Skip to main content
CVE-2013-2576 MEDIUM POC THREAT This Month

Buffer overflow in Artweaver before 3.1.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted AWD file. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 44.8%.

Buffer Overflow Denial Of Service RCE Artweaver
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
44.8%
Threat
4.2
CVE-2013-3253 MEDIUM POC This Month

Cross-site request forgery (CSRF) vulnerability in admin/setting.php in the Xhanch - My Twitter plugin before 2.7.7 for WordPress allows remote attackers to hijack the authentication of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

CSRF PHP WordPress My Twitter
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2013-4759 MEDIUM POC THREAT This Month

Multiple cross-site scripting (XSS) vulnerabilities in the Magnolia Form module 1.x before 1.4.7 and 2.x before 2.0.2 for Magnolia CMS allow remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 10.3%.

XSS Magnolia Form Module
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
10.3%
CVE-2013-4625 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in files/installer.cleanup.php in the Duplicator plugin before 0.4.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress PHP XSS Duplicator
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
6.2%
CVE-2013-4620 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in interface/main/onotes/office_comments_full.php in OpenEMR 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the note parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

PHP XSS Openemr
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
1.4%
CVE-2013-3262 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in admin/admin.php in the Download Monitor plugin before 3.3.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the p. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress PHP XSS Download Monitor
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-4600 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Alkacon OpenCms before 8.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) title parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

XSS Opencms
NVD GitHub
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-2796 MEDIUM PATCH This Month

Schneider Electric Vijeo Citect 7.20 and earlier, CitectSCADA 7.20 and earlier, and PowerLogic SCADA 7.20 and earlier allow remote attackers to read arbitrary files, send HTTP requests to intranet. Rated medium severity (CVSS 6.9).

Privilege Escalation Denial Of Service Schneider Electric XXE Citectscada +2
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2013-4619 MEDIUM PATCH This Month

Multiple SQL injection vulnerabilities in OpenEMR 4.1.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) start or (2) end parameter to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

PHP SQLi Openemr
NVD
CVSS 2.0
6.5
EPSS
0.0%
CVE-2013-0494 MEDIUM This Month

IBM Sterling B2B Integrator 5.0 and 5.1 allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted HTTP (1) Range or (2) Request-Range header. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service IBM Sterling B2b Integrator
NVD
CVSS 2.0
5.0
EPSS
1.8%
CVE-2013-2798 MEDIUM This Month

Schweitzer Engineering Laboratories (SEL) SEL-2241, SEL-3505, and SEL-3530 RTAC master devices allow physically proximate attackers to cause a denial of service (infinite loop) via crafted input over. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Sel 2241 Sel 3505 Sel 3530 Sel 3530 4
NVD
CVSS 2.0
4.7
EPSS
0.1%
CVE-2013-5100 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Static Methods since 2007 (div2007) extension before 0.10.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

XSS Static Methods
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-2117 MEDIUM This Month

Directory traversal vulnerability in the cgit_parse_readme function in ui-summary.c in cgit before 0.9.2, when a readme file is set to a filesystem path, allows remote attackers to read arbitrary. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal Cgit
NVD
CVSS 2.0
4.3
EPSS
0.5%
CVE-2013-5098 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in admin/admin.php in the Download Monitor plugin before 3.3.6.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the sort. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

WordPress PHP XSS Download Monitor
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-3990 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the MIME e-mail functionality in iNotes in IBM Domino 9.0 before IF3 allows remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

IBM XSS Lotus Domino
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-3032 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the MIME e-mail functionality in iNotes in IBM Domino 9.0 before IF3 allows remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

IBM XSS Lotus Domino
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2012-6458 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in the SilverStripe e-commerce module 3.0 for SilverStripe CMS allow remote attackers to inject arbitrary web script or HTML via the (1) FirstName,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

PHP XSS Silverstripe
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-4037 MEDIUM This Month

The RAKP protocol support in the Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) and Integrated Management Module II (IMM2) on IBM BladeCenter,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure IBM Bladecenter Flex System X220 Compute Node Flex System X240 Compute Node +27
NVD
CVSS 2.0
4.3
EPSS
0.2%
CVE-2013-4038 MEDIUM This Month

The Intelligent Platform Management Interface (IPMI) implementation in Integrated Management Module (IMM) on IBM BladeCenter, Flex System, System x iDataPlex, and System x3### servers uses cleartext. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Bladecenter Flex System X220 Compute Node Flex System X240 Compute Node +27
NVD
CVSS 2.0
4.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy