CVEs from 2015
Total
7,262
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat 878
- acrobat_reader 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-8349 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in SourceBans before 2.0 pre-alpha allows remote attackers to inject arbitrary web script or HTML via the advSearch parameter to index.php. | |||
| CVE-2015-5054 | medium | 6.1 | 6.1 | 9y ago | Open redirect vulnerability in Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL i… | |||
| CVE-2015-4687 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in Ellucian (formerly SunGard) Banner Student 8.5.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-5060 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in anchor-cms before 0.9-dev. | |||
| CVE-2015-4721 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in Concrete5 5.7.3.1. | |||
| CVE-2015-3169 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in askbot 0.7.51-4.el6.noarch. | |||
| CVE-2015-7711 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in popuphelp.php in ATutor 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the h parameter. | |||
| CVE-2015-6942 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in Coremail XT3.0 allows remote attackers to inject arbitrary web script or HTML via a hyperlink in a document attachment. | |||
| CVE-2015-6588 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in login-fsp.html in MODX Revolution before 1.9.1 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING. | |||
| CVE-2015-2046 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in MantisBT 1.2.13 and later before 1.2.20. | |||
| CVE-2015-1177 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.2. | |||
| CVE-2015-0101 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in IBM Business Process Manager Standard 7.5.x before 7.5, 8.0.x before 8.0.1, 8.5.x before 8.5.5; IBM Business Process Manager Express 7.5.x before 7.5, 8.0.… | |||
| CVE-2015-5701 | medium | 6.1 | 6.1 | 9y ago | mktexlsr revision 36855, and before revision 36626 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. NOTE: this vulnerability exists due to the reversion of… | |||
| CVE-2015-5700 | medium | 6.1 | 6.1 | 9y ago | mktexlsr revision 22855 through revision 36625 as packaged in texlive allows local users to write to arbitrary files via a symlink attack. | |||
| CVE-2015-3257 | medium | 6.1 | 6.1 | 9y ago | zend-diactoros Cross-site Scripting (XSS) | |||
| CVE-2015-4699 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the Splash Portal in Cloud4Wi before 5.9.7 allows remote attackers to inject arbitrary web script or HTML via the recoveryMessage parameter to the default … | |||
| CVE-2015-5057 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability exists in the Wordpress admin panel when the Broken Link Checker plugin before 1.10.9 is installed. | |||
| CVE-2015-2690 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in views/add-license-form.php in the Digium Addons module (digiumaddoninstaller) before 2.11.0.7 for FreePBX allow remote attackers to inject arbit… | |||
| CVE-2015-0674 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the Alert Service of Cisco Cloud Web Security base revision allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||
| CVE-2015-3421 | medium | 6.1 | 6.1 | 9y ago | The eshop_checkout function in checkout.php in the Wordpress Eshop plugin 6.3.11 and earlier does not validate variables in the "eshopcart" HTTP cookie, which allows remote attackers to perform cross… | |||
| CVE-2015-9056 | medium | 6.1 | 6.1 | 9y ago | Kibana versions prior to 4.1.3 and 4.2.1 are vulnerable to a XSS attack. | |||
| CVE-2015-9096 | medium | 6.1 | 6.1 | 9y ago | Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA subs… | |||
| CVE-2015-1588 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Server 6 and OX AppSuite before 7.4.2-rev43, 7.6.0-rev38, and 7.6.1-rev21. | |||
| CVE-2015-6540 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in Intellect Design Arena Intellect Core banking software. | |||
| CVE-2015-3190 | medium | 6.1 | 6.1 | 9y ago | With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the UAA logout link is susceptible to an op… | |||
| CVE-2015-8477 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in Redmine before 2.6.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving flash message rendering. | |||
| CVE-2015-5381 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter t… | |||
| CVE-2015-5241 | medium | 6.1 | 6.1 | 9y ago | Moderate severity vulnerability that affects org.apache.juddi:juddi-client | |||
| CVE-2015-4070 | medium | 6.1 | 6.1 | 9y ago | Open redirect vulnerability in the proxyimages function in wowproxy.php in the Wow Moodboard Lite plugin 1.1.1.1 for WordPress allows remote attackers to redirect users to arbitrary web sites and con… | |||
| CVE-2015-3998 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in phpwhois 4.2.5, as used in the adsense-click-fraud-monitoring plugin 1.7.5 for WordPress, allows remote attackers to inject arbitrary web script or HTML vi… | |||
| CVE-2015-9058 | medium | 6.1 | 6.1 | 9y ago | Open redirect vulnerability in Proxmox Mail Gateway prior to hotfix 4.0-8-097d26a9 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the destination pa… | |||
| CVE-2015-9057 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in Proxmox Mail Gateway prior to hotfix 4.0-8-097d26a9 allow remote attackers to inject arbitrary web script or HTML via multiple parameters, relat… | |||
| CVE-2015-8864 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnera… | |||
| CVE-2015-7275 | medium | 6.1 | 6.1 | 9y ago | Dell Integrated Remote Access Controller (iDRAC) 6 before 2.85 and 7/8 before 2.30.30.30 has XSS. | |||
| CVE-2015-6035 | medium | 6.1 | 6.1 | 9y ago | Opsview before 2015-11-06 has XSS via SNMP. | |||
| CVE-2015-6027 | medium | 6.1 | 6.1 | 9y ago | Castle Rock Computing SNMPc before 2015-12-17 has XSS via SNMP. | |||
| CVE-2015-6021 | medium | 6.1 | 6.1 | 9y ago | Spiceworks Desktop before 2015-12-01 has XSS via an SNMP response. | |||
| CVE-2015-8010 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the… | |||
| CVE-2015-8622 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1, when is configured with a relative URL, allows remote authe… | |||
| CVE-2015-3883 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in qdPM 8.3 allow remote attackers to inject arbitrary web script or HTML via the (1) search[keywords] parameter to index.php/users page; the (2) "… | |||
| CVE-2015-8815 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in Umbraco before 7.4.0 allow remote attackers to inject arbitrary web script or HTML via the name parameter to (1) the media page, (2) the develop… | |||
| CVE-2015-8936 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in squidGuard.cgi in squidGuard before 1.5 allows remote attackers to inject arbitrary web script or HTML via a blocked site link. | |||
| CVE-2015-8831 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in admin/comments.php in Dotclear before 2.8.2 allows remote attackers to inject arbitrary web script or HTML via the author name in a comment. | |||
| CVE-2015-8976 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 might allow remote attackers to inject arbitrary web scr… | |||
| CVE-2015-8975 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the error handler in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 might allow remote attackers to inj… | |||
| CVE-2015-8862 | medium | 6.1 | 6.1 | 10y ago | mustache package before 2.2.1 for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted. | |||
| CVE-2015-8861 | medium | 6.1 | 6.1 | 10y ago | The handlebars package before 4.0.0 for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted. | |||
| CVE-2015-8856 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the serve-index package before 1.6.3 for Node.js allows remote attackers to inject arbitrary web script or HTML via a crafted file or directory name. | |||
| CVE-2015-8684 | medium | 6.1 | 6.1 | 10y ago | Exponent CMS before 2.3.7 does not properly restrict the types of files that can be uploaded, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly have other unspe… | |||
| CVE-2015-8667 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Reset Your Password module in Exponent CMS before 2.3.5 allows remote attackers to inject arbitrary web script or HTML via the Username/Email. | |||
| CVE-2015-6501 | medium | 6.1 | 6.1 | 10y ago | Open redirect vulnerability in the Console in Puppet Enterprise before 2015.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the string parameter. | |||
| CVE-2015-0787 | medium | 6.1 | 6.1 | 10y ago | XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the accessMgrDN value of the forgotUser.do CGI. | |||
| CVE-2015-8956 | medium | 6.1 | 6.1 | 10y ago | The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) … | |||
| CVE-2015-1000004 | medium | 6.1 | 6.1 | 10y ago | XSS in filedownload v1.4 wordpress plugin | |||
| CVE-2015-5720 | medium | 6.1 | 6.1 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in the template-creation feature in Malware Information Sharing Platform (MISP) before 2.3.90 allow remote attackers to inject arbitrary web script… | |||
| CVE-2015-8935 | medium | 6.1 | 6.1 | 10y ago | The sapi_header_op function in main/SAPI.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 supports deprecated line folding without considering browser compatibility, which allows r… | |||
| CVE-2015-5664 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in File Station in QNAP QTS before 4.2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-6931 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the vSphere Web Client in VMware vCenter Server 5.0 before U3g, 5.1 before U3d, and 5.5 before U2d allows remote attackers to inject arbitrary web script o… | |||
| CVE-2015-8699 | medium | 6.1 | 6.1 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in CA Release Automation (formerly LISA Release Automation) 5.0.2 before 5.0.2-227, 5.5.1 before 5.5.1-1616, 5.5.2 before 5.5.2-434, and 6.1.0 befo… | |||
| CVE-2015-7360 | medium | 6.1 | 6.1 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface (WebUI) in Fortinet FortiSandbox before 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) ser… | |||
| CVE-2015-8834 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored… | |||
| CVE-2015-5714 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in WordPress before 4.3.1 allows remote attackers to inject arbitrary web script or HTML by leveraging the mishandling of unclosed HTML elements during proces… | |||
| CVE-2015-8807 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the _renderVarInput_number function in horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.php in Horde Groupware before 5.2.12 and Horde Groupware Web… | |||
| CVE-2015-8606 | medium | 6.1 | 6.1 | 10y ago | Silverstripe CMS XSS Vulnerability | |||
| CVE-2015-8682 | medium | 6.1 | 6.1 | 10y ago | The Video0 driver in Huawei P8 smartphones with software GRA-UL00 before GRA-UL00C00B350, GRA-UL10 before GRA-UL10C00B350, GRA-TL00 before GRA-TL00C01B350, GRA-CL00 before GRA-CL00C92B350, and GRA-CL… | |||
| CVE-2015-7520 | medium | 6.1 | 6.1 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in the (1) RadioGroup and (2) CheckBoxMultipleChoice classes in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.22.0, and 7.x before 7.2.0 allow re… | |||
| CVE-2015-5347 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the getWindowOpenJavaScript function in org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.… | |||
| CVE-2015-3268 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the DisplayEntityField.getDescription method in ModelFormField.java in Apache OFBiz before 12.04.06 and 13.07.x before 13.07.03 allows remote attackers to … | |||
| CVE-2015-0265 | medium | 6.1 | 6.1 | 10y ago | Apache Ranger Cross-site Scripting vulnerability | |||
| CVE-2015-5968 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Novell Filr 1.2 before Hot Patch 4 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||
| CVE-2015-8524 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Process Portal in IBM Business Process Manager 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote attackers to inj… | |||
| CVE-2015-7457 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted U… | |||
| CVE-2015-5337 | medium | 6.1 | 6.1 | 10y ago | Moodle XSS Vulnerability | |||
| CVE-2015-3275 | medium | 6.1 | 6.1 | 10y ago | Moodle multiple cross-site scripting (XSS) vulnerabilities | |||
| CVE-2015-3274 | medium | 6.1 | 6.1 | 10y ago | Moodle cross-site scripting (XSS) vulnerability | |||
| CVE-2015-7798 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than C… | |||
| CVE-2015-7797 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than C… | |||
| CVE-2015-7796 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than C… | |||
| CVE-2015-7795 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than C… | |||
| CVE-2015-8797 | medium | 6.1 | 6.1 | 10y ago | Improper Neutralization of Input During Web Page Generation in Apache Solr | |||
| CVE-2015-8796 | medium | 6.1 | 6.1 | 10y ago | Apache Solr Cross-site scripting Vulnerability | |||
| CVE-2015-8795 | medium | 6.1 | 6.1 | 10y ago | Improper Neutralization of Input During Web Page Generation in Apache Solr | |||
| CVE-2015-8531 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in IBM Security Access Manager for Web 8.0 before 8.0.1.3 IF4 and 9.0 before 9.0.0.1 IF1 allows remote attackers to inject arbitrary web script or HTML via a … | |||
| CVE-2015-7679 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Ipswitch MOVEit Mobile before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the query string to mobile/. | |||
| CVE-2015-8793 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the _mbox pa… | |||
| CVE-2015-7439 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in InfoSphere Data Architect (IDA), as distributed in IBM Rational Software Architect 8.5 through 9.5, Rational Software Architect for WebSphere Software (RSA… | |||
| CVE-2015-6337 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0.10 allows remote attackers to inject arbitrary web script or HTML via a … | |||
| CVE-2015-7580 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in lib/rails/html/scrubbers.rb in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web sc… | |||
| CVE-2015-7579 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem 1.0.2 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via an HTML entity that i… | |||
| CVE-2015-7578 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via crafted tag at… | |||
| CVE-2015-5008 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through FP11, 6.0 Feature Pack 4, 7.0 through FP9, 7.0 Feature Pack 5 through 8, and 8.0 before 8.0.0.1 allows remote attackers … | |||
| CVE-2015-5002 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in IBM Host On-Demand 11.0 through 11.0.14 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||
| CVE-2015-4959 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before FP16 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||
| CVE-2015-8685 | medium | 6.1 | 6.1 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.8.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) external calendar url or (2) the ba… | |||
| CVE-2015-7565 | medium | 6.1 | 6.1 | 11y ago | ember-source Cross-site Scripting vulnerability | |||
| CVE-2015-6117 | medium | 6.1 | 6.1 | 11y ago | Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allow remote authenticated users to bypass intended Access Control Policy restrictions and conduct cross-site scripting (XSS) a… | |||
| CVE-2015-7242 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in the Push-Service-Mails feature in AVM FRITZ!OS before 6.30 allows remote attackers to inject arbitrary web script or HTML via the display name in the FROM … | |||
| CVE-2015-4671 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in OpenCart before 2.1.0.2 allows remote attackers to inject arbitrary web script or HTML via the zone_id parameter to index.php. | |||
| CVE-2015-7706 | medium | 6.1 | 6.1 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in Secure Data Space SDS-API before 3.5.7 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to api/v3/public/shar… | |||
| CVE-2015-8510 | medium | 6.1 | 6.1 | 11y ago | Cross-site scripting (XSS) vulnerability in the internationalization feature in the default homescreen app in Mozilla Firefox OS before 2.5 allows user-assisted remote attackers to inject arbitrary w… |