===== Cross-Site Scripting (XSS) ===== * SSCHADV2013-001 - Websitebaker Add-on 'Concert Calendar 2.1.4' XSS & SQLi vulnerability * SSCHADV2013-002 - heise.de - Cross-site Scripting vulnerability * SSCHADV2013-004 - WordPress Plugin 'Feedweb 1.8.8' Cross-site Scripting vulnerability * SSCHADV2013-005 - WordPress Plugin 'Types 1.2.1.1' CSRF & Stored Cross-site scripting vulnerability * SSCHADV2013-006 - WordPress Plugin 'AJAX Comment Page 3.25' Cross-site scripting vulnerability * SSCHADV2013-007 - Ligatus Advertising - DOM Based Cross-site Scripting vulnerability * SSCHADV2013-008 - www.netcraft.com - Search Form Cross-site Scripting vulnerability * SSCHADV2013-009 - store.apple.com - DOM based Cross-site Scripting vulnerability * SSCHADV2013-010 - developer.mozilla.org - DOM based Cross-site Scripting vulnerability * SSCHADV2013-011 - pages.ebay.de - DOM based Cross-site Scripting vulnerability * SSCHADV2013-012 - ssl.bing.com - Cross-site Scripting vulnerability ===== Open Redirection ===== * SSCHADV2013-003 - Omniture web analytics (Adobe) - Open Redirection vulnerability