CVEs from 2016
Total
8,459
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-0652 | medium | 5.5 | 5.5 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to DML. | |||
| CVE-2016-0651 | medium | 5.5 | 5.5 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer. | |||
| CVE-2016-0650 | medium | 5.5 | 5.5 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users… | |||
| CVE-2016-0649 | medium | 5.5 | 5.5 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users… | |||
| CVE-2016-0648 | medium | 5.5 | 5.5 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users… | |||
| CVE-2016-0647 | medium | 5.5 | 5.5 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows local users… | |||
| CVE-2016-0646 | medium | 5.5 | 5.5 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users… | |||
| CVE-2016-0644 | medium | 5.5 | 5.5 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users… | |||
| CVE-2016-0469 | medium | 5.5 | 5.5 | 10y ago | Unspecified vulnerability in the Oracle Retail MICROS C2 component in Oracle Retail Applications 9.89.0.0 allows local users to affect confidentiality via vectors related to POS. | |||
| CVE-2016-2202 | medium | 5.5 | 5.5 | 10y ago | The Inventory Solution component in the Management Agent in the client in Symantec Altiris IT Management Suite (ITMS) through 7.6 HF7 allows local users to bypass intended application-blacklist restr… | |||
| CVE-2016-3941 | medium | 5.5 | 5.5 | 10y ago | Buffer overflow in the AStreamPeekStream function in input/stream.c in VideoLAN VLC media player before 2.2.0 allows remote attackers to cause a denial of service (crash) via a crafted wav file, rela… | |||
| CVE-2016-4036 | medium | 5.5 | 5.5 | 10y ago | The quagga package before 0.99.23-2.6.1 in openSUSE and SUSE Linux Enterprise Server 11 SP 1 uses weak permissions for /etc/quagga, which allows local users to obtain sensitive information by reading… | |||
| CVE-2016-2427 | medium | 5.5 | 5.5 | 10y ago | The AES-GCM specification in RFC 5084, as used in Android 5.x and 6.x, recommends 12 octets for the aes-ICVlen parameter field, which might make it easier for attackers to defeat a cryptographic prot… | |||
| CVE-2016-2426 | medium | 5.5 | 5.5 | 10y ago | server/content/ContentService.java in the Framework component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for a GET_ACCOUNTS permissi… | |||
| CVE-2016-2425 | medium | 5.5 | 5.5 | 10y ago | mail/compose/ComposeActivity.java in AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 supports file:///data attachments, which allows attackers… | |||
| CVE-2016-2424 | medium | 5.5 | 5.5 | 10y ago | server/content/SyncStorageEngine.java in SyncStorageEngine in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 mismanages certain authority data, which allo… | |||
| CVE-2016-2415 | medium | 5.5 | 5.5 | 10y ago | exchange/eas/EasAutoDiscover.java in the Autodiscover implementation in Exchange ActiveSync in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to obtain sen… | |||
| CVE-2016-3961 | medium | 5.5 | 5.5 | 10y ago | Xen and the Linux kernel through 4.5.x do not properly suppress hugetlbfs support in x86 PV guests, which allows local PV guest OS users to cause a denial of service (guest OS crash) by attempting to… | |||
| CVE-2016-1496 | medium | 5.5 | 5.5 | 10y ago | The graphics driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-… | |||
| CVE-2016-1789 | medium | 5.5 | 5.5 | 10y ago | Apple iBooks Author before 2.4.1 allows remote attackers to read arbitrary files via an iBooks Author file containing an XML external entity declaration in conjunction with an entity reference, relat… | |||
| CVE-2016-1752 | medium | 5.5 | 5.5 | 10y ago | The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to cause a denial of service via a crafted app. | |||
| CVE-2016-1745 | medium | 5.5 | 5.5 | 10y ago | IOFireWireFamily in Apple OS X before 10.11.4 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors. | |||
| CVE-2016-1732 | medium | 5.5 | 5.5 | 10y ago | AppleRAID in Apple OS X before 10.11.4 allows local users to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds read) via unspecified vectors. | |||
| CVE-2016-1976 | medium | 5.5 | 5.5 | 10y ago | Use-after-free vulnerability in the DesktopDisplayDevice class in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service or poss… | |||
| CVE-2016-0831 | medium | 5.5 | 5.5 | 10y ago | The getDeviceIdForPhone function in internal/telephony/PhoneSubInfoController.java in Telephony in Android 5.x before 5.1.1 LMY49H and 6.x before 2016-03-01 does not check for the READ_PHONE_STATE pe… | |||
| CVE-2016-0821 | medium | 5.5 | 5.5 | 10y ago | The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, w… | |||
| CVE-2016-2529 | medium | 5.5 | 5.5 | 10y ago | The iseries_check_file_type function in wiretap/iseries.c in the iSeries file parser in Wireshark 2.0.x before 2.0.2 does not consider that a line may lack the "OBJECT PROTOCOL" substring, which allo… | |||
| CVE-2016-2527 | medium | 5.5 | 5.5 | 10y ago | wiretap/nettrace_3gpp_32_423.c in the 3GPP TS 32.423 Trace file parser in Wireshark 2.0.x before 2.0.2 does not ensure that a '\0' character is present at the end of certain strings, which allows rem… | |||
| CVE-2016-2271 | medium | 5.5 | 5.5 | 10y ago | VMX in Xen 4.6.x and earlier, when using an Intel or Cyrix CPU, allows local HVM guest users to cause a denial of service (guest crash) via vectors related to a non-canonical RIP. | |||
| CVE-2016-0591 | medium | — | 5.5 | 11y ago | Unspecified vulnerability in the PeopleSoft Enterprise SCM Purchasing component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality and integrity via… | |||
| CVE-2016-0564 | medium | — | 5.5 | 11y ago | Unspecified vulnerability in the Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect confidentiality … | |||
| CVE-2016-0561 | medium | — | 5.5 | 11y ago | Unspecified vulnerability in the Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect confidentiality … | |||
| CVE-2016-0557 | medium | — | 5.5 | 11y ago | Unspecified vulnerability in the Oracle Advanced Collections component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect confidentiality and… | |||
| CVE-2016-0556 | medium | — | 5.5 | 11y ago | Unspecified vulnerability in the Oracle Advanced Collections component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect confidentiality and… | |||
| CVE-2016-0523 | medium | — | 5.5 | 11y ago | Unspecified vulnerability in the Oracle Interaction Blending component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote authenticated users to af… | |||
| CVE-2016-0472 | medium | — | 5.5 | 11y ago | Unspecified vulnerability in the XDB - XML Database component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality and availability v… | |||
| CVE-2016-0470 | medium | — | 5.5 | 11y ago | Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote authenticated users to affect confidentiality and integ… | |||
| CVE-2016-1898 | medium | 5.5 | 5.5 | 11y ago | FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the subfile protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP reques… | |||
| CVE-2016-1897 | medium | 5.5 | 5.5 | 11y ago | FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the concat protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request… | |||
| CVE-2016-3048 | medium | 5.4 | 5.4 | 9y ago | IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functio… | |||
| CVE-2016-3049 | medium | 5.4 | 5.4 | 9y ago | IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser with… | |||
| CVE-2016-8748 | medium | 5.4 | 5.4 | 9y ago | Cross-site Scripting in Apache NiFi | |||
| CVE-2016-2975 | medium | 5.4 | 5.4 | 9y ago | IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially… | |||
| CVE-2016-2967 | medium | 5.4 | 5.4 | 9y ago | IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Sametime away message altering the intended functionality p… | |||
| CVE-2016-2979 | medium | 5.4 | 5.4 | 9y ago | IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functional… | |||
| CVE-2016-2973 | medium | 5.4 | 5.4 | 9y ago | IBM Sametime Media Services 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functional… | |||
| CVE-2016-9732 | medium | 5.4 | 5.4 | 9y ago | IBM Curam Social Program Management 6.0, 6.1, 6.2 and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the int… | |||
| CVE-2016-6021 | medium | 5.4 | 5.4 | 9y ago | IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering t… | |||
| CVE-2016-8949 | medium | 5.4 | 5.4 | 9y ago | IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-craf… | |||
| CVE-2016-6121 | medium | 5.4 | 5.4 | 9y ago | IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the … | |||
| CVE-2016-9718 | medium | 5.4 | 5.4 | 9y ago | IBM InfoSphere Master Data Management Server 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the We… | |||
| CVE-2016-9715 | medium | 5.4 | 5.4 | 9y ago | IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI t… | |||
| CVE-2016-8975 | medium | 5.4 | 5.4 | 9y ago | IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentiall… | |||
| CVE-2016-6118 | medium | 5.4 | 5.4 | 9y ago | IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended … | |||
| CVE-2016-7509 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in GLPI 0.90.4 allows remote authenticated attackers to inject arbitrary web script or HTML by attaching a crafted HTML file to a ticket. | |||
| CVE-2016-8952 | medium | 5.4 | 5.4 | 9y ago | IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thu… | |||
| CVE-2016-6019 | medium | 5.4 | 5.4 | 9y ago | IBM Emptoris Strategic Supply Management Platform 10.0.0.x through 10.1.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thu… | |||
| CVE-2016-8953 | medium | 5.4 | 5.4 | 9y ago | IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a re… | |||
| CVE-2016-8950 | medium | 5.4 | 5.4 | 9y ago | IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functiona… | |||
| CVE-2016-8948 | medium | 5.4 | 5.4 | 9y ago | IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functiona… | |||
| CVE-2016-8946 | medium | 5.4 | 5.4 | 9y ago | IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functiona… | |||
| CVE-2016-6114 | medium | 5.4 | 5.4 | 9y ago | IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functiona… | |||
| CVE-2016-9989 | medium | 5.4 | 5.4 | 9y ago | IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the inten… | |||
| CVE-2016-9988 | medium | 5.4 | 5.4 | 9y ago | IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the inten… | |||
| CVE-2016-9987 | medium | 5.4 | 5.4 | 9y ago | IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the inten… | |||
| CVE-2016-9986 | medium | 5.4 | 5.4 | 9y ago | IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the inten… | |||
| CVE-2016-9746 | medium | 5.4 | 5.4 | 9y ago | IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionalit… | |||
| CVE-2016-9733 | medium | 5.4 | 5.4 | 9y ago | IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionalit… | |||
| CVE-2016-9701 | medium | 5.4 | 5.4 | 9y ago | IBM Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pote… | |||
| CVE-2016-9747 | medium | 5.4 | 5.4 | 9y ago | IBM RELM 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially … | |||
| CVE-2016-9973 | medium | 5.4 | 5.4 | 9y ago | IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leadin… | |||
| CVE-2016-7469 | medium | 5.4 | 5.4 | 9y ago | A stored cross-site scripting (XSS) vulnerability in the Configuration utility device name change page in BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM,… | |||
| CVE-2016-4883 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-4880 | medium | 5.4 | 5.4 | 9y ago | baserCMS Cross-site Scripting vulnerability | |||
| CVE-2016-4877 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-6035 | medium | 5.4 | 5.4 | 9y ago | IBM Rational Quality Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potential… | |||
| CVE-2016-5888 | medium | 5.4 | 5.4 | 9y ago | IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality p… | |||
| CVE-2016-3032 | medium | 5.4 | 5.4 | 9y ago | IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially … | |||
| CVE-2016-6519 | medium | 5.4 | 5.4 | 9y ago | Openstack Manila Persistent XSS in Metadata field | |||
| CVE-2016-9980 | medium | 5.4 | 5.4 | 9y ago | IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intende… | |||
| CVE-2016-9979 | medium | 5.4 | 5.4 | 9y ago | IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intende… | |||
| CVE-2016-3038 | medium | 5.4 | 5.4 | 9y ago | IBM Cognos TM1 10.1 and 10.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potential… | |||
| CVE-2016-0228 | medium | 5.4 | 5.4 | 9y ago | IBM Marketing Platform 10.0 could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in various scripts. An attacker could exploit this vulnerability to red… | |||
| CVE-2016-4870 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the Schedule function. | |||
| CVE-2016-4888 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ServiceDesk Plus before 9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-8927 | medium | 5.4 | 5.4 | 9y ago | IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering… | |||
| CVE-2016-5642 | medium | 5.4 | 5.4 | 9y ago | Opmantek NMIS before 8.5.12G has XSS via SNMP. | |||
| CVE-2016-4317 | medium | 5.4 | 5.4 | 9y ago | Atlassian Confluence Server before 5.9.11 has XSS on the viewmyprofile.action page. | |||
| CVE-2016-3031 | medium | 5.4 | 5.4 | 9y ago | IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially … | |||
| CVE-2016-3015 | medium | 5.4 | 5.4 | 9y ago | IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially … | |||
| CVE-2016-8935 | medium | 5.4 | 5.4 | 9y ago | IBM Kenexa LMS on Cloud 13.1, 13.2, 13.2.2, 13.2.3, 13.2.4 and 14.0.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus alt… | |||
| CVE-2016-6036 | medium | 5.4 | 5.4 | 9y ago | IBM Rational Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intende… | |||
| CVE-2016-6031 | medium | 5.4 | 5.4 | 9y ago | IBM Rational Quality Manager 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended func… | |||
| CVE-2016-6022 | medium | 5.4 | 5.4 | 9y ago | IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functio… | |||
| CVE-2016-9472 | medium | 5.4 | 5.4 | 9y ago | Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected XSS. The Revive Adserver web installer scripts were vulnerable to a reflected XSS attack via the dbHost, dbUser, and possibly other param… | |||
| CVE-2016-9465 | medium | 5.4 | 5.4 | 9y ago | Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export. The CardDAV image export functionality as implemented in Nextcloud/ownCloud all… | |||
| CVE-2016-9457 | medium | 5.4 | 5.4 | 9y ago | Revive Adserver before 3.2.3 suffers from Reflected XSS. `www/admin/stats.php` is vulnerable to reflected XSS attacks via multiple parameters that are not properly sanitised or escaped when displayed… | |||
| CVE-2016-9454 | medium | 5.4 | 5.4 | 9y ago | Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The banner image … | |||
| CVE-2016-9130 | medium | 5.4 | 5.4 | 9y ago | Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The website name … | |||
| CVE-2016-9128 | medium | 5.4 | 5.4 | 9y ago | Revive Adserver before 3.2.3 suffers from reflected XSS. The affiliate-preview.php script in www/admin is vulnerable to a reflected XSS attack. This vulnerability could be used by an attacker to stea… |