, 2024 | 05:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross Site Scripting (XSS). Insecure URI handling leads to bypass security restriction to achieve Cross Site Scripting, which allows an attacker able to execute arbitrary JavaScript codes to perform multiple attacks such as clipboard hijacking and session hijacking.

Action-Not Available
Vendor-n/aZyxel Networks Corporation
Product-zywall_2_plus_internet_security_appliance_firmwarezywall_2_plus_internet_security_appliancen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-11689
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.56% / 67.62%
||
7 Day CHG~0.00%
Published-14 Jun, 2018 | 20:00
Updated-05 Aug, 2024 | 08:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Web Viewer for Hanwha DVR 2.17 and Smart Viewer in Samsung Web Viewer for Samsung DVR are vulnerable to XSS via the /cgi-bin/webviewer_login_page data3 parameter. (The same Web Viewer codebase was transitioned from Samsung to Hanwha.)

Action-Not Available
Vendor-hanwha-securityn/aSamsung
Product-smartviewerhrd-842hrd-440_firmwarehrd-1642hrd-440hrd-842_firmwaresrd-1694uhrd-841hrd-442hrd-1641_firmwarehrd-841_firmwaresrd-1694u_firmwarehrd-840_firmwarehrd-442_firmwarehrd-1642_firmwarehrd-840hrd-443hrd-443_firmwarehrd-1641n/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-29053
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 46.97%
||
7 Day CHG~0.00%
Published-24 Nov, 2020 | 19:59
Updated-04 Aug, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HRSALE 2.0.0 allows XSS via the admin/project/projects_calendar set_date parameter.

Action-Not Available
Vendor-hrsalen/a
Product-hrsalen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-11532
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.76% / 73.01%
||
7 Day CHG~0.00%
Published-29 May, 2018 | 07:00
Updated-05 Aug, 2024 | 08:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the ChangUonDyU Advanced Statistics plugin 1.0.2 for MyBB. changstats.php has XSS, as demonstrated by a subject field.

Action-Not Available
Vendor-changuondyu_advanced_statistics_projectn/a
Product-changuondyu_advanced_statisticsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-4653
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.52% / 66.13%
||
7 Day CHG~0.00%
Published-20 Aug, 2013 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in the signin functionality of ics in MyTeamwork services in Alcatel-Lucent Omnitouch 8660 My Teamwork before 6.7, Omnitouch 8670 Automated Message Delivery System (AMDS) before 6.7, Omnitouch 8460 Advanced Communication Server before 9.1, and OmniTouch 8400 Instant Communications Suite before 6.7.3 (1) allow remote attackers to inject arbitrary web script or HTML via a crafted URL that results in a reflected XSS or (2) allow user-assisted remote attackers to inject arbitrary web script or HTML via a user's personal bookmark entry that results in a stored XSS via unspecified vectors.

Action-Not Available
Vendor-n/aAlcatel-Lucent Enterprise (ALE International)
Product-omnitouch_8660_my_teamworkomnitouch_8460_advanced_communication_serveromnitouch_8670_automated_delivery_message_delivery_systemomnitouch_8400_instant_communications_suiten/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-16210
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.33% / 55.27%
||
7 Day CHG~0.00%
Published-12 Oct, 2018 | 20:00
Updated-13 Jun, 2025 | 17:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WAGO 750-88X and WAGO 750-89X Ethernet Controller devices, versions 01.09.18(13) and before, have XSS in the SNMP configuration via the webserv/cplcfg/snmp.ssi SNMP_DESC or SNMP_LOC_SNMP_CONT field.

Action-Not Available
Vendor-wagon/a
Product-750-352_firmware750-889750-881_firmware750-363750-823_firmware750-889_firmware750-852750-891_firmware750-890750-862750-880_firmware750-352750-881wago_750-881_ethernet_controller_devices750-832_firmware750-831750-890_firmwarewago_750-881_ethernet_controller_devices_firmware750-862_firmware750-852_firmware750-880750-831_firmware750-832750-362_firmware750-891750-362750-823750-363_firmwaren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-4705
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-4.3||MEDIUM
EPSS-0.25% / 48.45%
||
7 Day CHG~0.00%
Published-13 Sep, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Opera before 15.00 allows remote attackers to inject arbitrary web script or HTML by leveraging UTF-8 encoding.

Action-Not Available
Vendor-n/aOpera
Product-opera_browsern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-4670
Matching Score-4
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-4
Assigner-Symantec - A Division of Broadcom
CVSS Score-4.3||MEDIUM
EPSS-1.01% / 76.74%
||
7 Day CHG~0.00%
Published-31 Jul, 2013 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-web_gateway_appliance_8490web_gateway_appliance_8450web_gatewayn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-4968
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.33% / 55.11%
||
7 Day CHG~0.00%
Published-11 Dec, 2019 | 17:50
Updated-06 Aug, 2024 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Puppet Enterprise before 3.0.1 allows remote attackers to (1) conduct clickjacking attacks via unspecified vectors related to the console, and (2) conduct cross-site scripting (XSS) attacks via unspecified vectors related to "live management."

Action-Not Available
Vendor-n/aPerforce Software, Inc. ("Puppet")
Product-puppet_enterprisen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-15581
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.22% / 44.72%
||
7 Day CHG~0.00%
Published-26 Apr, 2019 | 19:01
Updated-19 Sep, 2024 | 11:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-Site Scripting (XSS) vulnerability in adm/faqmasterformupdate.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML.

Action-Not Available
Vendor-sirn/a
Product-gnuboardn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-11568
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.29% / 51.79%
||
7 Day CHG+0.11%
Published-30 May, 2018 | 22:00
Updated-16 Sep, 2024 | 22:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Reflected XSS is possible in the GamePlan theme through 1.5.13.2 for WordPress because of insufficient input sanitization, as demonstrated by the s parameter. In some (but not all) cases, the '<' and '>' characters have &lt; and &gt; representations.

Action-Not Available
Vendor-cactusthemesn/a
Product-gameplan-event_and_gym_fitnessn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2005-4878
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.33% / 55.39%
||
7 Day CHG~0.00%
Published-18 Feb, 2009 | 20:00
Updated-08 Aug, 2024 | 00:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in (1) acid_qry_main.php in Analysis Console for Intrusion Databases (ACID) 0.9.6b20 and (2) base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.2, and unspecified other console scripts in these products, allow remote attackers to inject arbitrary web script or HTML via the sig[1] parameter and possibly other parameters, a different vulnerability than CVE-2007-6156.

Action-Not Available
Vendor-secureideasacidn/a
Product-analysis_console_for_intrusion_databasesbasic_analysis_and_security_enginen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-15973
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-6.1||MEDIUM
EPSS-1.01% / 76.70%
||
7 Day CHG~0.00%
Published-17 Oct, 2018 | 18:00
Updated-05 Aug, 2024 | 10:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a stored cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure.

Action-Not Available
Vendor-Adobe Inc.
Product-experience_managerAdobe Experience Manager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-4047
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.24% / 46.20%
||
7 Day CHG~0.00%
Published-16 Sep, 2013 | 16:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in IBM SPSS Analytical Decision Management 6.1 before IF1, 6.2 before IF1, and 7.0 before FP1 IF6 allows remote attackers to inject arbitrary web script or HTML via a crafted link.

Action-Not Available
Vendor-n/aIBM Corporation
Product-spss_analytical_decision_managementn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2005-4877
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 44.99%
||
7 Day CHG~0.00%
Published-14 Aug, 2008 | 22:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the login form (login.jsp) of the admin console in Openfire (formerly Wildfire) 2.3.0 Beta 2 allows remote attackers to inject arbitrary web script or HTML via Javascript events in the username parameter, a different vulnerability than CVE-2005-4876.

Action-Not Available
Vendor-ignite_realtimen/a
Product-openfiren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-4703
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-4.3||MEDIUM
EPSS-0.30% / 52.60%
||
7 Day CHG~0.00%
Published-10 Sep, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the top-page customization feature in Cybozu Office before 9.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aCybozu, Inc.
Product-officen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-11562
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 46.97%
||
7 Day CHG~0.00%
Published-30 May, 2018 | 20:00
Updated-16 Sep, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in MISP 2.4.91. A vulnerability in app/View/Elements/eventattribute.ctp allows reflected XSS if a user clicks on a malicious link for an event view and then clicks on the deleted attributes quick filter.

Action-Not Available
Vendor-mispn/a
Product-mispn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-4174
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.55% / 67.29%
||
7 Day CHG~0.00%
Published-19 Aug, 2013 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in the Scald module 7.x-1.x before 7.x-1.1 for Drupal allow remote attackers to inject arbitrary web script or HTML via the (1) flash_uri, (2) flash_width, or (3) flash_height in the scald_flash_scald_prerender function in providers/scald_flash/scald_flash.module; or the (4) caption in the scald_image_scald_prerender function in providers/scald_image/scald_image.module.

Action-Not Available
Vendor-owsn/aThe Drupal Association
Product-drupalscaldn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-16406
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.27% / 50.26%
||
7 Day CHG~0.00%
Published-03 Sep, 2018 | 19:00
Updated-05 Aug, 2024 | 10:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Mayan EDMS before 3.0.2. The Cabinets app has XSS via a crafted cabinet label.

Action-Not Available
Vendor-mayan-edmsn/a
Product-mayan_edmsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-16254
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.33% / 55.27%
||
7 Day CHG~0.00%
Published-12 Apr, 2019 | 17:57
Updated-05 Aug, 2024 | 11:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via action=options. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator

Action-Not Available
Vendor-n/aSoflyy
Product-wp_all_importn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-3990
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.27% / 49.80%
||
7 Day CHG~0.00%
Published-09 Aug, 2013 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the MIME e-mail functionality in iNotes in IBM Domino 9.0 before IF3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN98FLQ2.

Action-Not Available
Vendor-n/aIBM Corporation
Product-lotus_dominon/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-4940
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.34% / 56.55%
||
7 Day CHG~0.00%
Published-26 Jul, 2013 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression.

Action-Not Available
Vendor-n/aMoodle Pty LtdYahoo Inc.
Product-yuimoodlen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-46781
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.1||MEDIUM
EPSS-0.21% / 43.32%
||
7 Day CHG~0.00%
Published-25 Apr, 2022 | 15:50
Updated-04 Aug, 2024 | 05:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Coming Soon by Supsystic < 1.7.6 - Reflected Cross-Site Scripting

The Coming Soon by Supsystic WordPress plugin before 1.7.6 does not sanitise and escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting

Action-Not Available
Vendor-subsysticUnknown
Product-coming_soonComing Soon by Supsystic
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 244
  • 245
  • Next
Details not found