CVEs from 2015
Total
7,262
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat 878
- acrobat_reader 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-6059 | medium | — | 4.3 | 11y ago | The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to obtain sensitive information from p… | |||
| CVE-2015-6058 | medium | — | 4.3 | 11y ago | Microsoft Edge mishandles HTML attributes in HTTP responses, which allows remote attackers to bypass a cross-site scripting (XSS) protection mechanism via unspecified vectors, aka "Microsoft Edge XSS… | |||
| CVE-2015-6052 | medium | — | 4.3 | 11y ago | The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to bypass the ASLR protection mechanis… | |||
| CVE-2015-6051 | medium | — | 4.3 | 11y ago | Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Internet Explorer… | |||
| CVE-2015-6046 | medium | — | 4.3 | 11y ago | Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerabilit… | |||
| CVE-2015-2556 | medium | — | 4.3 | 11y ago | The InfoPath Forms Services component in Microsoft SharePoint Server 2007 SP3 and 2010 SP2 misparses DTDs, which allows remote attackers to read arbitrary files via an XML document containing an exte… | |||
| CVE-2015-5654 | medium | — | 4.3 | 11y ago | Cross-Site Scripting in dojo | |||
| CVE-2015-5235 | medium | — | 4.3 | 11y ago | IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving … | |||
| CVE-2015-5894 | medium | — | 4.3 | 11y ago | The X.509 certificate-trust implementation in Apple OS X before 10.11 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it … | |||
| CVE-2015-5865 | medium | — | 4.3 | 11y ago | IOGraphics in Apple OS X before 10.11 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. | |||
| CVE-2015-5836 | medium | — | 4.3 | 11y ago | Apple Online Store Kit in Apple OS X before 10.11 improperly validates iCloud keychain item ACLs, which allows attackers to obtain access to keychain items via a crafted app. | |||
| CVE-2015-5828 | medium | — | 4.3 | 11y ago | The API in the WebKit Plug-ins component in Apple Safari before 9 does not provide notification of an HTTP Redirection (aka 3xx) status code to a plugin, which allows remote attackers to bypass inten… | |||
| CVE-2015-3878 | medium | — | 4.3 | 11y ago | Media Projection in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to bypass an intended screen-recording warning feature and obtain sensitive screen-snapshot information … | |||
| CVE-2015-5022 | medium | — | 4.3 | 11y ago | IBM Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 and 1.0.0.3 before 1.0.0.3_2, when access by guests is enabled, place an internal hostname and a p… | |||
| CVE-2015-4973 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in IBM Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 and 1.0.0.3 before 1.0.0.3_2 allows remote attackers t… | |||
| CVE-2015-4939 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in IBM Emptoris Supplier Lifecycle Management and Emptoris Program Management 10.x before 10.0.1.4_iFix3, 10.0.2.x before 10.0.2.7_iFix1, 10.0.3.x before 10.0… | |||
| CVE-2015-7708 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in 4images 1.7.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat_description parameter in an updatecat action to admin… | |||
| CVE-2015-2029 | medium | — | 4.3 | 11y ago | Session fixation vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote attackers to hijack web sessions via a session identifier. | |||
| CVE-2015-2028 | medium | — | 4.3 | 11y ago | CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting … | |||
| CVE-2015-2025 | medium | — | 4.3 | 11y ago | IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to captur… | |||
| CVE-2015-5651 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Dotclear before 2.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-0195 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in IBM Content Template Catalog 4.x before 4.1.4 for WebSphere Portal 8.0.x and 4.x before 4.3.1 for WebSphere Portal 8.5.x allows remote attackers to inject … | |||
| CVE-2015-3833 | medium | — | 4.3 | 11y ago | The getRunningAppProcesses function in services/core/java/com/android/server/am/ActivityManagerService.java in Android before 5.1.1 LMY48I allows attackers to bypass intended getRecentTasks restricti… | |||
| CVE-2015-1541 | medium | — | 4.3 | 11y ago | The AppWidgetServiceImpl implementation in com/android/server/appwidget/AppWidgetServiceImpl.java in the Settings application in Android before 5.1.1 LMY48I allows attackers to obtain a URI permissio… | |||
| CVE-2015-7604 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.2.x before 6.2.6 and Splunk Light 6.2.x before 6.2.6 allows remote attackers to inject arbitrary web script or HTML via u… | |||
| CVE-2015-7320 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in cpabc_appointments_admin_int_bookings_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allow remote attackers … | |||
| CVE-2015-5076 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in X2Engine X2CRM before 5.0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) version parameter in protected/views/admin… | |||
| CVE-2015-5375 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in unspecified dialogs for printing content in the Front End in Open-Xchange Server 6 and OX App Suite before 6.22.8-rev8, 6.22.9 before 6.22.9-rev15m, 7.x be… | |||
| CVE-2015-7383 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge through 2015-04-28 allow remote attackers to inject arbitrary web script or… | |||
| CVE-2015-6010 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge before 2015-01-08 allow remote attackers to inject arbitrary web script or … | |||
| CVE-2015-6475 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-4539 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Identity Management & Governance (IMG) before 7.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vector… | |||
| CVE-2015-6303 | medium | — | 4.3 | 11y ago | The Cisco Spark application 2015-07-04 for mobile operating systems does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain … | |||
| CVE-2015-7327 | medium | — | 4.3 | 11y ago | Mozilla Firefox before 41.0 does not properly restrict the availability of High Resolution Time API times, which allows remote attackers to track last-level cache access, and consequently obtain sens… | |||
| CVE-2015-4519 | medium | — | 4.3 | 11y ago | Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow user-assisted remote attackers to bypass intended access restrictions and discover a redirect's target URL via crafted JavaScript co… | |||
| CVE-2015-4502 | medium | — | 4.3 | 11y ago | js/src/proxy/Proxy.cpp in Mozilla Firefox before 41.0 mishandles certain receiver arguments, which allows remote attackers to bypass intended window access restrictions via a crafted web site. | |||
| CVE-2015-4476 | medium | — | 4.3 | 11y ago | Mozilla Firefox before 41.0 on Android allows user-assisted remote attackers to spoof address-bar attributes by leveraging lack of navigation after a paste of a URL with a nonstandard scheme, as demo… | |||
| CVE-2015-5571 | medium | — | 4.3 | 11y ago | Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK &… | |||
| CVE-2015-7307 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the CMS Updater module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving t… | |||
| CVE-2015-6749 | medium | — | 4.3 | 11y ago | Buffer overflow in the aiff_open function in oggenc/audio.c in vorbis-tools 1.4.0 and earlier allows remote attackers to cause a denial of service (crash) via a crafted AIFF file. | |||
| CVE-2015-6238 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Google Analyticator plugin before 6.4.9.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) ga_adsense… | |||
| CVE-2015-7296 | medium | — | 4.3 | 11y ago | Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M use a linear algorithm for selecting the ID value in the header of a DNS que… | |||
| CVE-2015-5992 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in form2WlanSetup.cgi on Philippine Long Distance Telephone (PLDT) SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN and Kasda KW58293 devices… | |||
| CVE-2015-2917 | medium | — | 4.3 | 11y ago | Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M unintentionally omit the X-Frame-Options HTTP header, which makes it easier … | |||
| CVE-2015-5691 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in PHP scripts in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allow remote attackers t… | |||
| CVE-2015-5638 | medium | — | 4.3 | 11y ago | Directory traversal vulnerability in H2O before 1.4.5 and 1.5.x before 1.5.0-beta2, when the file.dir directive is enabled, allows remote attackers to read arbitrary files via a crafted URL. | |||
| CVE-2015-7314 | medium | — | 4.3 | 11y ago | Gollum Exposure of Sensitive Information | |||
| CVE-2015-6939 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the login module in Joomla! 3.4.x before 3.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-5921 | medium | — | 4.3 | 11y ago | WebKit in Apple iOS before 9 mishandles "Content-Disposition: attachment" HTTP headers, which might allow man-in-the-middle attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2015-5920 | medium | — | 4.3 | 11y ago | The Software Update component in Apple iTunes before 12.3 does not properly handle redirection, which allows man-in-the-middle attackers to discover encrypted SMB credentials via unspecified vectors. | |||
| CVE-2015-5916 | medium | — | 4.3 | 11y ago | The Apple Pay component in Apple iOS before 9 allows remote terminals to obtain sensitive recent-transaction information during payments by leveraging the transaction-log feature. | |||
| CVE-2015-5904 | medium | — | 4.3 | 11y ago | Safari in Apple iOS before 9 allows remote attackers to spoof the relationship between URLs and web content via a crafted web site. | |||
| CVE-2015-5880 | medium | — | 4.3 | 11y ago | CoreAnimation in Apple iOS before 9 allows attackers to bypass intended IOSurface restrictions and obtain screen-framebuffer access via a crafted background app. | |||
| CVE-2015-5862 | medium | — | 4.3 | 11y ago | The Audio component in Apple iOS before 9 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted audio file. | |||
| CVE-2015-5856 | medium | — | 4.3 | 11y ago | The Application Store component in Apple iOS before 9 allows remote attackers to cause a denial of service to an enterprise-signed app via a crafted ITMS URL. | |||
| CVE-2015-5855 | medium | — | 4.3 | 11y ago | Apple iOS before 9 allows attackers to discover the e-mail address of a player via a crafted Game Center app. | |||
| CVE-2015-5838 | medium | — | 4.3 | 11y ago | SpringBoard in Apple iOS before 9 does not properly restrict access to privileged API calls, which allows attackers to spoof the dialog windows of an arbitrary app via a crafted app. | |||
| CVE-2015-5837 | medium | — | 4.3 | 11y ago | PluginKit in Apple iOS before 9 allows attackers to bypass an intended app-trust requirement and install arbitrary extensions via a crafted enterprise app. | |||
| CVE-2015-5835 | medium | — | 4.3 | 11y ago | Apple iOS before 9 allows attackers to obtain sensitive information about inter-app communication via a crafted app that conducts an interception attack involving an unspecified URL scheme. | |||
| CVE-2015-5834 | medium | — | 4.3 | 11y ago | IOAcceleratorFamily in Apple iOS before 9 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. | |||
| CVE-2015-5826 | medium | — | 4.3 | 11y ago | WebKit in Apple iOS before 9 does not properly select the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content type, which allows remote attackers to bypass… | |||
| CVE-2015-5825 | medium | — | 4.3 | 11y ago | WebKit in Apple iOS before 9 does not properly restrict the availability of Performance API times, which allows remote attackers to obtain sensitive information about the browser history, mouse movem… | |||
| CVE-2015-5824 | medium | — | 4.3 | 11y ago | The NSURL implementation in the CFNetwork SSL component in Apple iOS before 9 does not properly verify X.509 certificates from SSL servers after a certificate change, which allows man-in-the-middle a… | |||
| CVE-2015-5820 | medium | — | 4.3 | 11y ago | WebKit in Apple iOS before 9 allows remote attackers to trigger a dialing action via a crafted (1) tel://, (2) facetime://, or (3) facetime-audio:// URL. | |||
| CVE-2015-5788 | medium | — | 4.3 | 11y ago | The WebKit Canvas implementation in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain sensitive image information via vectors involving a CANVAS element. | |||
| CVE-2015-5767 | medium | — | 4.3 | 11y ago | The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5765. | |||
| CVE-2015-5765 | medium | — | 4.3 | 11y ago | The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5764 and CVE-2015-5767. | |||
| CVE-2015-5764 | medium | — | 4.3 | 11y ago | The user interface in Safari in Apple iOS before 9 allows remote attackers to spoof URLs via unspecified vectors, a different vulnerability than CVE-2015-5765 and CVE-2015-5767. | |||
| CVE-2015-6672 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 132.8, 10.5 before Build… | |||
| CVE-2015-6929 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in Nokia Networks (formerly Nokia Solutions and Networks and Nokia Siemens Networks) @vantage Commander allow remote attackers to inject arbitrary … | |||
| CVE-2015-6969 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in js/2k11.min.js in the 2k11 theme in Serendipity before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via a user name in a comment, w… | |||
| CVE-2015-6290 | medium | — | 4.3 | 11y ago | Cisco Web Security Appliance (WSA) 8.0.7 allows remote HTTP servers to cause a denial of service (memory consumption from stale TCP connections) via crafted responses, aka Bug ID CSCuw10426. | |||
| CVE-2015-5630 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the NTT Broadband Platform Japan Connected-free Wi-Fi application 1.6.0 and earlier for Android and 1.0.2 and earlier for iOS allows remote attackers to in… | |||
| CVE-2015-6920 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in js/window.php in the sourceAFRICA plugin 0.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter. | |||
| CVE-2015-6919 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the googleSearch (CSE) (com_googlesearch_cse) component 3.0.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the q paramete… | |||
| CVE-2015-6913 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the "Create download task via URL" feature in Synology Download Station before 3.5-2967 allows remote attackers to inject arbitrary web script or HTML via … | |||
| CVE-2015-6909 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the "Create download task via file upload" feature in Synology Download Station before 3.5-2962 allows remote attackers to inject arbitrary web script or H… | |||
| CVE-2015-6675 | medium | — | 4.3 | 11y ago | Siemens RUGGEDCOM ROS 3.8.0 through 4.1.x permanently enables the IP forwarding feature, which allows remote attackers to bypass a VLAN isolation protection mechanism via IP traffic. | |||
| CVE-2015-6466 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the Diagnosis Ping feature in the administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote attackers to i… | |||
| CVE-2015-6584 | medium | — | 4.3 | 11y ago | DataTable Vulnerable to Cross-Site Scripting | |||
| CVE-2015-2544 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 Cumulative Update 8 and 9 and SP1 allows remote attackers to inject arbitrary web script or HTML… | |||
| CVE-2015-2543 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 Cumulative Update 8 and 9 allows remote attackers to inject arbitrary web script or HTML via a c… | |||
| CVE-2015-2536 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Microsoft Lync Server 2013 and Skype for Business Server 2015 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Skype … | |||
| CVE-2015-2532 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Microsoft Lync Server 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Lync Server XSS Information Disclosure Vu… | |||
| CVE-2015-2531 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the jQuery engine in Microsoft Lync Server 2013 and Skype for Business Server 2015 allows remote attackers to inject arbitrary web script or HTML via a cra… | |||
| CVE-2015-2516 | medium | — | 4.3 | 11y ago | Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 all… | |||
| CVE-2015-2489 | medium | — | 4.3 | 11y ago | Microsoft Internet Explorer 11 allows remote attackers to gain privileges via a crafted web site, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Elevation of Privilege V… | |||
| CVE-2015-5625 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in OpenDocMan before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via the redirection parameter. | |||
| CVE-2015-2989 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in index.php in LEMON-S PHP Twit BBS allows remote attackers to inject arbitrary web script or HTML via the imagetitle parameter. | |||
| CVE-2015-2986 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in rakuto.net hitSuji (rktSNS2) 0.2.2b allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-2985 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in guide-park.com BBS X102 1.03 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-5612 | medium | — | 4.3 | 11y ago | October CMS XSS In Caption Tag of Profile | |||
| CVE-2015-6583 | medium | — | 4.3 | 11y ago | Google Chrome before 45.0.2454.85 does not display a location bar for a hosted app's window after navigation away from the installation site, which might make it easier for remote attackers to spoof … | |||
| CVE-2015-1298 | medium | — | 4.3 | 11y ago | The RuntimeEventRouter::OnExtensionUninstalled function in extensions/browser/api/runtime/runtime_api.cc in Google Chrome before 45.0.2454.85 does not ensure that the setUninstallURL preference corre… | |||
| CVE-2015-4552 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the quick edit function in xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the co… | |||
| CVE-2015-6506 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the cryptography interface in Request Tracker (RT) before 4.2.12 allows remote attackers to inject arbitrary web script or HTML via a crafted public key. | |||
| CVE-2015-6737 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the Widgets extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via vectors involving base64 encoded content. | |||
| CVE-2015-6734 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in contrib/cssgen.php in the GeSHi, as used in the SyntaxHighlight_GeSHi extension and MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.… | |||
| CVE-2015-6732 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in the SemanticForms extension for MediaWiki allow remote attackers to inject arbitrary web script or HTML via the (1) wpSummary parameter to Speci… | |||
| CVE-2015-6731 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in the SemanticForms extension for MediaWiki allow remote attackers to inject arbitrary web script or HTML via a (1) section_*, (2) template_*, (3)… |