CVEs from 2016
Total
8,461
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-3150 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in wallpaper.php in the Base Unit in Barco ClickShare CSC-1 devices with firmware before 01.09.03, CSM-1 devices with firmware before 01.06.02, and CSE-200 de… | |||
| CVE-2016-6837 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in MantisBT Filter API in MantisBT versions before 1.2.19, and versions 2.0.0-beta1, 1.3.0-beta1 allows remote attackers to inject arbitrary web script or HTM… | |||
| CVE-2016-6856 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the Inbox Search feature in Hybris Management Console (HMC) in SAP Hybris before 6.0 allows remote attackers to inject arbitrary web script or HTML via the… | |||
| CVE-2016-10083 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in admin/plugin.php in Piwigo through 2.8.3 allows remote attackers to inject arbitrary web script or HTML via a crafted filename that is mishandled in a cert… | |||
| CVE-2016-10006 | medium | 6.1 | 6.1 | 10y ago | OWASP AntiSamy vulnerable to Cross-site Scripting | |||
| CVE-2016-9889 | medium | 6.1 | 6.1 | 10y ago | Some forms with the parameter geo_zoomlevel_to_found_location in Tiki Wiki CMS 12.x before 12.10 LTS, 15.x before 15.3 LTS, and 16.x before 16.1 don't have the input sanitized, related to tiki-setup.… | |||
| CVE-2016-5303 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the Horde Text Filter API in Horde Groupware and Horde Groupware Webmail Edition before 5.2.16 allows remote attackers to inject arbitrary web script or HT… | |||
| CVE-2016-4552 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the href attribute in an area tag in an e-mail message. | |||
| CVE-2016-7282 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Mi… | |||
| CVE-2016-7280 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Edge Information Disclosure Vulnerabi… | |||
| CVE-2016-7206 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Edge Information Disclosure Vulnerabi… | |||
| CVE-2016-5191 | medium | 6.1 | 6.1 | 10y ago | multiple issues in chromium | |||
| CVE-2016-5181 | medium | 6.1 | 6.1 | 10y ago | multiple issues in chromium | |||
| CVE-2016-9998 | medium | 6.1 | 6.1 | 10y ago | SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/info_plugin.php involving the `$plugin` parameter, as demonstrated by a /ecrire/?exec=info_plugin URL. | |||
| CVE-2016-9997 | medium | 6.1 | 6.1 | 10y ago | SPIP 3.1.x suffers from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/puce_statut.php involving the `$id` parameter, as demonstrated by a /ecrire/?exec=puce_statut URL. | |||
| CVE-2016-8820 | medium | 6.1 | 6.1 | 10y ago | All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a check on a function return value is missing, potenti… | |||
| CVE-2016-7891 | medium | 6.1 | 6.1 | 10y ago | Adobe RoboHelp version 2015.0.3 and earlier, RoboHelp 11 and earlier have an input validation issue that could be used in cross-site scripting attacks. | |||
| CVE-2016-7884 | medium | 6.1 | 6.1 | 10y ago | Adobe Experience Manager versions 6.1 and earlier have an input validation issue in the DAM create assets that could be used in cross-site scripting attacks. | |||
| CVE-2016-7883 | medium | 6.1 | 6.1 | 10y ago | Adobe Experience Manager version 6.2 has an input validation issue in create Launch wizard that could be used in cross-site scripting attacks. | |||
| CVE-2016-7882 | medium | 6.1 | 6.1 | 10y ago | Adobe Experience Manager versions 6.2 and earlier have an input validation issue in the WCMDebug filter that could be used in cross-site scripting attacks. | |||
| CVE-2016-6934 | medium | 6.1 | 6.1 | 10y ago | Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the PMAdmin module that could be used in cross-site scripting attacks. | |||
| CVE-2016-6933 | medium | 6.1 | 6.1 | 10y ago | Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the AACComponent that could be used in cross-site scripting attacks. | |||
| CVE-2016-6850 | medium | 6.1 | 6.1 | 10y ago | An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. SVG files can be used as profile pictures. In case their XML structure contains iframes and script code, that code may get exec… | |||
| CVE-2016-6847 | medium | 6.1 | 6.1 | 10y ago | An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. SVG files can be used as mp3 album covers. In case their XML structure contains script code, that code may get executed when ca… | |||
| CVE-2016-6845 | medium | 6.1 | 6.1 | 10y ago | An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code within hyperlinks at HTML E-Mails is not getting correctly sanitized when using base64 encoded "data" resources. Th… | |||
| CVE-2016-6844 | medium | 6.1 | 6.1 | 10y ago | An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code within SVG files is maintained when opening such files "in browser" based on our Mail or Drive app. In case of "a" … | |||
| CVE-2016-6843 | medium | 6.1 | 6.1 | 10y ago | An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code can be injected to contact names. When adding those contacts to a group, the script code gets executed in the conte… | |||
| CVE-2016-6842 | medium | 6.1 | 6.1 | 10y ago | An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Setting the user's name to JS code makes that code execute when selecting that user's "Templates" folder from OX Documents sett… | |||
| CVE-2016-5124 | medium | 6.1 | 6.1 | 10y ago | An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev14. Adding images from external sources to HTML editors by drag&drop can potentially lead to script code execution in the context … | |||
| CVE-2016-4045 | medium | 6.1 | 6.1 | 10y ago | An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Script code can be embedded to RSS feeds using a URL notation. In case a user clicks the corresponding link at the RSS reader … | |||
| CVE-2016-4026 | medium | 6.1 | 6.1 | 10y ago | An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The content sanitizer component has an issue with filtering malicious content in case invalid HTML code is provided. In such c… | |||
| CVE-2016-2840 | medium | 6.1 | 6.1 | 10y ago | An issue was discovered in Open-Xchange Server 6 / OX AppSuite before 7.8.0-rev26. The "session" parameter for file-download requests can be used to inject script code that gets reflected through the… | |||
| CVE-2016-9214 | medium | 6.1 | 6.1 | 10y ago | Cisco Identity Services Engine (ISE) contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface… | |||
| CVE-2016-9206 | medium | 6.1 | 6.1 | 10y ago | A vulnerability in the ccmadmin page of Cisco Unified Communications Manager (CUCM) could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks. More Infor… | |||
| CVE-2016-9202 | medium | 6.1 | 6.1 | 10y ago | A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) Switches could allow an unauthenticated, remote attacker to conduct a persistent cross-site scripting (XS… | |||
| CVE-2016-9200 | medium | 6.1 | 6.1 | 10y ago | A vulnerability in the web framework code of Cisco Prime Collaboration Assurance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the… | |||
| CVE-2016-5060 | medium | 6.1 | 6.1 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in nGrinder before 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) description, (2) email, or (3) username parameter … | |||
| CVE-2016-9857 | medium | 6.1 | 6.1 | 10y ago | An issue was discovered in phpMyAdmin. XSS is possible because of a weakness in a regular expression used in some JavaScript processing. All 4.6.x versions (prior to 4.6.5), 4.4.x versions (prior to … | |||
| CVE-2016-9856 | medium | 6.1 | 6.1 | 10y ago | An XSS issue was discovered in phpMyAdmin because of an improper fix for CVE-2016-2559 in PMASA-2016-10. This issue is resolved by using a copy of a hash to avoid a race condition. All 4.6.x versions… | |||
| CVE-2016-6615 | medium | 6.1 | 6.1 | 10y ago | XSS issues were discovered in phpMyAdmin. This affects navigation pane and database/table hiding feature (a specially-crafted database name can be used to trigger an XSS attack); the "Tracking" featu… | |||
| CVE-2016-6608 | medium | 6.1 | 6.1 | 10y ago | XSS issues were discovered in phpMyAdmin. This affects the database privilege check and the "Remove partitioning" functionality. Specially crafted database names can trigger the XSS attack. All 4.6.x… | |||
| CVE-2016-6607 | medium | 6.1 | 6.1 | 10y ago | XSS issues were discovered in phpMyAdmin. This affects Zoom search (specially crafted column content can be used to trigger an XSS attack); GIS editor (certain fields in the graphical GIS editor are … | |||
| CVE-2016-6523 | medium | 6.1 | 6.1 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in the media manager in Dotclear before 2.10 allow remote attackers to inject arbitrary web script or HTML via the (1) q or (2) link_type parameter… | |||
| CVE-2016-9152 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php in SPIP 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the rac parameter. | |||
| CVE-2016-9751 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the search results front end in Piwigo 2.8.3 allows remote attackers to inject arbitrary web script or HTML via the search parameter. | |||
| CVE-2016-3057 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote attackers to inject arbitrary web script or HTML via unspecifie… | |||
| CVE-2016-2934 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-6472 | medium | 6.1 | 6.1 | 10y ago | A vulnerability in several parameters of the ccmivr page of Cisco Unified Communication Manager (CallManager) could allow an unauthenticated, remote attacker to launch a cross-site scripting (XSS) at… | |||
| CVE-2016-7146 | medium | 6.1 | 6.1 | 10y ago | MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation or crafted URL" approach, related to a "Cross Site Scripting (XSS)" issue affecting the ac… | |||
| CVE-2016-7251 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the MDS API in Microsoft SQL Server 2016 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "MDS API XSS Vuln… | |||
| CVE-2016-7223 | medium | 6.1 | 6.1 | 10y ago | Virtual Hard Disk Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 does not properly restrict access to files… | |||
| CVE-2016-9188 | medium | 6.1 | 6.1 | 10y ago | Moodle XSS Vulnerability | |||
| CVE-2016-6451 | medium | 6.1 | 6.1 | 10y ago | Multiple vulnerabilities in the web framework code of the Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against… | |||
| CVE-2016-6429 | medium | 6.1 | 6.1 | 10y ago | A vulnerability in the web framework code of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) att… | |||
| CVE-2016-8583 | medium | 6.1 | 6.1 | 10y ago | Multiple GET parameters in the vulnerability scan scheduler of AlienVault OSSIM and USM before 5.3.2 are vulnerable to reflected XSS. | |||
| CVE-2016-1423 | medium | 6.1 | 6.1 | 10y ago | A vulnerability in the display of email messages in the Messages in Quarantine (MIQ) view in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to … | |||
| CVE-2016-1592 | medium | 6.1 | 6.1 | 10y ago | XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the nrfEntitlementReport.do CGI. | |||
| CVE-2016-8506 | medium | 6.1 | 6.1 | 10y ago | XSS in Yandex Browser Translator in Yandex browser for desktop for versions from 15.12 to 16.2 could be used by remote attacker for evaluation arbitrary javascript code. | |||
| CVE-2016-8505 | medium | 6.1 | 6.1 | 10y ago | XSS in Yandex Browser BookReader in Yandex browser for desktop for versions before 16.6. could be used by remote attacker for evaluation arbitrary javascript code. | |||
| CVE-2016-5622 | medium | 6.1 | 6.1 | 10y ago | Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 through 12.0.3, 12.1.0, and 12.2.0 allows remote attacker… | |||
| CVE-2016-5606 | medium | 6.1 | 6.1 | 10y ago | Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect integrity and availability via vectors related to Kernel Zones. | |||
| CVE-2016-5543 | medium | 6.1 | 6.1 | 10y ago | Unspecified vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component in Oracle Financial Services Applications 12.0.0 and 12.1.0 allows remote attackers to affect co… | |||
| CVE-2016-5530 | medium | 6.1 | 6.1 | 10y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote attackers to affect confidentiality and integrity via vectors re… | |||
| CVE-2016-5529 | medium | 6.1 | 6.1 | 10y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote attackers to affect confidentiality and integrity via vectors re… | |||
| CVE-2016-5512 | medium | 6.1 | 6.1 | 10y ago | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality and integrity via unknown vectors, … | |||
| CVE-2016-0246 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in IBM Security Guardium 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote attackers to inject arbitrary web scrip… | |||
| CVE-2016-8658 | medium | 6.1 | 6.1 | 10y ago | Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.7.5 allows local users to cause a denia… | |||
| CVE-2016-1000155 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin wpsolr-search-engine v7.6 | |||
| CVE-2016-1000154 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin whizz v1.0.7 | |||
| CVE-2016-1000153 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin tidio-gallery v1.1 | |||
| CVE-2016-1000152 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin tidio-form v1.0 | |||
| CVE-2016-1000151 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin tera-charts v1.0 | |||
| CVE-2016-1000150 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin simplified-content v1.0.0 | |||
| CVE-2016-1000149 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin simpel-reserveren v3.5.2 | |||
| CVE-2016-1000148 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin s3-video v0.983 | |||
| CVE-2016-1000147 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin recipes-writer v1.0.4 | |||
| CVE-2016-1000146 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin pondol-formmail v1.1 | |||
| CVE-2016-1000145 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin pondol-carousel v1.0 | |||
| CVE-2016-1000144 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin photoxhibit v2.1.8 | |||
| CVE-2016-1000143 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin photoxhibit v2.1.8 | |||
| CVE-2016-1000142 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin parsi-font v4.2.5 | |||
| CVE-2016-1000141 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin page-layout-builder v1.9.3 | |||
| CVE-2016-1000140 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin new-year-firework v1.1.9 | |||
| CVE-2016-1000139 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin infusionsoft v1.5.11 | |||
| CVE-2016-1000138 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin indexisto v1.0.5 | |||
| CVE-2016-1000137 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin hero-maps-pro v2.1.0 | |||
| CVE-2016-1000136 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin heat-trackr v1.0 | |||
| CVE-2016-1000135 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin hdw-tube v1.2 | |||
| CVE-2016-1000134 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin hdw-tube v1.2 | |||
| CVE-2016-1000133 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin forget-about-shortcode-buttons v1.1.1 | |||
| CVE-2016-1000132 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin enhanced-tooltipglossary v3.2.8 | |||
| CVE-2016-1000131 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin e-search v1.0 | |||
| CVE-2016-1000130 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin e-search v1.0 | |||
| CVE-2016-1000129 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin defa-online-image-protector v3.3 | |||
| CVE-2016-1000128 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin anti-plagiarism v3.60 | |||
| CVE-2016-1000127 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin ajax-random-post v2.00 | |||
| CVE-2016-1000126 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin admin-font-editor v1.8 | |||
| CVE-2016-5325 | medium | 6.1 | 6.1 | 10y ago | CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject… | |||
| CVE-2016-1000007 | medium | 6.1 | 6.1 | 10y ago | Pagure 2.2.1 XSS in raw file endpoint | |||
| CVE-2016-1000114 | medium | 6.1 | 6.1 | 10y ago | XSS in huge IT gallery v1.1.5 for Joomla |