|
287601
|
- |
|
steven_jones
|
context
|
The json rendering functionality in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal uses Drupal's token scheme to restrict access to blocks, which makes it easier for …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4445
|
2024-11-21 10:55 |
2013-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287602
|
- |
|
apache
|
roller
|
Certain getText methods in the ActionSupport controller in Apache Roller before 5.0.2 allow remote attackers to execute arbitrary OGNL expressions via the first or second parameter, as demonstrated b…
|
CWE-94
Code Injection
|
CVE-2013-4212
|
2024-11-21 10:55 |
2013-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287603
|
- |
|
apache
|
roller
|
Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to the search results in the (1) RS…
|
CWE-79
Cross-site Scripting
|
CVE-2013-4171
|
2024-11-21 10:55 |
2013-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287604
|
- |
|
i18n_project
|
i18n
|
Cross-site scripting (XSS) vulnerability in exceptions.rb in the i18n gem before 0.6.6 for Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted I18n::MissingTranslationDa…
|
CWE-79
Cross-site Scripting
|
CVE-2013-4492
|
2024-11-21 10:55 |
2013-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287605
|
- |
|
rubyonrails
|
rails
ruby_on_rails
|
Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/translation_helper.rb in the internationalization component in Ruby on Rails 3.x before 3.2.16 and 4.x before 4.0.2 allo…
|
CWE-79
Cross-site Scripting
|
CVE-2013-4491
|
2024-11-21 10:55 |
2013-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287606
|
- |
|
jahia
|
jahia_xcm
|
Multiple cross-site scripting (XSS) vulnerabilities in Jahia xCM 6.6.1.0 before hotfix 7 allow remote attackers to inject arbitrary web script or HTML via (1) the site parameter to engines/manager.js…
|
CWE-79
Cross-site Scripting
|
CVE-2013-4624
|
2024-11-21 10:55 |
2013-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287607
|
- |
|
jahia
|
jahia_xcm
|
Jahia xCM before 6.6.2 does not include the HTTPOnly flag in a Set-Cookie header for the JSESSIONID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via …
|
CWE-200
Information Exposure
|
CVE-2013-4617
|
2024-11-21 10:55 |
2013-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287608
|
- |
|
moodle
|
moodle
|
Cross-site scripting (XSS) vulnerability in mod/quiz/report/responses/responses_table.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authe…
|
CWE-79
Cross-site Scripting
|
CVE-2013-4525
|
2024-11-21 10:55 |
2013-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287609
|
- |
|
moodle
|
moodle
|
Directory traversal vulnerability in repository/filesystem/lib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to read …
|
CWE-22
Path Traversal
|
CVE-2013-4524
|
2024-11-21 10:55 |
2013-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287610
|
- |
|
moodle
|
moodle
|
Cross-site scripting (XSS) vulnerability in message/lib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to inject arbit…
|
CWE-79
Cross-site Scripting
|
CVE-2013-4523
|
2024-11-21 10:55 |
2013-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
