Skip to main content
CVE-2013-2248 MEDIUM POC PATCH THREAT This Month

Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through 2.3.15 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a parameter. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 92.0%.

Apache Open Redirect Struts
NVD Exploit-DB
CVSS 2.0
5.8
EPSS
92.0%
Threat
5.4
CVE-2013-4871 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in the TEQneers SEO Enhancements (tq_seo) extension before 5.0.1 for TYPO3 allows remote attackers to hijack the authentication of unspecified victims. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Tq Seo
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2013-2070 MEDIUM PATCH This Month

http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and 1.3.0 through 1.4.0, when proxy_pass is used with untrusted HTTP servers, allows remote attackers to cause a denial of service. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable.

Denial Of Service Nginx Debian Linux
NVD
CVSS 2.0
5.8
EPSS
4.6%
CVE-2013-3656 MEDIUM This Month

Cybozu Office 9.1.0 and earlier does not properly manage sessions, which allows remote attackers to bypass authentication by leveraging knowledge of a login URL. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft Authentication Bypass Cybozu Office
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2013-1879 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ActiveMQ 5.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving the "cron of a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Apache XSS Activemq
NVD
CVSS 2.0
4.3
EPSS
5.5%
CVE-2013-1955 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php and (2) datePicker.php in Easy PHP Calendar 6.x and 7.x before 7.0.13 allow remote attackers to inject arbitrary web script or. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

PHP XSS Easy Php Calendar
NVD
CVSS 2.0
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy