CVEs from 2016
Total
8,454
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-9152 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php in SPIP 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the rac parameter. | |||
| CVE-2016-9751 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the search results front end in Piwigo 2.8.3 allows remote attackers to inject arbitrary web script or HTML via the search parameter. | |||
| CVE-2016-3057 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote attackers to inject arbitrary web script or HTML via unspecifie… | |||
| CVE-2016-2934 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-6472 | medium | 6.1 | 6.1 | 10y ago | A vulnerability in several parameters of the ccmivr page of Cisco Unified Communication Manager (CallManager) could allow an unauthenticated, remote attacker to launch a cross-site scripting (XSS) at… | |||
| CVE-2016-7146 | medium | 6.1 | 6.1 | 10y ago | MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation or crafted URL" approach, related to a "Cross Site Scripting (XSS)" issue affecting the ac… | |||
| CVE-2016-7251 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the MDS API in Microsoft SQL Server 2016 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "MDS API XSS Vuln… | |||
| CVE-2016-7223 | medium | 6.1 | 6.1 | 10y ago | Virtual Hard Disk Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 does not properly restrict access to files… | |||
| CVE-2016-9188 | medium | 6.1 | 6.1 | 10y ago | Moodle XSS Vulnerability | |||
| CVE-2016-6451 | medium | 6.1 | 6.1 | 10y ago | Multiple vulnerabilities in the web framework code of the Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against… | |||
| CVE-2016-6429 | medium | 6.1 | 6.1 | 10y ago | A vulnerability in the web framework code of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) att… | |||
| CVE-2016-8583 | medium | 6.1 | 6.1 | 10y ago | Multiple GET parameters in the vulnerability scan scheduler of AlienVault OSSIM and USM before 5.3.2 are vulnerable to reflected XSS. | |||
| CVE-2016-1423 | medium | 6.1 | 6.1 | 10y ago | A vulnerability in the display of email messages in the Messages in Quarantine (MIQ) view in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to … | |||
| CVE-2016-1592 | medium | 6.1 | 6.1 | 10y ago | XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the nrfEntitlementReport.do CGI. | |||
| CVE-2016-8506 | medium | 6.1 | 6.1 | 10y ago | XSS in Yandex Browser Translator in Yandex browser for desktop for versions from 15.12 to 16.2 could be used by remote attacker for evaluation arbitrary javascript code. | |||
| CVE-2016-8505 | medium | 6.1 | 6.1 | 10y ago | XSS in Yandex Browser BookReader in Yandex browser for desktop for versions before 16.6. could be used by remote attacker for evaluation arbitrary javascript code. | |||
| CVE-2016-5622 | medium | 6.1 | 6.1 | 10y ago | Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 through 12.0.3, 12.1.0, and 12.2.0 allows remote attacker… | |||
| CVE-2016-5606 | medium | 6.1 | 6.1 | 10y ago | Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect integrity and availability via vectors related to Kernel Zones. | |||
| CVE-2016-5543 | medium | 6.1 | 6.1 | 10y ago | Unspecified vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component in Oracle Financial Services Applications 12.0.0 and 12.1.0 allows remote attackers to affect co… | |||
| CVE-2016-5530 | medium | 6.1 | 6.1 | 10y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote attackers to affect confidentiality and integrity via vectors re… | |||
| CVE-2016-5529 | medium | 6.1 | 6.1 | 10y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote attackers to affect confidentiality and integrity via vectors re… | |||
| CVE-2016-5512 | medium | 6.1 | 6.1 | 10y ago | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality and integrity via unknown vectors, … | |||
| CVE-2016-0246 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in IBM Security Guardium 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote attackers to inject arbitrary web scrip… | |||
| CVE-2016-8658 | medium | 6.1 | 6.1 | 10y ago | Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.7.5 allows local users to cause a denia… | |||
| CVE-2016-1000155 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin wpsolr-search-engine v7.6 | |||
| CVE-2016-1000154 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin whizz v1.0.7 | |||
| CVE-2016-1000153 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin tidio-gallery v1.1 | |||
| CVE-2016-1000152 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin tidio-form v1.0 | |||
| CVE-2016-1000151 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin tera-charts v1.0 | |||
| CVE-2016-1000150 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin simplified-content v1.0.0 | |||
| CVE-2016-1000149 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin simpel-reserveren v3.5.2 | |||
| CVE-2016-1000148 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin s3-video v0.983 | |||
| CVE-2016-1000147 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin recipes-writer v1.0.4 | |||
| CVE-2016-1000146 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin pondol-formmail v1.1 | |||
| CVE-2016-1000145 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin pondol-carousel v1.0 | |||
| CVE-2016-1000144 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin photoxhibit v2.1.8 | |||
| CVE-2016-1000143 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin photoxhibit v2.1.8 | |||
| CVE-2016-1000142 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin parsi-font v4.2.5 | |||
| CVE-2016-1000141 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin page-layout-builder v1.9.3 | |||
| CVE-2016-1000140 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin new-year-firework v1.1.9 | |||
| CVE-2016-1000139 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin infusionsoft v1.5.11 | |||
| CVE-2016-1000138 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin indexisto v1.0.5 | |||
| CVE-2016-1000137 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin hero-maps-pro v2.1.0 | |||
| CVE-2016-1000136 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin heat-trackr v1.0 | |||
| CVE-2016-1000135 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin hdw-tube v1.2 | |||
| CVE-2016-1000134 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin hdw-tube v1.2 | |||
| CVE-2016-1000133 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin forget-about-shortcode-buttons v1.1.1 | |||
| CVE-2016-1000132 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin enhanced-tooltipglossary v3.2.8 | |||
| CVE-2016-1000131 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin e-search v1.0 | |||
| CVE-2016-1000130 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin e-search v1.0 | |||
| CVE-2016-1000129 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin defa-online-image-protector v3.3 | |||
| CVE-2016-1000128 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin anti-plagiarism v3.60 | |||
| CVE-2016-1000127 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin ajax-random-post v2.00 | |||
| CVE-2016-1000126 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin admin-font-editor v1.8 | |||
| CVE-2016-5325 | medium | 6.1 | 6.1 | 10y ago | CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject… | |||
| CVE-2016-1000007 | medium | 6.1 | 6.1 | 10y ago | Pagure 2.2.1 XSS in raw file endpoint | |||
| CVE-2016-1000114 | medium | 6.1 | 6.1 | 10y ago | XSS in huge IT gallery v1.1.5 for Joomla | |||
| CVE-2016-6436 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in HostScan Engine 3.0.08062 through 3.1.14018 in the Cisco Host Scan package, as used in ASA Web VPN, allows remote attackers to inject arbitrary web script … | |||
| CVE-2016-6425 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers t… | |||
| CVE-2016-6027 | medium | 6.1 | 6.1 | 10y ago | The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 does not enable the HSTS protection mechanism, which makes it easier for remot… | |||
| CVE-2016-6418 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Cisco Videoscape Distribution Suite Service Manager (VDS-SM) 3.0 through 3.4.0 allows remote attackers to inject arbitrary web script or HTML via a crafted… | |||
| CVE-2016-7571 | medium | 6.1 | 6.1 | 10y ago | Drupal Cross-site scripting (XSS) vulnerability | |||
| CVE-2016-5061 | medium | 6.1 | 6.1 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in the web server in Aternity before 9.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTPAgent, (2) MacAgent, (3) g… | |||
| CVE-2016-6840 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the management interface in Huawei OceanStor ISM before V200R001C04SPC200 allows remote attackers to inject arbitrary web script or HTML via the loginName … | |||
| CVE-2016-4993 | medium | 6.1 | 6.1 | 10y ago | Improper Neutralization of CRLF Sequences in Wildfly Undertow | |||
| CVE-2016-4618 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Safari Reader in Apple iOS before 10 and Safari before 10 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Unive… | |||
| CVE-2016-6158 | medium | 6.1 | 6.1 | 10y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei WS331a routers with software before WS331a-10 V100R001C01B112 allow remote attackers to hijack the authentication of administrator… | |||
| CVE-2016-4969 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote attackers to inject arbitrary web script or HTML via the IP parameter to script/statisti… | |||
| CVE-2016-6404 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the web framework in Cisco IOx Local Manager in IOS 15.5(2)T and IOS XE allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a… | |||
| CVE-2016-6643 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-6642 | medium | 6.1 | 6.1 | 10y ago | Cross-site request forgery (CSRF) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to hijack the authentication of administrators for requests that upload files. | |||
| CVE-2016-0927 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-0926 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Apps Manager in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.32 and 1.7.x before 1.7.8 allows remote attackers to inject arbitrary web script or … | |||
| CVE-2016-3379 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2016 Cumulative Update 1 and 2 allows remote attackers to inject arbitrary web script or HTML via a meeting-invitation request, a… | |||
| CVE-2016-5165 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the Developer Tools (aka DevTools) subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allows remote attack… | |||
| CVE-2016-5164 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in WebKit/Source/platform/v8_inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Li… | |||
| CVE-2016-5148 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web s… | |||
| CVE-2016-5147 | medium | 6.1 | 6.1 | 10y ago | Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles deferred page loads, which allows remote attackers to inject arbitrary web script … | |||
| CVE-2016-6839 | medium | 6.1 | 6.1 | 10y ago | CRLF injection vulnerability in Huawei FusionAccess before V100R006C00 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | |||
| CVE-2016-7033 | medium | 6.1 | 6.1 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in the admin pages in dashbuilder in Red Hat JBoss BPM Suite 6.3.2 allow remote attackers to inject arbitrary web script or HTML via unspecified ve… | |||
| CVE-2016-5699 | medium | 6.1 | 6.1 | 10y ago | CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP… | |||
| CVE-2016-4851 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Let's PHP! simple chat before 2016-08-15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-4848 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in ClipBucket before 2.8.1 RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-1471 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to inject arbitrary web script … | |||
| CVE-2016-0293 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.1.8 and 9.2.x before 9.2.8 allows remote attackers to inject arbitrary web script or HT… | |||
| CVE-2016-5721 | medium | 6.1 | 6.1 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-7103 | medium | 6.1 | 6.1 | 10y ago | jQuery-UI vulnerable to Cross-site Scripting in dialog closeText | |||
| CVE-2016-5663 | medium | 6.1 | 6.1 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in oauth_callback.php on Accellion Kiteworks appliances before kw2016.03.00 allow remote attackers to inject arbitrary web script or HTML via the (… | |||
| CVE-2016-6365 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.0.2, 5.3.1, and 5.4.0 allows remote attackers to inject arbitrary web script or HTML via unspec… | |||
| CVE-2016-6359 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Cisco Transport Gateway Installation Software 4.1(4.0) on Smart Call Home Transport Gateway devices allows remote attackers to inject arbitrary web script … | |||
| CVE-2016-1485 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Cisco Identity Services Engine 1.3(0.876) allows remote attackers to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCva46497. | |||
| CVE-2016-6319 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in app/helpers/form_helper.rb in Foreman before 1.12.2, as used by Remote Execution and possibly other plugins, allows remote attackers to inject arbitrary we… | |||
| CVE-2016-3195 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the Web-UI in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attac… | |||
| CVE-2016-3194 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the address added page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows … | |||
| CVE-2016-3089 | medium | 6.1 | 6.1 | 10y ago | Apache OpenMeetings Cross-site Scripting vulnerability | |||
| CVE-2016-6316 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or… | |||
| CVE-2016-4170 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-4168 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 5.6.1, 6.0, and 6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-5331 | medium | 6.1 | 6.1 | 10y ago | CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 and ESXi 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified v… | |||
| CVE-2016-6634 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the network settings page in WordPress before 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |