CVEs from 2016
Total
8,461
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-6436 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in HostScan Engine 3.0.08062 through 3.1.14018 in the Cisco Host Scan package, as used in ASA Web VPN, allows remote attackers to inject arbitrary web script … | |||
| CVE-2016-6425 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers t… | |||
| CVE-2016-6027 | medium | 6.1 | 6.1 | 10y ago | The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 does not enable the HSTS protection mechanism, which makes it easier for remot… | |||
| CVE-2016-6418 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Cisco Videoscape Distribution Suite Service Manager (VDS-SM) 3.0 through 3.4.0 allows remote attackers to inject arbitrary web script or HTML via a crafted… | |||
| CVE-2016-7571 | medium | 6.1 | 6.1 | 10y ago | Drupal Cross-site scripting (XSS) vulnerability | |||
| CVE-2016-5061 | medium | 6.1 | 6.1 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in the web server in Aternity before 9.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTPAgent, (2) MacAgent, (3) g… | |||
| CVE-2016-6840 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the management interface in Huawei OceanStor ISM before V200R001C04SPC200 allows remote attackers to inject arbitrary web script or HTML via the loginName … | |||
| CVE-2016-4993 | medium | 6.1 | 6.1 | 10y ago | Improper Neutralization of CRLF Sequences in Wildfly Undertow | |||
| CVE-2016-4618 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Safari Reader in Apple iOS before 10 and Safari before 10 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Unive… | |||
| CVE-2016-6158 | medium | 6.1 | 6.1 | 10y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei WS331a routers with software before WS331a-10 V100R001C01B112 allow remote attackers to hijack the authentication of administrator… | |||
| CVE-2016-4969 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote attackers to inject arbitrary web script or HTML via the IP parameter to script/statisti… | |||
| CVE-2016-6404 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the web framework in Cisco IOx Local Manager in IOS 15.5(2)T and IOS XE allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a… | |||
| CVE-2016-6643 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-6642 | medium | 6.1 | 6.1 | 10y ago | Cross-site request forgery (CSRF) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to hijack the authentication of administrators for requests that upload files. | |||
| CVE-2016-0927 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-0926 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Apps Manager in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.32 and 1.7.x before 1.7.8 allows remote attackers to inject arbitrary web script or … | |||
| CVE-2016-3379 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2016 Cumulative Update 1 and 2 allows remote attackers to inject arbitrary web script or HTML via a meeting-invitation request, a… | |||
| CVE-2016-5165 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the Developer Tools (aka DevTools) subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allows remote attack… | |||
| CVE-2016-5164 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in WebKit/Source/platform/v8_inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Li… | |||
| CVE-2016-5148 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web s… | |||
| CVE-2016-5147 | medium | 6.1 | 6.1 | 10y ago | Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles deferred page loads, which allows remote attackers to inject arbitrary web script … | |||
| CVE-2016-6839 | medium | 6.1 | 6.1 | 10y ago | CRLF injection vulnerability in Huawei FusionAccess before V100R006C00 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | |||
| CVE-2016-7033 | medium | 6.1 | 6.1 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in the admin pages in dashbuilder in Red Hat JBoss BPM Suite 6.3.2 allow remote attackers to inject arbitrary web script or HTML via unspecified ve… | |||
| CVE-2016-5699 | medium | 6.1 | 6.1 | 10y ago | CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP… | |||
| CVE-2016-4851 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Let's PHP! simple chat before 2016-08-15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-4848 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in ClipBucket before 2.8.1 RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-1471 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to inject arbitrary web script … | |||
| CVE-2016-0293 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.1.8 and 9.2.x before 9.2.8 allows remote attackers to inject arbitrary web script or HT… | |||
| CVE-2016-5721 | medium | 6.1 | 6.1 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-7103 | medium | 6.1 | 6.1 | 10y ago | jQuery-UI vulnerable to Cross-site Scripting in dialog closeText | |||
| CVE-2016-5663 | medium | 6.1 | 6.1 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in oauth_callback.php on Accellion Kiteworks appliances before kw2016.03.00 allow remote attackers to inject arbitrary web script or HTML via the (… | |||
| CVE-2016-6365 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.0.2, 5.3.1, and 5.4.0 allows remote attackers to inject arbitrary web script or HTML via unspec… | |||
| CVE-2016-6359 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Cisco Transport Gateway Installation Software 4.1(4.0) on Smart Call Home Transport Gateway devices allows remote attackers to inject arbitrary web script … | |||
| CVE-2016-1485 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Cisco Identity Services Engine 1.3(0.876) allows remote attackers to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCva46497. | |||
| CVE-2016-6319 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in app/helpers/form_helper.rb in Foreman before 1.12.2, as used by Remote Execution and possibly other plugins, allows remote attackers to inject arbitrary we… | |||
| CVE-2016-3195 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the Web-UI in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attac… | |||
| CVE-2016-3194 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the address added page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows … | |||
| CVE-2016-3089 | medium | 6.1 | 6.1 | 10y ago | Apache OpenMeetings Cross-site Scripting vulnerability | |||
| CVE-2016-6316 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or… | |||
| CVE-2016-4170 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-4168 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 5.6.1, 6.0, and 6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-5331 | medium | 6.1 | 6.1 | 10y ago | CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 and ESXi 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified v… | |||
| CVE-2016-6634 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the network settings page in WordPress before 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-3097 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via a group name, related to viewing snapshot data. | |||
| CVE-2016-3080 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via the (1) RHNMD User or (2) Filesystem parameters,… | |||
| CVE-2016-5262 | medium | 6.1 | 6.1 | 10y ago | Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 process JavaScript event-handler attributes of a MARQUEE element within a sandboxed IFRAME element that lacks the sandbox="allow-scripts" … | |||
| CVE-2016-4833 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the Nofollow Links plugin before 1.0.11 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-1462 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Prime Service Catalog (PSC) 11.0 allows remote attackers to inject arbitrary web script or HTML via a crafted v… | |||
| CVE-2016-6204 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the integrated web server in Siemens SINEMA Remote Connect Server before 1.2 allows remote attackers to inject arbitrary web script or HTML via a crafted U… | |||
| CVE-2016-4651 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the WebKit JavaScript bindings in Apple iOS before 9.3.3 and Safari before 9.1.2 allows remote attackers to inject arbitrary web script or HTML via a craft… | |||
| CVE-2016-4585 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to inject arbitrary we… | |||
| CVE-2016-3589 | medium | 6.1 | 6.1 | 10y ago | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Applications 12.0.1, 12.0.2, and 12.0.3 allows remote attackers to affect confidentiality and in… | |||
| CVE-2016-3573 | medium | 6.1 | 6.1 | 10y ago | Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote attackers to affect con… | |||
| CVE-2016-3571 | medium | 6.1 | 6.1 | 10y ago | Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote attackers to affect con… | |||
| CVE-2016-3570 | medium | 6.1 | 6.1 | 10y ago | Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote attackers to affect con… | |||
| CVE-2016-3569 | medium | 6.1 | 6.1 | 10y ago | Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote attackers to affect con… | |||
| CVE-2016-3568 | medium | 6.1 | 6.1 | 10y ago | Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote attackers to affect con… | |||
| CVE-2016-3566 | medium | 6.1 | 6.1 | 10y ago | Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote attackers to affect con… | |||
| CVE-2016-3557 | medium | 6.1 | 6.1 | 10y ago | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality and integrity via vectors related t… | |||
| CVE-2016-3555 | medium | 6.1 | 6.1 | 10y ago | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality and integrity via vectors related t… | |||
| CVE-2016-3519 | medium | 6.1 | 6.1 | 10y ago | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality and integrity via vectors related t… | |||
| CVE-2016-3478 | medium | 6.1 | 6.1 | 10y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote attackers to affect confidentiality and integrity via vec… | |||
| CVE-2016-3448 | medium | 6.1 | 6.1 | 10y ago | Unspecified vulnerability in the Application Express component in Oracle Database Server before 5.0.4 allows remote attackers to affect confidentiality and integrity via unknown vectors. | |||
| CVE-2016-5660 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in AttachmentsList.aspx in Accela Civic Platform Citizen Access portal allows remote attackers to inject arbitrary web script or HTML via the iframeid paramet… | |||
| CVE-2016-1451 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Meeting Server (formerly Acano Conferencing Server) 1.7 through 1.9 allows remote attackers to inject arbitrary… | |||
| CVE-2016-1449 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Cisco WebEx Meetings Server 2.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy92711. | |||
| CVE-2016-1447 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the administrator interface in Cisco WebEx Meetings Server 2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka … | |||
| CVE-2016-4508 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Rexroth Bosch BLADEcontrol-WebVIS 3.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-5099 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mish… | |||
| CVE-2016-2862 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 before 7.0.0.9 cumulative iFix 3, and 8.0 before 8.0.0.5 allows remote attackers to inject arbitrary web s… | |||
| CVE-2016-0359 | medium | 6.1 | 6.1 | 10y ago | CRLF injection vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 Full before 8.5.5.10, and 8.5 Liberty before Liberty Fix Pack 16.0.0.2 allows remo… | |||
| CVE-2016-5733 | medium | 6.1 | 6.1 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML v… | |||
| CVE-2016-5732 | medium | 6.1 | 6.1 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in the partition-range implementation in templates/table/structure/display_partitions.phtml in the table-structure page in phpMyAdmin 4.6.x before … | |||
| CVE-2016-5731 | medium | 6.1 | 6.1 | 10y ago | phpMyAdmin Cross-site scripting (XSS) vulnerability | |||
| CVE-2016-5705 | medium | 6.1 | 6.1 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) … | |||
| CVE-2016-5704 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving a comment. | |||
| CVE-2016-5701 | medium | 6.1 | 6.1 | 10y ago | phpMyAdmin vulnerable to Cross-site Scripting | |||
| CVE-2016-2081 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-5834 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the wp_get_attachment_link function in wp-includes/post-template.php in WordPress before 4.5.3 allows remote attackers to inject arbitrary web script or HT… | |||
| CVE-2016-5833 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the column_title function in wp-admin/includes/class-wp-media-list-table.php in WordPress before 4.5.3 allows remote attackers to inject arbitrary web scri… | |||
| CVE-2016-0229 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in IBM Marketing Platform 8.6.x and 9.x before 9.1.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||
| CVE-2016-4513 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the Schneider Electric PowerLogic PM8ECC module before 2.651 for PowerMeter 800 devices allows remote attackers to inject arbitrary web script or HTML via … | |||
| CVE-2016-4827 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a d… | |||
| CVE-2016-4826 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a d… | |||
| CVE-2016-1439 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Contact Center Enterprise through 10.5(2) allows remote attackers to inject arbitrary web script or HTML via a cr… | |||
| CVE-2016-1226 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Trend Micro Internet Security 8 and 10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-1197 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.x before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2… | |||
| CVE-2016-1396 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices w… | |||
| CVE-2016-1224 | medium | 6.1 | 6.1 | 10y ago | CRLF injection vulnerability in Trend Micro Worry-Free Business Security Service 5.x and Worry-Free Business Security 9.0 allows remote attackers to inject arbitrary HTTP headers and conduct cross-si… | |||
| CVE-2016-1431 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, … | |||
| CVE-2016-5433 | medium | 6.1 | 6.1 | 10y ago | Citrix iOS Receiver before 7.0 allows attackers to cause TLS certificates to be incorrectly validated via unspecified vectors. | |||
| CVE-2016-4164 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Adobe Brackets before 1.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-4159 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 20, 11 before Update 9, and 2016 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unspe… | |||
| CVE-2016-3212 | medium | 6.1 | 6.1 | 10y ago | The XSS Filter in Microsoft Internet Explorer 9 through 11 does not properly identify JavaScript, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafte… | |||
| CVE-2016-2833 | medium | 6.1 | 6.1 | 10y ago | Mozilla Firefox before 47.0 ignores Content Security Policy (CSP) directives for cross-domain Java applets, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks vi… | |||
| CVE-2016-4363 | medium | 6.1 | 6.1 | 10y ago | HPE Insight Control server deployment allows remote attackers to modify data via unspecified vectors. | |||
| CVE-2016-2078 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the Web Client in VMware vCenter Server 5.1 before update 3d, 5.5 before update 3d, and 6.0 before update 2 on Windows allows remote attackers to inject ar… | |||
| CVE-2016-1682 | medium | 6.1 | 6.1 | 10y ago | The ServiceWorkerContainer::registerServiceWorkerImpl function in WebKit/Source/modules/serviceworkers/ServiceWorkerContainer.cpp in Blink, as used in Google Chrome before 51.0.2704.63, allows remote… | |||
| CVE-2016-1230 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in NTT PC Communications WebARENA Service formmail before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-1222 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Kobe Beauty php-contact-form before 2016-05-18 allows remote attackers to inject arbitrary web script or HTML via a crafted URI. |