Vulnerabilities > Microsoft > Internet Explorer > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-12-05 | CVE-2013-6906 | Cross-Site Scripting vulnerability in Cybozu Garoon Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon before 3.7.0, when Internet Explorer 6 through 8 is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2013-11-13 | CVE-2013-3909 | Information Exposure vulnerability in Microsoft Internet Explorer 6/7/8 Microsoft Internet Explorer 6 through 8 allows remote attackers to read content from a different (1) domain or (2) zone via crafted characters in Cascading Style Sheets (CSS) token sequences, aka "Internet Explorer Information Disclosure Vulnerability." | 4.3 |
| 2013-11-13 | CVE-2013-3908 | Information Exposure vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 6 through 10 allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information from any visited document via a crafted web page that is not properly handled during a print-preview action, aka "Internet Explorer Information Disclosure Vulnerability." | 4.3 |
| 2013-08-14 | CVE-2013-3192 | Cross-Site Scripting vulnerability in Microsoft Internet Explorer Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to inject arbitrary web script or HTML via crafted character sequences with EUC-JP encoding, aka "EUC-JP Character Encoding Vulnerability." | 4.3 |
| 2013-07-26 | CVE-2013-4015 | Permissions, Privileges, and Access Controls vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 6 through 10 allows local users to bypass the elevation policy check in the (1) Protected Mode or (2) Enhanced Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code. | 6.9 |
| 2013-07-10 | CVE-2013-3166 | Cross-Site Scripting vulnerability in Microsoft Internet Explorer Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to inject arbitrary web script or HTML via vectors involving incorrect auto-selection of the Shift JIS encoding, leading to cross-domain scrolling events, aka "Shift JIS Character Encoding Vulnerability," a different vulnerability than CVE-2013-0015. | 4.3 |
| 2013-06-28 | CVE-2013-3649 | Cross-Site Scripting vulnerability in Kent-Web Clip-Mail 3.3 Cross-site scripting (XSS) vulnerability in KENT-WEB CLIP-MAIL before 3.4, when Internet Explorer 7 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an unspecified form field. | 4.3 |
| 2013-06-28 | CVE-2013-3648 | Cross-Site Scripting vulnerability in Kent-Web Post-Mail 6.62 Cross-site scripting (XSS) vulnerability in KENT-WEB POST-MAIL before 6.7, when Internet Explorer 7 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an unspecified form field. | 4.3 |
| 2013-05-15 | CVE-2013-1297 | Information Exposure vulnerability in Microsoft Internet Explorer 6/7/8 Microsoft Internet Explorer 6 through 8 does not properly restrict data access by VBScript, which allows remote attackers to perform cross-domain reading of JSON files via a crafted web site, aka "JSON Array Information Disclosure Vulnerability." | 4.3 |
| 2013-04-17 | CVE-2013-2408 | Remote Security vulnerability in Oracle Peoplesoft products 8.51/8.52/8.53 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect integrity via vectors related to PIA Core Technology and use of Internet Explorer 6. | 4.3 |