Search
Total
20468 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-2350 | 1 Accellion | 1 File Transfer Appliance | 2016-05-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities on the Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) getimageajax.php, (2) move_partition_frame.html, or (3) wmInfo.html. | |||||
| CVE-2016-2305 | 1 Ecava | 1 Integraxor | 2016-04-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2016-0712 | 1 Apache | 1 Jetspeed | 2016-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Apache Jetspeed before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to portal. | |||||
| CVE-2016-0711 | 1 Apache | 1 Jetspeed | 2016-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Apache Jetspeed before 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the title parameter when adding a (1) link, (2) page, or (3) folder resource. | |||||
| CVE-2016-3978 | 1 Fortinet | 1 Fortios | 2016-04-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Web User Interface (WebUI) in FortiOS 5.0.x before 5.0.13, 5.2.x before 5.2.3, and 5.4.x before 5.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting (XSS) attacks via the "redirect" parameter to "login." | |||||
| CVE-2016-1375 | 1 Cisco | 1 Ip Interoperability And Collaboration System | 2016-04-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Cisco IP Interoperability and Collaboration System 4.10(1) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy12339. | |||||
| CVE-2015-0265 | 1 Apache | 1 Ranger | 2016-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Policy Admin Tool in Apache Ranger before 0.5.0 allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header. | |||||
| CVE-2016-1173 | 1 Hiniarata | 1 Casebook Plugin | 2016-04-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Menubook plugin before 0.9.3 for baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-1171 | 1 Hiniarata | 1 Casebook Plugin | 2016-04-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Recruit plugin before 0.9.3 for baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-1169 | 1 Hiniarata | 1 Casebook Plugin | 2016-04-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Casebook plugin before 0.9.4 for baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-3968 | 1 Sophos | 4 Cyberoam Cr100ing Utm, Cyberoam Cr100ing Utm Firmware, Cyberoam Cr35ing Utm and 1 more | 2016-04-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Sophos Cyberoam CR100iNG UTM appliance with firmware 10.6.3 MR-1 build 503, CR35iNG UTM appliance with firmware 10.6.2 MR-1 build 383, and CR35iNG UTM appliance with firmware 10.6.2 Build 378 allow remote attackers to inject arbitrary web script or HTML via the (1) ipFamily parameter to corporate/webpages/trafficdiscovery/LiveConnections.jsp; the (2) ipFamily, (3) applicationname, or (4) username parameter to corporate/webpages/trafficdiscovery/LiveConnectionDetail.jsp; or the (5) X-Forwarded-For HTTP header. | |||||
| CVE-2014-5360 | 1 Landesk | 1 Landesk Management Suite | 2016-04-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the admin interface in LANDESK Management Suite before 9.6 SP1 allows remote attackers to inject arbitrary web script or HTML via the AMTVersion parameter to remote/serverlist_grouptree.aspx. | |||||
| CVE-2014-7811 | 2 Redhat, Suse | 3 Network Satellite, Spacewalk, Manager | 2016-04-04 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and Red Hat Network (RHN) Satellite before 5.7.0 allow remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the REST API. | |||||
| CVE-2014-2242 | 1 Mediawiki | 1 Mediawiki | 2016-04-04 | 4.3 MEDIUM | N/A |
| includes/upload/UploadBase.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 does not prevent use of invalid namespaces in SVG files, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an SVG upload, as demonstrated by use of a W3C XHTML namespace in conjunction with an IFRAME element. | |||||
| CVE-2014-9036 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2016-04-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted Cascading Style Sheets (CSS) token sequence in a post. | |||||
| CVE-2014-9035 | 2 Debian, Wordpress | 2 Debian Linux, Wordpress | 2016-04-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Press This in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-7217 | 1 Phpmyadmin | 1 Phpmyadmin | 2016-04-04 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering of the (1) table search or (2) table structure page, related to libraries/TableSearch.class.php and libraries/Util.class.php. | |||||
| CVE-2014-3824 | 1 Juniper | 1 Junos Pulse Secure Access Service | 2016-04-01 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r6, 7.4 before 7.4r13, and 7.1 before 7.1r20 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-3820 | 1 Juniper | 2 Junos Pulse Access Control Service, Junos Pulse Secure Access Service | 2016-04-01 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the SSL VPN/UAC web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 7.1 before 7.1r16, 7.4 before 7.4r3, and 8.0 before 8.0r1 and the Juniper Junos Pulse Access Control Service devices with UAC OS 4.1 before 4.1r8, 4.4 before 4.4r3 and 5.0 before 5.0r1 allows remote administrators to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-6111 | 1 Modpagespeed | 1 Mod Pagespeed | 2016-03-31 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.x, 1.0.22.7, 1.1.x, 1.24.1, 1.3.25.1 through 1.3.25.4, 1.4.26.1 through 1.4.26.4, 1.5.27.1 through 1.5.27.3, and 1.6.29.1 through 1.6.29.6 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-0955 | 4 Adobe, Apple, Linux and 1 more | 4 Experience Manager, Mac Os X, Linux Kernel and 1 more | 2016-03-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Adobe Experience Manager (AEM) 6.1.0 allows remote authenticated users to inject arbitrary web script or HTML via a folder title field that is mishandled in the Deletion popup dialog. | |||||
| CVE-2016-2287 | 1 Xzeres | 2 442sr, 442sr Os | 2016-03-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in XZERES 442SR OS on 442SR wind turbines allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-5968 | 1 Novell | 1 Filr | 2016-03-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Novell Filr 1.2 before Hot Patch 4 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2016-0262 | 1 Ibm | 1 Maximo Asset Management | 2016-03-16 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1.1 through 7.1.1.3, 7.5.0 before 7.5.0.9 IFIX004, and 7.6.0 before 7.6.0.3 IFIX001 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2016-1135 | 1 Buffalotech | 16 Bhr-4grv2, Bhr-4grv2 Firmware, Wex-300 and 13 more | 2016-03-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability on BUFFALO BHR-4GRV2 devices with firmware 1.04 and earlier, WEX-300 devices with firmware 1.90 and earlier, WHR-1166DHP devices with firmware 1.90 and earlier, WHR-300HP2 devices with firmware 1.90 and earlier, WHR-600D devices with firmware 1.90 and earlier, WMR-300 devices with firmware 1.90 and earlier, WMR-433 devices with firmware 1.01 and earlier, and WSR-1166DHP devices with firmware 1.01 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-7492 | 1 Ibm | 1 Infosphere Master Data Management Reference Data Management | 2016-03-10 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Reference Data Management (RDM) in IBM InfoSphere Master Data Management 10.1, 11.0 before FP5, 11.3, 11.4, and 11.5 before FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2016-1488 | 1 Siemens | 4 Ozw672, Ozw672 Firmware, Ozw772 and 1 more | 2016-03-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the login form in the integrated web server on Siemens OZW OZW672 devices before 6.00 and OZW772 devices before 6.00 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2016-1354 | 1 Cisco | 1 Unified Communications Domain Manager | 2016-03-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager (UCDM) 8.x before 8.1.1 allows remote attackers to inject arbitrary web script or HTML via crafted markup data, aka Bug ID CSCud41176. | |||||
| CVE-2016-0244 | 1 Ibm | 1 Websphere Portal | 2016-03-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-0243. | |||||
| CVE-2016-2214 | 1 Huawei | 1 Agile Controller-campus | 2016-03-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in an unspecified portal authentication page in Huawei Agile Controller-Campus with software before V100R001C00SPC319 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2015-7457 | 1 Ibm | 1 Websphere Portal | 2016-03-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2015-7491 | 1 Ibm | 1 Websphere Portal | 2016-03-02 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2015-7398 | 1 Ibm | 1 Emptoris Contract Management | 2016-02-26 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2015-4957 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2016-02-26 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Web UI in IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2016-1157 | 1 Log-chat Project | 1 Log-chat | 2016-02-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in log_chat.cgi in Script* Log-Chat before 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-8531 | 1 Ibm | 2 Security Access Manager 9.0 Firmware, Security Access Manager For Web 8.0 Firmware | 2016-02-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM Security Access Manager for Web 8.0 before 8.0.1.3 IF4 and 9.0 before 9.0.0.1 IF1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2016-1150 | 1 Cybozu | 1 Office | 2016-02-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, and CVE-2016-1149. | |||||
| CVE-2016-1149 | 1 Cybozu | 1 Office | 2016-02-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, and CVE-2016-1150. | |||||
| CVE-2015-8797 | 1 Apache | 1 Solr | 2016-02-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/plugins.js in the stats page in the Admin UI in Apache Solr before 5.3.1 allows remote attackers to inject arbitrary web script or HTML via the entry parameter to a plugins/cache URI. | |||||
| CVE-2015-8795 | 1 Apache | 1 Solr | 2016-02-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the Admin UI in Apache Solr before 5.1 allow remote attackers to inject arbitrary web script or HTML via crafted fields that are mishandled during the rendering of the (1) Analysis page, related to webapp/web/js/scripts/analysis.js or (2) Schema-Browser page, related to webapp/web/js/scripts/schema-browser.js. | |||||
| CVE-2015-7798 | 1 Cybozu | 1 Office | 2016-02-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2016-1149, and CVE-2016-1150. | |||||
| CVE-2015-7796 | 1 Cybozu | 1 Office | 2016-02-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7797, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150. | |||||
| CVE-2015-7797 | 1 Cybozu | 1 Office | 2016-02-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150. | |||||
| CVE-2015-7795 | 1 Cybozu | 1 Office | 2016-02-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150. | |||||
| CVE-2015-7679 | 1 Ipswitch | 1 Moveit Mobile | 2016-02-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Ipswitch MOVEit Mobile before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the query string to mobile/. | |||||
| CVE-2016-0866 | 1 Tollgrade | 1 Smartgrid Lighthouse Sensor Management System | 2016-02-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software EMS before 5.1, and 4.1.0 Build 16, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-1306 | 1 Cisco | 1 Fog Director | 2016-02-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Cisco Fog Director 1.0(0) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux80466. | |||||
| CVE-2016-1136 | 1 Kddi | 2 Home Spot Cube, Home Spot Cube Firmware | 2016-02-10 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-1143 | 1 Vine Mv Project | 1 Vine Mv | 2016-02-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in main.rb in Vine MV before 2015-11-08 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-1300 | 1 Cisco | 1 Unity Connection | 2016-01-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Cisco Unity Connection (UC) 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux82582. | |||||