CVEs from 2015
Total
7,266
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat 878
- acrobat_reader 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-2641 | low | — | 3.5 | 11y ago | Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges. | |||
| CVE-2015-2639 | low | — | 3.5 | 11y ago | Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Firewall. | |||
| CVE-2015-2600 | low | — | 3.5 | 11y ago | Unspecified vulnerability in the Siebel Core - Server OM Svcs component in Oracle Siebel CRM 8.1.1, 8.2.2, and 15.0 allows remote authenticated users to affect confidentiality via unknown vectors rel… | |||
| CVE-2015-2598 | low | — | 3.5 | 11y ago | Unspecified vulnerability in the mobile app in Oracle Business Intelligence Enterprise Edition in Oracle Fusion Middleware before 11.1.1.7.0 (11.6.39) allows remote authenticated users to affect inte… | |||
| CVE-2015-2592 | low | — | 3.5 | 11y ago | Unspecified vulnerability in the Hyperion Enterprise Performance Management Architect component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote authenticated users to affect integrity via unkn… | |||
| CVE-2015-1944 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF17 and 8.5.0 before CF06 allows remote authenticated users to inject arbitrary web script or HTML via a crafted… | |||
| CVE-2015-0551 | low | — | 3.5 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7… | |||
| CVE-2015-5365 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in Zurmo CRM 3.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "What's going on?" profile field. | |||
| CVE-2015-0131 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before … | |||
| CVE-2015-0127 | low | — | 3.5 | 11y ago | IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 does not properly restrict use of … | |||
| CVE-2015-0116 | low | — | 3.5 | 11y ago | IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 does not properly restrict the add… | |||
| CVE-2015-0549 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in EMC Documentum D2 before 4.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-5061 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 and earlier allows remote authenticated users with permissions to add new vendors to inject arbitrary… | |||
| CVE-2015-4139 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in smilies4wp.php in the WP Smiley plugin 1.4.1 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the s4w-more parame… | |||
| CVE-2015-4337 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the excl_manual parameter in the xclone… | |||
| CVE-2015-4374 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in the Webform module before 6.x-3.23, 7.x-3.x before 7.x-3.23, and 7.x-4.x before 7.x-4.5 for Drupal allows remote authenticated users with certain permissio… | |||
| CVE-2015-4608 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in the BE User Log (beko_beuserlog) extension 1.1.1 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspeci… | |||
| CVE-2015-4395 | low | — | 3.5 | 11y ago | The HybridAuth Social Login module 7.x-2.x before 7.x-2.10 for Drupal stores passwords in plaintext when the "Ask user for a password when registering" option is enabled, which allows remote authenti… | |||
| CVE-2015-4392 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in the Display Suite module 7.x-2.7 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to fie… | |||
| CVE-2015-4384 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in the Ubercart Webform Checkout Pane module 6.x-3.x before 6.x-3.10 and 7.x-3.x before 7.x-3.11 for Drupal allows remote authenticated users with certain per… | |||
| CVE-2015-4381 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in the Invoice module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.3 for Drupal allows remote authenticated users with the "Administer own invoices" permis… | |||
| CVE-2015-4380 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in the Linear Case module 6.x-1.x before 6.x-1.3 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML … | |||
| CVE-2015-4376 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in the Profile2 Privacy module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with the "Administer Profile2 Privacy Levels" permission to… | |||
| CVE-2015-4373 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in the OG tabs module before 7.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors … | |||
| CVE-2015-4372 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in the Image Title module before 7.x-1.1 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unsp… | |||
| CVE-2015-4370 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in the Site Documentation module before 6.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML v… | |||
| CVE-2015-4369 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in the Trick Question module before 6.x-1.5 and 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with the "Administer Trick Question" permi… | |||
| CVE-2015-4367 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in the Simple Subscription module before 6.x-1.1 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer blocks" permissi… | |||
| CVE-2015-4366 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in the Mover module 6.x-1.0 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vecto… | |||
| CVE-2015-4365 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in the Taxonomy Accordion module for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors rela… | |||
| CVE-2015-4359 | low | — | 3.5 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Registration codes module before 6.x-1.6, 6.x-2.x before 6.x-2.8, and 7.x-1.x before 7.x-1.2 for Drupal allow remote authenticated users wit… | |||
| CVE-2015-4358 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in unspecified administration pages in the Ubercart Discount Coupons module 6.x-1.x before 6.x-1.8 for Drupal allows remote authenticated users with certain p… | |||
| CVE-2015-4357 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in the Webform module before 6.x-3.22, 7.x-3.x before 7.x-3.22, and 7.x-4.x before 7.x-4.4 for Drupal allows remote authenticated users with certain permissio… | |||
| CVE-2015-4356 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in the view-based webform results table in the Webform module 7.x-4.x before 7.x-4.4 for Drupal allows remote authenticated users with certain permissions to … | |||
| CVE-2015-4354 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in the Ubercart Webform Integration module before 6.x-1.8 and 7.x before 7.x-2.4 for Drupal allows remote authenticated users with certain permissions to inje… | |||
| CVE-2015-4427 | low | — | 3.5 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in Test/WorkArea/workarea.aspx in Ektron Content Management System (CMS) before 9.10 SP1 (Build 9.1.0.184.1.114) allow remote authenticated users t… | |||
| CVE-2015-3179 | low | — | 3.5 | 11y ago | Moodle allows attackers to bypass intended login restrictions | |||
| CVE-2015-3178 | low | — | 3.5 | 11y ago | Moodle cross-site scripting (XSS) vulnerability | |||
| CVE-2015-3177 | low | — | 3.5 | 11y ago | Moodle 2.8.x before 2.8.6 does not consider the tool/monitor:subscribe capability before entering subscriptions to site-wide event-monitor rules, which allows remote authenticated users to obtain sen… | |||
| CVE-2015-3174 | low | — | 3.5 | 11y ago | Moodle does not set the RISK_XSS bit for graders | |||
| CVE-2015-2273 | low | — | 3.5 | 11y ago | Moodle cross-site scripting (XSS) vulnerability | |||
| CVE-2015-0216 | low | — | 3.5 | 11y ago | Moodle does not set the RISK_XSS bit for graders | |||
| CVE-2015-0212 | low | — | 3.5 | 11y ago | Moodle cross-site scripting (XSS) vulnerability | |||
| CVE-2015-0193 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2.x throu… | |||
| CVE-2015-4132 | low | — | 3.5 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allow remote administrators to inject arbitrary web script or HTML via unspecified v… | |||
| CVE-2015-3921 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in contact.php in Coppermine Photo Gallery before 1.5.36 allows remote authenticated users to inject arbitrary web script or HTML via the referer parameter. | |||
| CVE-2015-0168 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to inject arbitrary we… | |||
| CVE-2015-0156 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, and 8.5.x through 8.5.6.0 and WebSphere Lombardi Edition (WLE) 7.2.x throu… | |||
| CVE-2015-1910 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in the Reference Data Management component in the server in IBM InfoSphere Master Data Management (MDM) 10.1 before IF1, 11.0 before FP3, and 11.3 allows remo… | |||
| CVE-2015-3988 | low | — | 3.5 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2015.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the metadata to a (1) Glance … | |||
| CVE-2015-3011 | low | — | 3.5 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in the contacts application in ownCloud Server Community Edition before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allow remote authenticated u… | |||
| CVE-2015-0913 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in EasyCTF before 1.4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-0707 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in Cisco FireSIGHT System Software 5.3.1.1 and 6.0.0 in FireSIGHT Management Center allows remote authenticated users to inject arbitrary web script or HTML v… | |||
| CVE-2015-3392 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in the Ajax Timeline module before 7.x-1.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title. | |||
| CVE-2015-3390 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in the Facebook Album Fetcher module for Drupal allows remote authenticated users with the "access administration pages" permission to inject arbitrary web sc… | |||
| CVE-2015-3389 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in the Download counts report page in the Public Download Count module (pubdlcnt) 7.x-1.x-dev and earlier for Drupal allows remote authenticated users to inje… | |||
| CVE-2015-3387 | low | — | 3.5 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy Tools module before 7.x-1.4 for Drupal allow remote authenticated users to inject arbitrary web script or HTML via a (1) node or (2… | |||
| CVE-2015-3386 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in the Node Access Product module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title. | |||
| CVE-2015-3385 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in the Taxonomy Path module before 7.x-1.2 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the "Link to path" field fo… | |||
| CVE-2015-3384 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in the Bank Account Listing Page in the Commerce Balanced Payments module for Drupal allows remote authenticated users to inject arbitrary web script or HTML … | |||
| CVE-2015-3381 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in the Node basket module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-3376 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in the Quizzler module before 7-x.1.16 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title. | |||
| CVE-2015-3372 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in the Node Invite module before 6.x-2.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title. | |||
| CVE-2015-3369 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in the Taxonews module before 6.x-1.2 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer taxonomy" permission to inj… | |||
| CVE-2015-3368 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in the administration user interface in the Classified Ads module before 6.x-3.1 and 7.x-3.x before 7.x-3.1 for Drupal allows remote authenticated users with … | |||
| CVE-2015-3365 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in the nodeauthor module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a Profile2 field in a provided block. | |||
| CVE-2015-3362 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in the Video module before 7.x-2.11 for Drupal, when using the video WYSIWYG plugin, allows remote authenticated users to inject arbitrary web script or HTML … | |||
| CVE-2015-3360 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in the Term Merge module before 7.x-1.2 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-3359 | low | — | 3.5 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Room Reservations module before 7.x-1.1 for Drupal allow remote authenticated users with the "Administer the room reservations system" permi… | |||
| CVE-2015-3357 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in the Wishlist module before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal allows remote authenticated users with the "access wishlists" permission to inject… | |||
| CVE-2015-3353 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in the Field Display Label module before 7.x-1.3 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the alternate field l… | |||
| CVE-2015-3348 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in the Cloudwords for Multilingual Drupal module before 7.x-2.3 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node… | |||
| CVE-2015-3344 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in the Course module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via… | |||
| CVE-2015-2567 | low | — | 3.5 | 11y ago | Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges. | |||
| CVE-2015-0507 | low | — | 3.5 | 11y ago | Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached. | |||
| CVE-2015-0506 | low | — | 3.5 | 11y ago | Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-… | |||
| CVE-2015-0505 | low | — | 3.5 | 11y ago | Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via vectors related to DDL. | |||
| CVE-2015-0499 | low | — | 3.5 | 11y ago | Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Federated. | |||
| CVE-2015-0485 | low | — | 3.5 | 11y ago | Unspecified vulnerability in the PeopleSoft Enterprise SCM Strategic Sourcing component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality via unkno… | |||
| CVE-2015-0472 | low | — | 3.5 | 11y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote authenticated users to affect integrity via vectors related to P… | |||
| CVE-2015-0451 | low | — | 3.5 | 11y ago | Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 3.0-04 allows remote authenticated users to affect confidentiality via vectors related to OpenSSO Web Agents. | |||
| CVE-2015-2827 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in CA Spectrum 9.2.x and 9.3.x before 9.3 H02 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-1890 | low | — | 3.5 | 11y ago | /usr/lpp/mmfs/bin/gpfs.snap in IBM General Parallel File System (GPFS) 4.1 before 4.1.0.7 produces an archive potentially containing cleartext keys, and lacks a warning about reviewing this archive t… | |||
| CVE-2015-2108 | low | — | 3.5 | 11y ago | Unspecified vulnerability in Powershell Operations in HP Operations Orchestration 9.x and 10.x allows remote authenticated users to obtain sensitive information via unknown vectors. | |||
| CVE-2015-2760 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to inject arbit… | |||
| CVE-2015-2559 | low | — | 3.5 | 11y ago | Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated users to reset the password of other accounts by leveraging an account with the same password hash as another account and a craf… | |||
| CVE-2015-0103 | low | — | 3.5 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Process Portal in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allow remote auth… | |||
| CVE-2015-2677 | low | — | 3.5 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in ocPortal before 9.0.17 allow remote authenticated users to inject arbitrary web script or HTML via the (1) title or (2) text field in the cms_ca… | |||
| CVE-2015-2289 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in templates/2k11/admin/entries.tpl in Serendipity before 2.0.1 allows remote authenticated editors to inject arbitrary web script or HTML via the serendipity… | |||
| CVE-2015-2149 | low | — | 3.5 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in the administrative backend in MyBB (aka MyBulletinBoard) before 1.8.4 allow remote authenticated users to inject arbitrary web script or HTML vi… | |||
| CVE-2015-0128 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix4, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to inject arb… | |||
| CVE-2015-0125 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in IBM Rational DOORS Next Generation 4.x before 4.0.7 iFix3 and 5.x before 5.0.2 and Rational Requirements Composer 4.x before 4.0.7 iFix3 allows remote auth… | |||
| CVE-2015-0124 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix4, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to inject arb… | |||
| CVE-2015-0177 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF05 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||
| CVE-2015-0139 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF15 and 8.5.0 before CF05 allows remote authenticated users to inject arbitrary web script or HTML via a crafte… | |||
| CVE-2015-0129 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manager (RQM) 4.x before 4.0.7 iFix3 and 5.x before 5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via… | |||
| CVE-2015-0123 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix 5, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to inject arbit… | |||
| CVE-2015-0122 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix 5, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to inject arbit… | |||
| CVE-2015-0521 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA Registration Manager (RRM) before 6.9 build 558 allows remote authenticated users to inject … | |||
| CVE-2015-1636 | low | — | 3.5 | 11y ago | Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 Gold and SP1 and SharePoint Server 2013 Gold and SP1 allows remote authenticated users to inject arbitrary web script … |