Every CVE whose affected-product data names Jahia Jahia Xcm, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2013-4617 — CVSS 5.0 (medium): Jahia xCM before 6.6.2 does not include the HTTPOnly flag in a Set-Cookie header for the JSESSIONID cookie, which makes it easier for…
CVE-2013-4624 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Jahia xCM 6.6.1.0 before hotfix 7 allow remote attackers to inject arbitrary web…
CVE-2013-3920 — CVSS 3.5 (low): Cross-site scripting (XSS) vulnerability in Jahia xCM before 6.6.2 allows remote authenticated users to inject arbitrary web script or HTML…