Search
Total
13741 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-2997 | 1 Ibm | 1 Connections | 2016-11-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2995, CVE-2016-3005, and CVE-2016-3010. | |||||
| CVE-2016-2995 | 1 Ibm | 1 Connections | 2016-11-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2997, CVE-2016-3005, and CVE-2016-3010. | |||||
| CVE-2016-2883 | 1 Ibm | 1 Tririga Application Platform | 2016-11-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0387. | |||||
| CVE-2016-2912 | 1 Ibm | 1 Rational Publishing Engine | 2016-11-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Document Builder in IBM Rational Publishing Engine (aka RPENG) 2.0.1 before ifix002 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2016-3010 | 1 Ibm | 1 Connections | 2016-11-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2995, CVE-2016-2997, and CVE-2016-3005. | |||||
| CVE-2016-3008 | 1 Ibm | 1 Connections | 2016-11-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2954 and CVE-2016-2956. | |||||
| CVE-2016-3005 | 1 Ibm | 1 Connections | 2016-11-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2995, CVE-2016-2997, and CVE-2016-3010. | |||||
| CVE-2016-2954 | 1 Ibm | 1 Connections | 2016-11-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2956 and CVE-2016-3008. | |||||
| CVE-2016-2956 | 1 Ibm | 1 Connections | 2016-11-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2954 and CVE-2016-3008. | |||||
| CVE-2016-3006 | 1 Ibm | 1 Connections | 2016-11-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerability than CVE-2016-3001 and CVE-2016-3003. | |||||
| CVE-2016-2986 | 1 Ibm | 5 Rational Doors Next Generation, Rational Engineering Lifecycle Manager, Rational Quality Manager and 2 more | 2016-11-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 6.x before 6.0.1 iFix6, Rational Quality Manager 6.x before 6.0.1 iFix6, Rational Team Concert 6.x before 6.0.1 iFix6, Rational DOORS Next Generation 6.x before 6.0.1 iFix6, Rational Engineering Lifecycle Manager 6.x before 6.0.1 iFix6, and Rational Rhapsody Design Manager 6.x before 6.0.1 iFix6 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-2162 | 1 Apache | 1 Struts | 2016-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Apache Struts 2.x before 2.3.25 does not sanitize text in the Locale object constructed by I18NInterceptor, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors involving language display. | |||||
| CVE-2016-1598 | 1 Novell | 2 Identity Manager, Identity Manager Identity Applications | 2016-11-28 | 3.5 LOW | 5.4 MEDIUM |
| XSS in NetIQ IDM 4.5 Identity Applications before 4.5.4 allows attackers able to change their username to inject arbitrary HTML code into the Role Assignment administrator HTML pages. | |||||
| CVE-2016-1205 | 1 Shiro8 | 2 Category Freearea Addition, Itemdetail Freearea Addition | 2016-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the shiro8 (1) category_freearea_ addition_plugin plugin 1.0 and (2) itemdetail_freearea_ addition_plugin plugin 1.0 for EC-CUBE allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-1000148 | 1 S3-video Project | 1 S3-video | 2016-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in wordpress plugin s3-video v0.983 | |||||
| CVE-2016-1000140 | 1 New-year-firework Project | 1 New-year-firework | 2016-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in wordpress plugin new-year-firework v1.1.9 | |||||
| CVE-2016-1000141 | 1 Page-layout-builder Project | 1 Page-layout-builder | 2016-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in wordpress plugin page-layout-builder v1.9.3 | |||||
| CVE-2016-1000143 | 1 Photoxhibit Project | 1 Photoxhibit | 2016-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in wordpress plugin photoxhibit v2.1.8 | |||||
| CVE-2016-1000146 | 1 Pondol-formmail Project | 1 Pondol-formmail | 2016-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in wordpress plugin pondol-formmail v1.1 | |||||
| CVE-2016-1000149 | 1 Simpel-reserveren Project | 1 Simpel-reserveren | 2016-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in wordpress plugin simpel-reserveren v3.5.2 | |||||
| CVE-2016-1000154 | 1 Browserweb | 1 Whizz | 2016-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in wordpress plugin whizz v1.0.7 | |||||
| CVE-2016-1000126 | 1 Admin-font-editor Project | 1 Admin-font-editor | 2016-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in wordpress plugin admin-font-editor v1.8 | |||||
| CVE-2016-1000127 | 1 Ajax-random-post Project | 1 Ajax-random-post | 2016-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in wordpress plugin ajax-random-post v2.00 | |||||
| CVE-2016-1000129 | 1 Defa-online-image-protector Project | 1 Defa-online-image-protector | 2016-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in wordpress plugin defa-online-image-protector v3.3 | |||||
| CVE-2016-1000133 | 1 Designsandcode | 1 Forget-about-shorcode-buttons | 2016-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in wordpress plugin forget-about-shortcode-buttons v1.1.1 | |||||
| CVE-2016-1000121 | 1 Huge-it | 1 Slider | 2016-11-28 | 3.5 LOW | 4.8 MEDIUM |
| XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension | |||||
| CVE-2016-1000136 | 1 Heat-trakr Project | 1 Heat-trackr | 2016-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in wordpress plugin heat-trackr v1.0 | |||||
| CVE-2016-1000138 | 1 Indexisto Project | 1 Indexisto | 2016-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in wordpress plugin indexisto v1.0.5 | |||||
| CVE-2016-0387 | 1 Ibm | 1 Tririga Application Platform | 2016-11-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-2883. | |||||
| CVE-2016-0246 | 1 Ibm | 1 Security Guardium | 2016-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM Security Guardium 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2016-0293 | 1 Ibm | 1 Bigfix Platform | 2016-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.1.8 and 9.2.x before 9.2.8 allows remote attackers to inject arbitrary web script or HTML via a modified .beswrpt file. | |||||
| CVE-2016-0269 | 1 Ibm | 1 Bigfix Platform | 2016-11-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM BigFix Platform 9.x before 9.1.8 and 9.2.x before 9.2.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2015-8834 | 1 Wordpress | 1 Wordpress | 2016-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3440. | |||||
| CVE-2015-7676 | 1 Ipswitch | 1 Moveit Dmz | 2016-11-28 | 3.5 LOW | 5.4 MEDIUM |
| Ipswitch MOVEit File Transfer (formerly DMZ) 8.1 and earlier, when configured to support file view on download, allows remote authenticated users to conduct cross-site scripting (XSS) attacks by uploading HTML files. | |||||
| CVE-2015-5720 | 1 Misp-project | 1 Malware Information Sharing Platform | 2016-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the template-creation feature in Malware Information Sharing Platform (MISP) before 2.3.90 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) add.ctp, (2) edit.ctp, and (3) ajaxification.js. | |||||
| CVE-2016-7571 | 1 Drupal | 1 Drupal | 2016-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Drupal 8.x before 8.1.10 allows remote attackers to inject arbitrary web script or HTML via vectors involving an HTTP exception. | |||||
| CVE-2016-5398 | 1 Redhat | 1 Jboss Bpm Suite | 2016-10-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Business Process Editor in Red Hat JBoss BPM Suite before 6.3.3 allows remote authenticated users to inject arbitrary web script or HTML by levering permission to create business processes. | |||||
| CVE-2016-0927 | 1 Pivotal Software | 1 Cloud Foundry Elastic Runtime | 2016-09-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-6913 | 1 Alienvault | 2 Open Source Security Information And Event Management, Unified Security Management | 2016-09-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in AlienVault OSSIM before 5.3 and USM before 5.3 allows remote attackers to inject arbitrary web script or HTML via the back parameter to ossim/conf/reload.php. | |||||
| CVE-2016-5974 | 1 Ibm | 1 Security Privileged Identity Manager Virtual Appliance | 2016-09-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Web UI in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string. | |||||
| CVE-2016-6840 | 1 Huawei | 1 Oceanstor Ism | 2016-09-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the management interface in Huawei OceanStor ISM before V200R001C04SPC200 allows remote attackers to inject arbitrary web script or HTML via the loginName parameter to cgi-bin/doLogin_CgiEntry and possibly other unspecified vectors. | |||||
| CVE-2016-5395 | 1 Apache | 1 Ranger | 2016-09-27 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the create user functionality in the policy admin tool in Apache Ranger before 0.6.1 allows remote authenticated administrators to inject arbitrary web script or HTML via vectors related to policies. | |||||
| CVE-2016-4969 | 1 Fortinet | 1 Fortiwan | 2016-09-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote attackers to inject arbitrary web script or HTML via the IP parameter to script/statistics/getconn.php. | |||||
| CVE-2015-5399 | 1 Phpvibe | 1 Phpvibe | 2016-08-29 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in PHPVibe before 4.21 allows remote authenticated users to inject arbitrary web script or HTML via a comment. | |||||
| CVE-2016-4363 | 1 Hp | 1 Insight Control Server Deployment | 2016-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| HPE Insight Control server deployment allows remote attackers to modify data via unspecified vectors. | |||||
| CVE-2016-2045 | 2 Fedoraproject, Phpmyadmin | 2 Fedora, Phpmyadmin | 2016-08-02 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON data in a response. | |||||
| CVE-2016-1451 | 1 Cisco | 1 Meeting Server | 2016-07-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Meeting Server (formerly Acano Conferencing Server) 1.7 through 1.9 allows remote attackers to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCva19922. | |||||
| CVE-2016-5850 | 1 Huawei | 1 Public Cloud Solution | 2016-07-14 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the volume backup service module in Huawei Public Cloud Solution before 1.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-0350 | 1 Ibm | 1 Jazz Reporting Service | 2016-07-08 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-2888 and CVE-2016-0313. | |||||
| CVE-2016-2888 | 1 Ibm | 1 Jazz Reporting Service | 2016-07-08 | 4.3 MEDIUM | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Report Builder and Data Collection Component (DCC) in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2 ifix016 and 6.x before 6.0.1 ifix005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0313 and CVE-2016-0350. | |||||