CVE List by Type: XSS (Filtered by Published Year)

Explore CVEs related to XSS vulnerabilities, filtered by published year. This list is sorted by most recent disclosures first and supports filtering by CVSS and EPSS risk scores.

Includes the most recent vulnerability disclosures and trends, helping security teams quickly identify high-risk issues and exploitation likelihood.

You're viewing XSS CVEs published in 2013. View full CVE list

EPSS Score
≥ 1% ≥ 5% ≥ 10% ≥ 30% ≥ 50%
CVSS score
≥ 6 ≥ 7 ≥ 8 ≥ 9
More
Showing 120 of 617 results
«« First « Prev Page 1 / 31 Next »
CVE Description Max CVSS EPSS % Published Updated
CVE-2013-3572 Cross-site scripting (XSS) vulnerability in the administer interface in the UniFi Controller in Ubiquiti Networks UniFi 2.3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted client hostname. 6.1 1.65% 2013-12-31 2026-06-16
CVE-2013-6459 Cross-site scripting (XSS) vulnerability in the will_paginate gem before 3.0.5 for Ruby allows remote attackers to inject arbitrary web script or HTML via vectors involving generated pagination links. 4.3 2.21% 2013-12-31 2026-06-16
CVE-2013-5573 Cross-site scripting (XSS) vulnerability in the default markup formatter in Jenkins 1.523 allows remote attackers to inject arbitrary web script or HTML via the Description field in the user configuration. 4.3 5.41% 2013-12-31 2026-06-16
CVE-2013-7241 Cross-site scripting (XSS) vulnerability in the export function in zp-core/zp-extensions/mergedRSS.php in Zenphoto before 1.4.5.4 allows remote attackers to inject arbitrary web script or HTML via the URI. 4.3 2.04% 2013-12-31 2026-06-16
CVE-2013-7231 Cross-site scripting (XSS) vulnerability in the Mobile Content Server in ESRI ArcGIS for Server 10.1 and 10.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-5222. 3.5 1.08% 2013-12-29 2026-06-16
CVE-2013-5222 Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Server 10.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. 3.5 1.08% 2013-12-29 2026-06-16
CVE-2013-5218 Cross-site scripting (XSS) vulnerability on the HOT HOTBOX router with software 2.1.11 allows remote attackers to inject arbitrary web script or HTML via a crafted DHCP Host Name option, which is not properly handled during rendering of the DHCP table in wlanAccess.asp. 2.9 3.76% 2013-12-29 2026-06-16
CVE-2013-5210 Cross-site scripting (XSS) vulnerability in the GUI login page in ADTRAN AOS before R10.8.1 on the NetVanta 7100 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 4.3 1.40% 2013-12-29 2026-06-16
CVE-2013-6198 Cross-site scripting (XSS) vulnerability in HP Service Manager WebTier and Windows Client 9.20 and 9.21 before 9.21.661 p8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. 4.3 2.64% 2013-12-28 2026-06-16
CVE-2013-5583 Cross-site scripting (XSS) vulnerability in libraries/idna_convert/example.php in Joomla! 3.1.5 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. 4.3 1.48% 2013-12-28 2026-06-16
CVE-2013-2504 Cross-site scripting (XSS) vulnerability in SPS/Portal/default.aspx in Service Desk in Matrix42 Service Store 5.3 SP3 (aka 5.33.946.0) allows remote attackers to inject arbitrary web script or HTML via the query string. 4.3 3.04% 2013-12-28 2026-06-16
CVE-2013-6808 Cross-site scripting (XSS) vulnerability in lib/NSSDropoff.php in ZendTo before 4.11-13 allows remote attackers to inject arbitrary web script or HTML via a modified emailAddr field to pickup.php. 4.3 1.46% 2013-12-27 2026-06-16
CVE-2013-1096 Cross-site scripting (XSS) vulnerability in the Roles Based Provisioning Module 4.0.2 before Field Patch D for Novell Identity Manager (aka IDM) allows remote attackers to inject arbitrary web script or HTML via a taskDetail taskId. 4.3 2.00% 2013-12-27 2026-06-16
CVE-2013-6388 Cross-site scripting (XSS) vulnerability in the Color module in Drupal 7.x before 7.24 allows remote attackers to inject arbitrary web script or HTML via vectors related to CSS. 4.3 1.83% 2013-12-24 2026-06-16
CVE-2013-6387 Cross-site scripting (XSS) vulnerability in the Image module in Drupal 7.x before 7.24 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the description field. 2.1 1.44% 2013-12-24 2026-06-16
CVE-2013-4424 Multiple cross-site scripting (XSS) vulnerabilities in the GateIn Portal component in Red Hat JBoss Portal 6.1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. 4.3 0.98% 2013-12-23 2026-06-16
CVE-2013-4414 Cross-site scripting (XSS) vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to inject arbitrary web script or HTML via the "Max allowance" field in the "Set limit" form. 4.3 1.80% 2013-12-23 2026-06-16
CVE-2013-6745 Cross-site scripting (XSS) vulnerability in the IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote authenticated users to inject arbitrary web script or HTML via crafted input to an unspecified dynamic web form. 3.5 0.95% 2013-12-22 2026-06-16
CVE-2013-6328 Cross-site scripting (XSS) vulnerability in the Web Content Manager (WCM) UI in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x before 8.0.0.1 CF09 allows remote attackers to inject arbitrary web script or HTML via vectors involving IFRAME elements. 4.3 1.16% 2013-12-22 2026-06-16
CVE-2013-5421 Cross-site scripting (XSS) vulnerability in the IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote attackers to inject arbitrary web script or HTML via crafted input to an unspecified dynamic web form. 4.3 0.93% 2013-12-22 2026-06-16
«« First « Prev Page 1 / 31 Next »
cvelogic Threat Intelligence