CVEs from 2015
Total
7,262
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat 878
- acrobat_reader 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-0686 | medium | — | 6.3 | 11y ago | The SNMP implementation in Cisco NX-OS 6.1(2)I2(3) on Nexus 9000 devices, when a Reset High Availability (HA) policy is configured, allows remote authenticated users to cause a denial of service (dev… | |||
| CVE-2015-7975 | medium | 6.2 | 6.2 | 10y ago | The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 does not properly validate the length of its input, which allows an attacker to cause a denial of service (application crash). | |||
| CVE-2015-8872 | medium | 6.2 | 6.2 | 10y ago | The set_fat function in fat.c in dosfstools before 4.0 might allow attackers to corrupt a FAT12 filesystem or cause a denial of service (invalid memory read and crash) by writing an odd number of clu… | |||
| CVE-2015-1339 | medium | 6.2 | 6.2 | 10y ago | Memory leak in the cuse_channel_release function in fs/fuse/cuse.c in the Linux kernel before 4.4 allows local users to cause a denial of service (memory consumption) or possibly have unspecified oth… | |||
| CVE-2015-1776 | medium | 6.2 | 6.2 | 10y ago | Exposure of Sensitive Information to an Unauthorized Actor in Apache Hadoop | |||
| CVE-2015-5969 | medium | 6.2 | 6.2 | 10y ago | The mysql-systemd-helper script in the mysql-community-server package before 5.6.28-2.17.1 in openSUSE 13.2 and before 5.6.28-13.1 in openSUSE Leap 42.1 and the mariadb package before 10.0.22-2.21.2 … | |||
| CVE-2015-8785 | medium | 6.2 | 6.2 | 11y ago | The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero lengt… | |||
| CVE-2015-8767 | medium | 6.2 | 6.2 | 11y ago | net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows local users to cause a denial of service (deadlock) via a c… | |||
| CVE-2015-8675 | medium | 6.2 | 6.2 | 11y ago | Huawei S5300 Campus Series switches with software before V200R005SPH008 do not mask the password when uploading files, which allows physically proximate attackers to obtain sensitive password informa… | |||
| CVE-2015-6646 | medium | 6.2 | 6.2 | 11y ago | The System V IPC implementation in the kernel in Android before 6.0 2016-01-01 allows attackers to cause a denial of service (global kernel resource consumption) by leveraging improper interaction be… | |||
| CVE-2015-4820 | medium | — | 6.2 | 11y ago | Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Solaris Kernel Zones, a different vulnera… | |||
| CVE-2015-4817 | medium | — | 6.2 | 11y ago | Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via vectors related to Kernel Zones virtualized NIC driver. | |||
| CVE-2015-3339 | medium | — | 6.2 | 11y ago | Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root… | |||
| CVE-2015-4707 | medium | 6.1 | 6.1 | 4y ago | Cross-site scripting (XSS) vulnerability in IPython before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/notebooks path. | |||
| CVE-2015-7668 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in includes/MapPinImageSave.php in the Easy2Map plugin before 1.3.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map_i… | |||
| CVE-2015-7667 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in (1) templates/admanagement/admanagement.php and (2) templates/adspot/adspot.php in the ResAds plugin before 1.0.2 for WordPress allow remote att… | |||
| CVE-2015-7666 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in the (1) cp_updateMessageItem and (2) cp_deleteMessageItem functions in cp_ppp_admin_int_message_list.inc.php in the Payment Form for PayPal Pro … | |||
| CVE-2015-7324 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in helpers/comment.php in the StackIdeas Komento (com_komento) component before 2.0.5 for Joomla! allow remote attackers to inject arbitrary web sc… | |||
| CVE-2015-6502 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the console in Puppet Enterprise before 2015.2.1 allows remote attackers to inject arbitrary web script or HTML via the string parameter, related to Login … | |||
| CVE-2015-5532 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Paid Memberships Pro (PMPro) plugin before 1.8.4.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) s… | |||
| CVE-2015-6961 | medium | 6.1 | 6.1 | 9y ago | Open redirect vulnerability in gluon/tools.py in Web2py 2.9.11 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the _next parameter to user/l… | |||
| CVE-2015-7943 | medium | 6.1 | 6.1 | 9y ago | Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.41, the jQuery Update module 7.x-2.x before 7.x-2.7 for Drupal, and the LABjs module 7.x-1.x before 7.x-1.8 allows remote atta… | |||
| CVE-2015-7980 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the Compass Rose module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related t… | |||
| CVE-2015-7357 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the uDesign (aka U-Design) theme 2.3.0 before 2.7.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via a fragment identifier… | |||
| CVE-2015-7349 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the sample feedback.inc file in VASCO DIGIPASS authentication plug-in for Citrix Web Interface allows remote attackers to inject arbitrary web script or HT… | |||
| CVE-2015-7391 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.9.14 allow remote attackers to inject arbitrary web script or HTML via the (1) selected_end_date or (2) selected_start_date pa… | |||
| CVE-2015-5169 | medium | 6.1 | 6.1 | 9y ago | Cross-site Scripting in Apache Struts | |||
| CVE-2015-7316 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.x before 4.3.7, and 5.0rc1. | |||
| CVE-2015-6748 | medium | 6.1 | 6.1 | 9y ago | Improper Neutralization of Input During Web Page Generation in Jsoup | |||
| CVE-2015-5282 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in Foreman 1.7.0 and after. | |||
| CVE-2015-4706 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in IPython 3.x before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/contents path. | |||
| CVE-2015-3296 | medium | 6.1 | 6.1 | 9y ago | NodeBB Cross-site Scripting Vulnerability in Markdown Processing | |||
| CVE-2015-5608 | medium | 6.1 | 6.1 | 9y ago | Open redirect vulnerability in Joomla! CMS 3.0.0 through 3.4.1. | |||
| CVE-2015-3880 | medium | 6.1 | 6.1 | 9y ago | phpBB Open Redirect | |||
| CVE-2015-3432 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in Pydio (formerly AjaXplorer) before 6.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Pydio XSS V… | |||
| CVE-2015-3299 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the Floating Social Bar plugin before 1.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to original se… | |||
| CVE-2015-2750 | medium | 6.1 | 6.1 | 9y ago | Open redirect vulnerability in URL-related API functions in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks vi… | |||
| CVE-2015-2749 | medium | 6.1 | 6.1 | 9y ago | Open redirect vulnerability in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination pa… | |||
| CVE-2015-8354 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the Ultimate Member WordPress plugin before 1.3.29 for WordPress allows remote attackers to inject arbitrary web script or HTML via the _refer parameter to… | |||
| CVE-2015-8353 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the Role Scoper plugin before 1.3.67 for WordPress allows remote attackers to inject arbitrary web script or HTML via the object_name parameter in a rs-obj… | |||
| CVE-2015-8350 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Calls to Action plugin before 2.5.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) open-tab paramet… | |||
| CVE-2015-8349 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in SourceBans before 2.0 pre-alpha allows remote attackers to inject arbitrary web script or HTML via the advSearch parameter to index.php. | |||
| CVE-2015-5054 | medium | 6.1 | 6.1 | 9y ago | Open redirect vulnerability in Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL i… | |||
| CVE-2015-4687 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in Ellucian (formerly SunGard) Banner Student 8.5.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-5060 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in anchor-cms before 0.9-dev. | |||
| CVE-2015-4721 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in Concrete5 5.7.3.1. | |||
| CVE-2015-3169 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in askbot 0.7.51-4.el6.noarch. | |||
| CVE-2015-7711 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in popuphelp.php in ATutor 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the h parameter. | |||
| CVE-2015-6942 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in Coremail XT3.0 allows remote attackers to inject arbitrary web script or HTML via a hyperlink in a document attachment. | |||
| CVE-2015-6588 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in login-fsp.html in MODX Revolution before 1.9.1 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING. | |||
| CVE-2015-2046 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in MantisBT 1.2.13 and later before 1.2.20. | |||
| CVE-2015-1177 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.2. | |||
| CVE-2015-0101 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in IBM Business Process Manager Standard 7.5.x before 7.5, 8.0.x before 8.0.1, 8.5.x before 8.5.5; IBM Business Process Manager Express 7.5.x before 7.5, 8.0.… | |||
| CVE-2015-5701 | medium | 6.1 | 6.1 | 9y ago | mktexlsr revision 36855, and before revision 36626 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. NOTE: this vulnerability exists due to the reversion of… | |||
| CVE-2015-5700 | medium | 6.1 | 6.1 | 9y ago | mktexlsr revision 22855 through revision 36625 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. | |||
| CVE-2015-3257 | medium | 6.1 | 6.1 | 9y ago | zend-diactoros Cross-site Scripting (XSS) | |||
| CVE-2015-4699 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the Splash Portal in Cloud4Wi before 5.9.7 allows remote attackers to inject arbitrary web script or HTML via the recoveryMessage parameter to the default … | |||
| CVE-2015-5057 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability exists in the Wordpress admin panel when the Broken Link Checker plugin before 1.10.9 is installed. | |||
| CVE-2015-2690 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in views/add-license-form.php in the Digium Addons module (digiumaddoninstaller) before 2.11.0.7 for FreePBX allow remote attackers to inject arbit… | |||
| CVE-2015-0674 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the Alert Service of Cisco Cloud Web Security base revision allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||
| CVE-2015-3421 | medium | 6.1 | 6.1 | 9y ago | The eshop_checkout function in checkout.php in the Wordpress Eshop plugin 6.3.11 and earlier does not validate variables in the "eshopcart" HTTP cookie, which allows remote attackers to perform cross… | |||
| CVE-2015-9056 | medium | 6.1 | 6.1 | 9y ago | Kibana versions prior to 4.1.3 and 4.2.1 are vulnerable to a XSS attack. | |||
| CVE-2015-9096 | medium | 6.1 | 6.1 | 9y ago | Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA subs… | |||
| CVE-2015-1588 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Server 6 and OX AppSuite before 7.4.2-rev43, 7.6.0-rev38, and 7.6.1-rev21. | |||
| CVE-2015-6540 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in Intellect Design Arena Intellect Core banking software. | |||
| CVE-2015-3190 | medium | 6.1 | 6.1 | 9y ago | With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the UAA logout link is susceptible to an op… | |||
| CVE-2015-8477 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in Redmine before 2.6.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving flash message rendering. | |||
| CVE-2015-5381 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter t… | |||
| CVE-2015-5241 | medium | 6.1 | 6.1 | 9y ago | Moderate severity vulnerability that affects org.apache.juddi:juddi-client | |||
| CVE-2015-4070 | medium | 6.1 | 6.1 | 9y ago | Open redirect vulnerability in the proxyimages function in wowproxy.php in the Wow Moodboard Lite plugin 1.1.1.1 for WordPress allows remote attackers to redirect users to arbitrary web sites and con… | |||
| CVE-2015-3998 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in phpwhois 4.2.5, as used in the adsense-click-fraud-monitoring plugin 1.7.5 for WordPress, allows remote attackers to inject arbitrary web script or HTML vi… | |||
| CVE-2015-9058 | medium | 6.1 | 6.1 | 9y ago | Open redirect vulnerability in Proxmox Mail Gateway prior to hotfix 4.0-8-097d26a9 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the destination pa… | |||
| CVE-2015-9057 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in Proxmox Mail Gateway prior to hotfix 4.0-8-097d26a9 allow remote attackers to inject arbitrary web script or HTML via multiple parameters, relat… | |||
| CVE-2015-8864 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnera… | |||
| CVE-2015-7275 | medium | 6.1 | 6.1 | 9y ago | Dell Integrated Remote Access Controller (iDRAC) 6 before 2.85 and 7/8 before 2.30.30.30 has XSS. | |||
| CVE-2015-6035 | medium | 6.1 | 6.1 | 9y ago | Opsview before 2015-11-06 has XSS via SNMP. | |||
| CVE-2015-6027 | medium | 6.1 | 6.1 | 9y ago | Castle Rock Computing SNMPc before 2015-12-17 has XSS via SNMP. | |||
| CVE-2015-6021 | medium | 6.1 | 6.1 | 9y ago | Spiceworks Desktop before 2015-12-01 has XSS via an SNMP response. | |||
| CVE-2015-8010 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the… | |||
| CVE-2015-8622 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1, when is configured with a relative URL, allows remote authe… | |||
| CVE-2015-3883 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in qdPM 8.3 allow remote attackers to inject arbitrary web script or HTML via the (1) search[keywords] parameter to index.php/users page; the (2) "… | |||
| CVE-2015-8815 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in Umbraco before 7.4.0 allow remote attackers to inject arbitrary web script or HTML via the name parameter to (1) the media page, (2) the develop… | |||
| CVE-2015-8936 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in squidGuard.cgi in squidGuard before 1.5 allows remote attackers to inject arbitrary web script or HTML via a blocked site link. | |||
| CVE-2015-8831 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in admin/comments.php in Dotclear before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the author name in a comment. | |||
| CVE-2015-8976 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 might allow remote attackers to inject arbitrary web scr… | |||
| CVE-2015-8975 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the error handler in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 might allow remote attackers to inj… | |||
| CVE-2015-8862 | medium | 6.1 | 6.1 | 10y ago | mustache package before 2.2.1 for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted. | |||
| CVE-2015-8861 | medium | 6.1 | 6.1 | 10y ago | The handlebars package before 4.0.0 for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted. | |||
| CVE-2015-8856 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the serve-index package before 1.6.3 for Node.js allows remote attackers to inject arbitrary web script or HTML via a crafted file or directory name. | |||
| CVE-2015-8684 | medium | 6.1 | 6.1 | 10y ago | Exponent CMS before 2.3.7 does not properly restrict the types of files that can be uploaded, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly have other unspe… | |||
| CVE-2015-8667 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Reset Your Password module in Exponent CMS before 2.3.5 allows remote attackers to inject arbitrary web script or HTML via the Username/Email. | |||
| CVE-2015-6501 | medium | 6.1 | 6.1 | 10y ago | Open redirect vulnerability in the Console in Puppet Enterprise before 2015.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the string parameter. | |||
| CVE-2015-0787 | medium | 6.1 | 6.1 | 10y ago | XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the accessMgrDN value of the forgotUser.do CGI. | |||
| CVE-2015-8956 | medium | 6.1 | 6.1 | 10y ago | The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) … | |||
| CVE-2015-1000004 | medium | 6.1 | 6.1 | 10y ago | XSS in filedownload v1.4 wordpress plugin | |||
| CVE-2015-5720 | medium | 6.1 | 6.1 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in the template-creation feature in Malware Information Sharing Platform (MISP) before 2.3.90 allow remote attackers to inject arbitrary web script… | |||
| CVE-2015-8935 | medium | 6.1 | 6.1 | 10y ago | The sapi_header_op function in main/SAPI.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 supports deprecated line folding without considering browser compatibility, which allows r… | |||
| CVE-2015-5664 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in File Station in QNAP QTS before 4.2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-6931 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the vSphere Web Client in VMware vCenter Server 5.0 before U3g, 5.1 before U3d, and 5.5 before U2d allows remote attackers to inject arbitrary web script o… | |||
| CVE-2015-8699 | medium | 6.1 | 6.1 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in CA Release Automation (formerly LISA Release Automation) 5.0.2 before 5.0.2-227, 5.5.1 before 5.5.1-1616, 5.5.2 before 5.5.2-434, and 6.1.0 befo… |