CVEs from 2016
Total
8,461
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-10316 | medium | 6.1 | 6.1 | 9y ago | Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to condu… | |||
| CVE-2016-10315 | medium | 6.1 | 6.1 | 9y ago | Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to condu… | |||
| CVE-2016-8789 | medium | 6.1 | 6.1 | 9y ago | Huawei eSpace Integrated Access Device (IAD) with software V300R001C03, V300R001C04, V300R001C06, V300R001C20, and V300R001C07 allows an attacker to trick a user into clicking a URL containing malici… | |||
| CVE-2016-9990 | medium | 6.1 | 6.1 | 9y ago | IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially lea… | |||
| CVE-2016-6209 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in Nagios. | |||
| CVE-2016-6846 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite backend before 7.6.2-rev59, 7.8.0 before 7.8.0-rev38, 7.8.2 before 7.8.2-rev8; AppSuite frontend before 7.6.2-rev47, 7.8.0 befor… | |||
| CVE-2016-9466 | medium | 6.1 | 6.1 | 9y ago | Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Reflected XSS in the Gallery application. The gallery app was not properly sanitizing exception messages from the N… | |||
| CVE-2016-9459 | medium | 6.1 | 6.1 | 9y ago | Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentially leading to a local XSS. The download log functionality in the admin screen is… | |||
| CVE-2016-9169 | medium | 6.1 | 6.1 | 9y ago | A reflected XSS vulnerability exists in the web console of the Document Viewer Agent in Novell GroupWise before 2014 R2 Support Pack 1 Hot Patch 2 that may enable a remote attacker to execute JavaScr… | |||
| CVE-2016-5756 | medium | 6.1 | 6.1 | 9y ago | Multiple components of the web tools in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 were vulnerable to Reflected Cross Site Scripting attacks which could be used to hijack us… | |||
| CVE-2016-5751 | medium | 6.1 | 6.1 | 9y ago | An unfiltered finalizer target URL in the SAML processing feature in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 could be used to trigger XSS and leak authentica… | |||
| CVE-2016-4930 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in Junos Space before 15.2R2 allows remote attackers to steal sensitive information or perform certain administrative actions. | |||
| CVE-2016-0770 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in includes/admin/pages/manage.php in the Connections Business Directory plugin before 8.5.9 for WordPress allows remote attackers to inject arbitrary web scr… | |||
| CVE-2016-8011 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in Intel Security McAfee Endpoint Security (ENS) Web Control before 10.2.0.408.10 allows attackers to inject arbitrary web script or HTML via a crafted web site. | |||
| CVE-2016-9723 | medium | 6.1 | 6.1 | 9y ago | IBM QRadar 7.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to … | |||
| CVE-2016-9693 | medium | 6.1 | 6.1 | 9y ago | IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download capability that is vulnerable to a set of attacks. Ultimately, an attacker can cause an unauthenticated victim to download a malicio… | |||
| CVE-2016-7140 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in the ZMI page in Zope2 in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to inject arbitrary web… | |||
| CVE-2016-7139 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in an unspecified page template in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web sc… | |||
| CVE-2016-7138 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the URL checking infrastructure in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web… | |||
| CVE-2016-4948 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in Cloudera Manager 5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Template Name field when renaming a t… | |||
| CVE-2016-4946 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in Cloudera HUE 3.9.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) First name or (2) Last name field in th… | |||
| CVE-2016-9148 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in CA Service Desk Manager (formerly CA Service Desk) 12.9 and 14.1 allows remote attackers to inject arbitrary web script or HTML via the QBE.EQ.REF_NUM para… | |||
| CVE-2016-10203 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the name when creating a new monitor. | |||
| CVE-2016-10202 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the path info to index.php. | |||
| CVE-2016-10201 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter in a download log request to index.php. | |||
| CVE-2016-8232 | medium | 6.1 | 6.1 | 9y ago | Document Object Model-(DOM) based cross-site scripting vulnerability in the Advanced Management Module (AMM) versions earlier than 66Z of Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 allows a… | |||
| CVE-2016-5883 | medium | 6.1 | 6.1 | 9y ago | IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially lea… | |||
| CVE-2016-9910 | medium | 6.1 | 6.1 | 9y ago | The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting (XSS) attacks by leveraging mishandling of special characters in attribute values, a differen… | |||
| CVE-2016-9909 | medium | 6.1 | 6.1 | 9y ago | The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting (XSS) attacks by leveraging mishandling of the < (less than) character in attribute values. | |||
| CVE-2016-7762 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "WebKit" component, which allows XSS attacks against Safari. | |||
| CVE-2016-6191 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in the View Raw Source page in the Web Calendar in SOGo before 3.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) Desc… | |||
| CVE-2016-5364 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in manage_custom_field_edit_page.php in MantisBT 1.2.19 and earlier allows remote attackers to inject arbitrary web script or HTML via the return parameter. | |||
| CVE-2016-9139 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.3.x before 3.3.16, 4.0.x before 4.0.19, and 5.0.x before 5.0.14 allows remote attackers to inject arbitrary web script … | |||
| CVE-2016-4327 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in WSO2 SOA Enablement Server for Java/6.6 build SSJ-6.6-20090827-1616 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH… | |||
| CVE-2016-6062 | medium | 6.1 | 6.1 | 9y ago | IBM Resilient v26.0, v26.1, and v26.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality … | |||
| CVE-2016-9010 | medium | 6.1 | 6.1 | 9y ago | IBM WebSphere Message Broker 9.0 and 10.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could expl… | |||
| CVE-2016-9371 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPor… | |||
| CVE-2016-8376 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0. This non-validated redirect/non-validated forward (OPEN REDIRECT) allows chaining with authenticated vul… | |||
| CVE-2016-8359 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware… | |||
| CVE-2016-5811 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in Visonic PowerLink2, all versions prior to October 2016 firmware release. User controlled input is not neutralized prior to being placed in web page output (CROSS-SITE SCRIP… | |||
| CVE-2016-2274 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in Adcon Telemetry A850 Telemetry Gateway Base Station. The Web Interface does not neutralize or incorrectly neutralizes user-controllable input before it is placed in the out… | |||
| CVE-2016-10216 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in IT ITems DataBase (ITDB) through 1.23. The vulnerability exists due to insufficient filtration of user-supplied data in the "value" HTTP POST parameter passed to the "itdb-… | |||
| CVE-2016-10215 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in Fastspot BigTree bigtree-form-builder before 1.2. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP POST parameters passed to a… | |||
| CVE-2016-4988 | medium | 6.1 | 6.1 | 9y ago | Cross-site Scripting in Jenkins Build Failure Analyzer plugin | |||
| CVE-2016-5902 | medium | 6.1 | 6.1 | 9y ago | IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentiall… | |||
| CVE-2016-6096 | medium | 6.1 | 6.1 | 9y ago | IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended… | |||
| CVE-2016-7147 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the manage_findResult component in the search feature in Zope ZMI in Plone before 4.3.12 and 5.x before 5.0.7 allows remote attackers to inject arbitrary w… | |||
| CVE-2016-9872 | medium | 6.1 | 6.1 | 9y ago | EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has Reflected Cross-Site Scripting Vulnerabilities that could potentially be exploited by malicious users to compromise the affected sy… | |||
| CVE-2016-0919 | medium | 6.1 | 6.1 | 9y ago | EMC RSA Web Threat Detection version 5.0, RSA Web Threat Detection version 5.1, RSA Web Threat Detection version 5.1.2 has a cross site scripting vulnerability that could potentially be exploited by … | |||
| CVE-2016-9704 | medium | 6.1 | 6.1 | 10y ago | IBM Security Identity Manager Virtual Appliance is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended func… | |||
| CVE-2016-9000 | medium | 6.1 | 6.1 | 10y ago | IBM InfoSphere DataStage is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. A remote attacker could exploit this vulnerability using a specially-crafted URL to nav… | |||
| CVE-2016-5881 | medium | 6.1 | 6.1 | 10y ago | IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to cred… | |||
| CVE-2016-8961 | medium | 6.1 | 6.1 | 10y ago | IBM BigFix Inventory v9 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could… | |||
| CVE-2016-8936 | medium | 6.1 | 6.1 | 10y ago | IBM Social Rendering Templates for Digital Data Connector is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the int… | |||
| CVE-2016-8922 | medium | 6.1 | 6.1 | 10y ago | Exphox WebRadar is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to… | |||
| CVE-2016-6113 | medium | 6.1 | 6.1 | 10y ago | IBM Verse is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to crede… | |||
| CVE-2016-6020 | medium | 6.1 | 6.1 | 10y ago | IBM Sterling B2B Integrator Standard Edition could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a … | |||
| CVE-2016-6000 | medium | 6.1 | 6.1 | 10y ago | IBM TRIRIGA Application Platform is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality poten… | |||
| CVE-2016-5984 | medium | 6.1 | 6.1 | 10y ago | IBM InfoSphere Information Server is vulnerable to cross-frame scripting, caused by insufficient HTML iframe protection. A remote attacker could exploit this vulnerability using a specially-crafted U… | |||
| CVE-2016-5884 | medium | 6.1 | 6.1 | 10y ago | IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to cred… | |||
| CVE-2016-5882 | medium | 6.1 | 6.1 | 10y ago | IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to cred… | |||
| CVE-2016-3018 | medium | 6.1 | 6.1 | 10y ago | IBM Security Access Manager for Web is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality po… | |||
| CVE-2016-2939 | medium | 6.1 | 6.1 | 10y ago | IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to cred… | |||
| CVE-2016-2938 | medium | 6.1 | 6.1 | 10y ago | IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to cred… | |||
| CVE-2016-9421 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the Users module in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 might allow remote attackers to i… | |||
| CVE-2016-9419 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to inject arbitrary web scrip… | |||
| CVE-2016-9409 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web … | |||
| CVE-2016-9408 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the Mod control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web sc… | |||
| CVE-2016-9407 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors … | |||
| CVE-2016-9406 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the User control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web s… | |||
| CVE-2016-9405 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in member validation in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script… | |||
| CVE-2016-9404 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors … | |||
| CVE-2016-6285 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in includes/decorators/global-translations.jsp in Atlassian JIRA before 7.2.2 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host… | |||
| CVE-2016-8329 | medium | 6.1 | 6.1 | 10y ago | Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Mobile Application Platform). Supported versions that are affected are 8.54 and 8.55. Eas… | |||
| CVE-2016-8320 | medium | 6.1 | 6.1 | 10y ago | Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.… | |||
| CVE-2016-8319 | medium | 6.1 | 6.1 | 10y ago | Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0… | |||
| CVE-2016-8303 | medium | 6.1 | 6.1 | 10y ago | Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.… | |||
| CVE-2016-8282 | medium | 6.1 | 6.1 | 10y ago | Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2… | |||
| CVE-2016-6908 | medium | 6.1 | 6.1 | 10y ago | Characters from languages are such as Arabic, Hebrew are displayed from RTL (Right To Left) order in Opera 37.0.2192.105088 for Android, due to mishandling of several unicode characters such as U+FE7… | |||
| CVE-2016-9222 | medium | 6.1 | 6.1 | 10y ago | A vulnerability in the web-based management interface of Cisco NetFlow Generation Appliance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a us… | |||
| CVE-2016-8215 | medium | 6.1 | 6.1 | 10y ago | EMC RSA Security Analytics 10.5.3 and 10.6.2 contains fixes for a Reflected Cross-Site Scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. | |||
| CVE-2016-6484 | medium | 6.1 | 6.1 | 10y ago | CRLF injection vulnerability in Infoblox Network Automation NetMRI before 7.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the contentTyp… | |||
| CVE-2016-4056 | medium | 6.1 | 6.1 | 10y ago | TYPO3 Backend component Cross-site scripting (XSS) vulnerability | |||
| CVE-2016-0765 | medium | 6.1 | 6.1 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in eshop-orders.php in the eShop plugin 6.3.14 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page or (2) … | |||
| CVE-2016-8213 | medium | 6.1 | 6.1 | 10y ago | EMC Documentum WebTop Version 6.8, prior to P18 and Version 6.8.1, prior to P06; and EMC Documentum TaskSpace version 6.7SP3, prior to P02; and EMC Documentum Capital Projects Version 1.9, prior to P… | |||
| CVE-2016-5226 | medium | 6.1 | 6.1 | 10y ago | multiple issues in chromium | |||
| CVE-2016-5208 | medium | 6.1 | 6.1 | 10y ago | multiple issues in chromium | |||
| CVE-2016-5207 | medium | 6.1 | 6.1 | 10y ago | multiple issues in chromium | |||
| CVE-2016-5205 | medium | 6.1 | 6.1 | 10y ago | multiple issues in chromium | |||
| CVE-2016-5204 | medium | 6.1 | 6.1 | 10y ago | multiple issues in chromium | |||
| CVE-2016-3999 | medium | 6.1 | 6.1 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 104552 and 104… | |||
| CVE-2016-3412 | medium | 6.1 | 6.1 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 103997, 104413… | |||
| CVE-2016-3410 | medium | 6.1 | 6.1 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 103956, 103995… | |||
| CVE-2016-3409 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 102637. | |||
| CVE-2016-3408 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 101813. | |||
| CVE-2016-3407 | medium | 6.1 | 6.1 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 104222, 104910… | |||
| CVE-2016-7981 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action. | |||
| CVE-2016-7149 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to the autolink function. | |||
| CVE-2016-5737 | medium | 6.1 | 6.1 | 10y ago | The Gerrit configuration in the Openstack Puppet module for Gerrit (aka puppet-gerrit) improperly marks text/html as a safe mimetype, which might allow remote attackers to conduct cross-site scriptin… | |||
| CVE-2016-5715 | medium | 6.1 | 6.1 | 10y ago | Open redirect vulnerability in the Console in Puppet Enterprise 2015.x and 2016.x before 2016.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a /… |