CVEs from 2016
Total
8,453
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-3113 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in ovirt-engine allows remote attackers to inject arbitrary web script or HTML. | |||
| CVE-2016-10404 | medium | 6.1 | 6.1 | 9y ago | Liferay Portal Vulnerable to XSS via a Crafted Redirect Field | |||
| CVE-2016-6133 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in Ektron Content Management System before 9.1.0.184SP3(9.1.0.184.3.127) allows remote attackers to inject arbitrary web script or HTML via the rptStatus para… | |||
| CVE-2016-5394 | medium | 6.1 | 6.1 | 9y ago | Cross site scripting in Apache Sling | |||
| CVE-2016-8947 | medium | 6.1 | 6.1 | 9y ago | IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a re… | |||
| CVE-2016-6201 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in Ektron Content Management System (CMS) before 9.1.0.184 SP3 (9.1.0.184.3.127) allows remote attackers to inject arbitrary web script or HTML via the ContTy… | |||
| CVE-2016-6127 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x before 4.4.2, when the AlwaysDownloadAttachments config setting is not in use, allow… | |||
| CVE-2016-10366 | medium | 6.1 | 6.1 | 9y ago | Kibana versions after and including 4.3 and before 4.6.2 are vulnerable to a cross-site scripting (XSS) attack. | |||
| CVE-2016-10365 | medium | 6.1 | 6.1 | 9y ago | Kibana versions before 4.6.3 and 5.0.1 have an open redirect vulnerability that would enable an attacker to craft a link in the Kibana domain that redirects to an arbitrary website. | |||
| CVE-2016-1000220 | medium | 6.1 | 6.1 | 9y ago | Kibana before 4.5.4 and 4.1.11 are vulnerable to an XSS attack that would allow an attacker to execute arbitrary JavaScript in users' browsers. | |||
| CVE-2016-7831 | medium | 6.1 | 6.1 | 9y ago | Sleipnir 4 Black Edition for Mac 4.5.3 and earlier and Sleipnir 4 for Mac 4.5.3 and earlier (Mac App Store) may allow a remote attacker to spoof the URL display via a specially crafted webpage. | |||
| CVE-2016-7817 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in Simple keitai chat 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-7813 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in DERAEMON-CMS version 0.8.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the parameters hostname, database and username. | |||
| CVE-2016-7808 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in Corega CG-WLBARGMH and CG-WLBARGNL allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-4906 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to inject arbitrary web script or HTML via "Messages" function of Cybozu Garoon Keitai. | |||
| CVE-2016-0781 | medium | 6.1 | 6.1 | 9y ago | The UAA OAuth approval pages in Cloud Foundry v208 to v231, Login-server v1.6 to v1.14, UAA v2.0.0 to v2.7.4.1, UAA v3.0.0 to v3.2.0, UAA-Release v2 to v7 and Pivotal Elastic Runtime 1.6.x versions p… | |||
| CVE-2016-4903 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in WP-OliveCart versions prior to 3.1.3 and WP-OliveCartPro versions prior to 3.1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified v… | |||
| CVE-2016-4859 | medium | 6.1 | 6.1 | 9y ago | Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.3, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk… | |||
| CVE-2016-4857 | medium | 6.1 | 6.1 | 9y ago | Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.11 and Splunk Light prior to 6.4.2 allows to redire… | |||
| CVE-2016-4855 | medium | 6.1 | 6.1 | 9y ago | ADOdb Cross-site scripting vulnerability in old test script | |||
| CVE-2016-9099 | medium | 6.1 | 6.1 | 9y ago | Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 prior to 6.7.2.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6, and ProxySG 6.7 prior to 6.7.2.1 are susceptible to an open redirection vulnerability… | |||
| CVE-2016-9257 | medium | 6.1 | 6.1 | 9y ago | In F5 BIG-IP APM 12.0.0 through 12.1.2, non-authenticated users may be able to inject JavaScript into a request that will then be rendered and executed in the context of the Administrative user when … | |||
| CVE-2016-0255 | medium | 6.1 | 6.1 | 9y ago | IBM Marketing Platform 9.1 and 10.0 is vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject ma… | |||
| CVE-2016-10368 | medium | 6.1 | 6.1 | 9y ago | Open redirect vulnerability in Opsview Monitor Pro (Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch) allows remote attackers … | |||
| CVE-2016-7841 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in Olive Diary DX allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||
| CVE-2016-7840 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in WEB SCHEDULE allows remote attackers to inject arbitrary web script or HTML via the month parameter. | |||
| CVE-2016-7839 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in Olive Blog allows remote attackers to inject arbitrary web script or HTML via the search parameter. | |||
| CVE-2016-4075 | medium | 6.1 | 6.1 | 9y ago | Opera Mini 13 and Opera Stable 36 allow remote attackers to spoof the displayed URL via a crafted HTML document, related to the about:blank URL. | |||
| CVE-2016-1217 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the "Check available times" function in Cybozu Garoon before 4.2.2. | |||
| CVE-2016-1216 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the "New appointment" function in Cybozu Garoon before 4.2.2. | |||
| CVE-2016-1215 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the "User details" function in Cybozu Garoon before 4.2.2. | |||
| CVE-2016-1214 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the "Response request" function in Cybozu Garoon before 4.2.2. | |||
| CVE-2016-1213 | medium | 6.1 | 6.1 | 9y ago | The "Scheduler" function in Cybozu Garoon before 4.2.2 allows remote attackers to redirect users to arbitrary websites. | |||
| CVE-2016-6347 | medium | 6.1 | 6.1 | 9y ago | Improper Neutralization of Input During Web Page Generation in RESTEasy | |||
| CVE-2016-6334 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the Parser::replaceInternalLinks2 method in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbi… | |||
| CVE-2016-6333 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the CSS user subpage preview feature in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrar… | |||
| CVE-2016-5761 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allows remote attackers to inject arbitrary web script or HTML via a crafted email. | |||
| CVE-2016-5760 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in the administrator console in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch 1 allow remote attackers to inject arbitrary web script or… | |||
| CVE-2016-4849 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in Geeklog IVYWE edition 2.1.1 allow remote attackers to inject arbitrary web script or HTML by leveraging use of the COM_getCurrentURL function in… | |||
| CVE-2016-4847 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in site/search.php in OSSEC Web UI before 0.9 allows remote attackers to inject arbitrary web script or HTML by leveraging an unanchored regex. | |||
| CVE-2016-4875 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in the IVYWE (1) Assist plugin before 1.1.2.test20160906, (2) dataBox plugin before 0.0.0.20160906, and (3) userBox plugin before 0.0.0.20160906 fo… | |||
| CVE-2016-4068 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnera… | |||
| CVE-2016-2104 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the label parameter to admin/BunchDetail.do; (2) the p… | |||
| CVE-2016-6348 | medium | 6.1 | 6.1 | 9y ago | JacksonJsonpInterceptor susceptible to cross-site script inclusion (XSSI) attack | |||
| CVE-2016-4897 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in (1) filter/save_forward.cgi, (2) filter/save.cgi, (3) /man/search.cgi in Usermin before 1.690. | |||
| CVE-2016-4892 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in SetsucoCMS all versions allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-2803 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the dependency graphs in Bugzilla 2.16rc1 through 4.4.11, and 4.5.1 through 5.0.2 allows remote attackers to inject arbitrary web script or HTML. | |||
| CVE-2016-1179 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the standard template of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to inject arbitrary web script or HTM… | |||
| CVE-2016-8719 | medium | 6.1 | 6.1 | 9y ago | An exploitable reflected Cross-Site Scripting vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Specially crafted input, in multi… | |||
| CVE-2016-5682 | medium | 6.1 | 6.1 | 9y ago | Cross-Site Scripting in swagger-ui | |||
| CVE-2016-5078 | medium | 6.1 | 6.1 | 9y ago | Paessler PRTG before 16.2.24.4045 has XSS via SNMP. | |||
| CVE-2016-5077 | medium | 6.1 | 6.1 | 9y ago | Netikus EventSentry before 3.2.1.44 has XSS via SNMP. | |||
| CVE-2016-5075 | medium | 6.1 | 6.1 | 9y ago | CloudView NMS before 2.10a has XSS via a TELNET login. | |||
| CVE-2016-5073 | medium | 6.1 | 6.1 | 9y ago | CloudView NMS before 2.10a has XSS via SNMP. | |||
| CVE-2016-5055 | medium | 6.1 | 6.1 | 9y ago | OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 has XSS in the username field and Wireless Client Mode configuration page. | |||
| CVE-2016-4334 | medium | 6.1 | 6.1 | 9y ago | Jive before 2016.3.1 has an open redirect from the external-link.jspa page. | |||
| CVE-2016-1000307 | medium | 6.1 | 6.1 | 9y ago | Multiple Cross Site Scripting (XSS) Vulnerabilities in ClipBucket v2.8.1 and probably prior allow Remote Attackers to inject arbitrary web script or HTML via (1) profile_desc, about_me, schools, occu… | |||
| CVE-2016-10316 | medium | 6.1 | 6.1 | 9y ago | Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to condu… | |||
| CVE-2016-10315 | medium | 6.1 | 6.1 | 9y ago | Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to condu… | |||
| CVE-2016-8789 | medium | 6.1 | 6.1 | 9y ago | Huawei eSpace Integrated Access Device (IAD) with software V300R001C03, V300R001C04, V300R001C06, V300R001C20, and V300R001C07 allows an attacker to trick a user into clicking a URL containing malici… | |||
| CVE-2016-9990 | medium | 6.1 | 6.1 | 9y ago | IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially lea… | |||
| CVE-2016-6209 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in Nagios. | |||
| CVE-2016-6846 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite backend before 7.6.2-rev59, 7.8.0 before 7.8.0-rev38, 7.8.2 before 7.8.2-rev8; AppSuite frontend before 7.6.2-rev47, 7.8.0 befor… | |||
| CVE-2016-9466 | medium | 6.1 | 6.1 | 9y ago | Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Reflected XSS in the Gallery application. The gallery app was not properly sanitizing exception messages from the N… | |||
| CVE-2016-9459 | medium | 6.1 | 6.1 | 9y ago | Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentially leading to a local XSS. The download log functionality in the admin screen is… | |||
| CVE-2016-9169 | medium | 6.1 | 6.1 | 9y ago | A reflected XSS vulnerability exists in the web console of the Document Viewer Agent in Novell GroupWise before 2014 R2 Support Pack 1 Hot Patch 2 that may enable a remote attacker to execute JavaScr… | |||
| CVE-2016-5756 | medium | 6.1 | 6.1 | 9y ago | Multiple components of the web tools in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 were vulnerable to Reflected Cross Site Scripting attacks which could be used to hijack us… | |||
| CVE-2016-5751 | medium | 6.1 | 6.1 | 9y ago | An unfiltered finalizer target URL in the SAML processing feature in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 could be used to trigger XSS and leak authentica… | |||
| CVE-2016-4930 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in Junos Space before 15.2R2 allows remote attackers to steal sensitive information or perform certain administrative actions. | |||
| CVE-2016-0770 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in includes/admin/pages/manage.php in the Connections Business Directory plugin before 8.5.9 for WordPress allows remote attackers to inject arbitrary web scr… | |||
| CVE-2016-8011 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting vulnerability in Intel Security McAfee Endpoint Security (ENS) Web Control before 10.2.0.408.10 allows attackers to inject arbitrary web script or HTML via a crafted web site. | |||
| CVE-2016-9723 | medium | 6.1 | 6.1 | 9y ago | IBM QRadar 7.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to … | |||
| CVE-2016-9693 | medium | 6.1 | 6.1 | 9y ago | IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download capability that is vulnerable to a set of attacks. Ultimately, an attacker can cause an unauthenticated victim to download a malicio… | |||
| CVE-2016-7140 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in the ZMI page in Zope2 in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to inject arbitrary web… | |||
| CVE-2016-7139 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in an unspecified page template in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web sc… | |||
| CVE-2016-7138 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the URL checking infrastructure in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web… | |||
| CVE-2016-4948 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in Cloudera Manager 5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Template Name field when renaming a t… | |||
| CVE-2016-4946 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in Cloudera HUE 3.9.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) First name or (2) Last name field in th… | |||
| CVE-2016-9148 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in CA Service Desk Manager (formerly CA Service Desk) 12.9 and 14.1 allows remote attackers to inject arbitrary web script or HTML via the QBE.EQ.REF_NUM para… | |||
| CVE-2016-10203 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the name when creating a new monitor. | |||
| CVE-2016-10202 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the path info to index.php. | |||
| CVE-2016-10201 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter in a download log request to index.php. | |||
| CVE-2016-8232 | medium | 6.1 | 6.1 | 9y ago | Document Object Model-(DOM) based cross-site scripting vulnerability in the Advanced Management Module (AMM) versions earlier than 66Z of Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 allows a… | |||
| CVE-2016-5883 | medium | 6.1 | 6.1 | 9y ago | IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially lea… | |||
| CVE-2016-9910 | medium | 6.1 | 6.1 | 9y ago | The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting (XSS) attacks by leveraging mishandling of special characters in attribute values, a differen… | |||
| CVE-2016-9909 | medium | 6.1 | 6.1 | 9y ago | The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting (XSS) attacks by leveraging mishandling of the < (less than) character in attribute values. | |||
| CVE-2016-7762 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "WebKit" component, which allows XSS attacks against Safari. | |||
| CVE-2016-6191 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in the View Raw Source page in the Web Calendar in SOGo before 3.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) Desc… | |||
| CVE-2016-5364 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in manage_custom_field_edit_page.php in MantisBT 1.2.19 and earlier allows remote attackers to inject arbitrary web script or HTML via the return parameter. | |||
| CVE-2016-9139 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.3.x before 3.3.16, 4.0.x before 4.0.19, and 5.0.x before 5.0.14 allows remote attackers to inject arbitrary web script … | |||
| CVE-2016-4327 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in WSO2 SOA Enablement Server for Java/6.6 build SSJ-6.6-20090827-1616 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH… | |||
| CVE-2016-6062 | medium | 6.1 | 6.1 | 9y ago | IBM Resilient v26.0, v26.1, and v26.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality … | |||
| CVE-2016-9010 | medium | 6.1 | 6.1 | 9y ago | IBM WebSphere Message Broker 9.0 and 10.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could expl… | |||
| CVE-2016-9371 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in Moxa NPort 5110 versions prior to 2.6, NPort 5130/5150 Series versions prior to 3.6, NPort 5200 Series versions prior to 2.8, NPort 5400 Series versions prior to 3.11, NPor… | |||
| CVE-2016-8376 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0. This non-validated redirect/non-validated forward (OPEN REDIRECT) allows chaining with authenticated vul… | |||
| CVE-2016-8359 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware… | |||
| CVE-2016-5811 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in Visonic PowerLink2, all versions prior to October 2016 firmware release. User controlled input is not neutralized prior to being placed in web page output (CROSS-SITE SCRIP… | |||
| CVE-2016-2274 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in Adcon Telemetry A850 Telemetry Gateway Base Station. The Web Interface does not neutralize or incorrectly neutralizes user-controllable input before it is placed in the out… | |||
| CVE-2016-10216 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in IT ITems DataBase (ITDB) through 1.23. The vulnerability exists due to insufficient filtration of user-supplied data in the "value" HTTP POST parameter passed to the "itdb-… | |||
| CVE-2016-10215 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in Fastspot BigTree bigtree-form-builder before 1.2. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP POST parameters passed to a… |