CVEs from 2016
Total
8,452
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-1000143 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin photoxhibit v2.1.8 | |||
| CVE-2016-1000142 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin parsi-font v4.2.5 | |||
| CVE-2016-1000141 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin page-layout-builder v1.9.3 | |||
| CVE-2016-1000140 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin new-year-firework v1.1.9 | |||
| CVE-2016-1000139 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin infusionsoft v1.5.11 | |||
| CVE-2016-1000138 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin indexisto v1.0.5 | |||
| CVE-2016-1000137 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin hero-maps-pro v2.1.0 | |||
| CVE-2016-1000136 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin heat-trackr v1.0 | |||
| CVE-2016-1000135 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin hdw-tube v1.2 | |||
| CVE-2016-1000134 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin hdw-tube v1.2 | |||
| CVE-2016-1000133 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin forget-about-shortcode-buttons v1.1.1 | |||
| CVE-2016-1000132 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin enhanced-tooltipglossary v3.2.8 | |||
| CVE-2016-1000131 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin e-search v1.0 | |||
| CVE-2016-1000130 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin e-search v1.0 | |||
| CVE-2016-1000129 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin defa-online-image-protector v3.3 | |||
| CVE-2016-1000128 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin anti-plagiarism v3.60 | |||
| CVE-2016-1000127 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin ajax-random-post v2.00 | |||
| CVE-2016-1000126 | medium | 6.1 | 6.1 | 10y ago | Reflected XSS in wordpress plugin admin-font-editor v1.8 | |||
| CVE-2016-5325 | medium | 6.1 | 6.1 | 10y ago | CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject… | |||
| CVE-2016-1000007 | medium | 6.1 | 6.1 | 10y ago | Pagure 2.2.1 XSS in raw file endpoint | |||
| CVE-2016-1000114 | medium | 6.1 | 6.1 | 10y ago | XSS in huge IT gallery v1.1.5 for Joomla | |||
| CVE-2016-6436 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in HostScan Engine 3.0.08062 through 3.1.14018 in the Cisco Host Scan package, as used in ASA Web VPN, allows remote attackers to inject arbitrary web script … | |||
| CVE-2016-6425 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers t… | |||
| CVE-2016-6027 | medium | 6.1 | 6.1 | 10y ago | The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 does not enable the HSTS protection mechanism, which makes it easier for remot… | |||
| CVE-2016-6418 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Cisco Videoscape Distribution Suite Service Manager (VDS-SM) 3.0 through 3.4.0 allows remote attackers to inject arbitrary web script or HTML via a crafted… | |||
| CVE-2016-7571 | medium | 6.1 | 6.1 | 10y ago | Drupal Cross-site scripting (XSS) vulnerability | |||
| CVE-2016-5061 | medium | 6.1 | 6.1 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in the web server in Aternity before 9.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTPAgent, (2) MacAgent, (3) g… | |||
| CVE-2016-6840 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the management interface in Huawei OceanStor ISM before V200R001C04SPC200 allows remote attackers to inject arbitrary web script or HTML via the loginName … | |||
| CVE-2016-4993 | medium | 6.1 | 6.1 | 10y ago | Improper Neutralization of CRLF Sequences in Wildfly Undertow | |||
| CVE-2016-4618 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Safari Reader in Apple iOS before 10 and Safari before 10 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Unive… | |||
| CVE-2016-6158 | medium | 6.1 | 6.1 | 10y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei WS331a routers with software before WS331a-10 V100R001C01B112 allow remote attackers to hijack the authentication of administrator… | |||
| CVE-2016-4969 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote attackers to inject arbitrary web script or HTML via the IP parameter to script/statisti… | |||
| CVE-2016-6404 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the web framework in Cisco IOx Local Manager in IOS 15.5(2)T and IOS XE allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a… | |||
| CVE-2016-6643 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-6642 | medium | 6.1 | 6.1 | 10y ago | Cross-site request forgery (CSRF) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to hijack the authentication of administrators for requests that upload files. | |||
| CVE-2016-0927 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-0926 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Apps Manager in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.32 and 1.7.x before 1.7.8 allows remote attackers to inject arbitrary web script or … | |||
| CVE-2016-3379 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2016 Cumulative Update 1 and 2 allows remote attackers to inject arbitrary web script or HTML via a meeting-invitation request, a… | |||
| CVE-2016-5165 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the Developer Tools (aka DevTools) subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allows remote attack… | |||
| CVE-2016-5164 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in WebKit/Source/platform/v8_inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Li… | |||
| CVE-2016-5148 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web s… | |||
| CVE-2016-5147 | medium | 6.1 | 6.1 | 10y ago | Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles deferred page loads, which allows remote attackers to inject arbitrary web script … | |||
| CVE-2016-6839 | medium | 6.1 | 6.1 | 10y ago | CRLF injection vulnerability in Huawei FusionAccess before V100R006C00 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | |||
| CVE-2016-7033 | medium | 6.1 | 6.1 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in the admin pages in dashbuilder in Red Hat JBoss BPM Suite 6.3.2 allow remote attackers to inject arbitrary web script or HTML via unspecified ve… | |||
| CVE-2016-5699 | medium | 6.1 | 6.1 | 10y ago | CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP… | |||
| CVE-2016-4851 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Let's PHP! simple chat before 2016-08-15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-4848 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in ClipBucket before 2.8.1 RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-1471 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to inject arbitrary web script … | |||
| CVE-2016-0293 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.1.8 and 9.2.x before 9.2.8 allows remote attackers to inject arbitrary web script or HT… | |||
| CVE-2016-5721 | medium | 6.1 | 6.1 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-7103 | medium | 6.1 | 6.1 | 10y ago | jQuery-UI vulnerable to Cross-site Scripting in dialog closeText | |||
| CVE-2016-5663 | medium | 6.1 | 6.1 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in oauth_callback.php on Accellion Kiteworks appliances before kw2016.03.00 allow remote attackers to inject arbitrary web script or HTML via the (… | |||
| CVE-2016-6365 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.0.2, 5.3.1, and 5.4.0 allows remote attackers to inject arbitrary web script or HTML via unspec… | |||
| CVE-2016-6359 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Cisco Transport Gateway Installation Software 4.1(4.0) on Smart Call Home Transport Gateway devices allows remote attackers to inject arbitrary web script … | |||
| CVE-2016-1485 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Cisco Identity Services Engine 1.3(0.876) allows remote attackers to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCva46497. | |||
| CVE-2016-6319 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in app/helpers/form_helper.rb in Foreman before 1.12.2, as used by Remote Execution and possibly other plugins, allows remote attackers to inject arbitrary we… | |||
| CVE-2016-3195 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the Web-UI in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attac… | |||
| CVE-2016-3194 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the address added page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows … | |||
| CVE-2016-3089 | medium | 6.1 | 6.1 | 10y ago | Apache OpenMeetings Cross-site Scripting vulnerability | |||
| CVE-2016-6316 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or… | |||
| CVE-2016-4170 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-4168 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 5.6.1, 6.0, and 6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-5331 | medium | 6.1 | 6.1 | 10y ago | CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 and ESXi 6.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified v… | |||
| CVE-2016-6634 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the network settings page in WordPress before 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-3097 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via a group name, related to viewing snapshot data. | |||
| CVE-2016-3080 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via the (1) RHNMD User or (2) Filesystem parameters,… | |||
| CVE-2016-5262 | medium | 6.1 | 6.1 | 10y ago | Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 process JavaScript event-handler attributes of a MARQUEE element within a sandboxed IFRAME element that lacks the sandbox="allow-scripts" … | |||
| CVE-2016-4833 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the Nofollow Links plugin before 1.0.11 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-1462 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Prime Service Catalog (PSC) 11.0 allows remote attackers to inject arbitrary web script or HTML via a crafted v… | |||
| CVE-2016-6204 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the integrated web server in Siemens SINEMA Remote Connect Server before 1.2 allows remote attackers to inject arbitrary web script or HTML via a crafted U… | |||
| CVE-2016-4651 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the WebKit JavaScript bindings in Apple iOS before 9.3.3 and Safari before 9.1.2 allows remote attackers to inject arbitrary web script or HTML via a craft… | |||
| CVE-2016-4585 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to inject arbitrary we… | |||
| CVE-2016-3589 | medium | 6.1 | 6.1 | 10y ago | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Applications 12.0.1, 12.0.2, and 12.0.3 allows remote attackers to affect confidentiality and in… | |||
| CVE-2016-3573 | medium | 6.1 | 6.1 | 10y ago | Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote attackers to affect con… | |||
| CVE-2016-3571 | medium | 6.1 | 6.1 | 10y ago | Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote attackers to affect con… | |||
| CVE-2016-3570 | medium | 6.1 | 6.1 | 10y ago | Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote attackers to affect con… | |||
| CVE-2016-3569 | medium | 6.1 | 6.1 | 10y ago | Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote attackers to affect con… | |||
| CVE-2016-3568 | medium | 6.1 | 6.1 | 10y ago | Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote attackers to affect con… | |||
| CVE-2016-3566 | medium | 6.1 | 6.1 | 10y ago | Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote attackers to affect con… | |||
| CVE-2016-3557 | medium | 6.1 | 6.1 | 10y ago | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality and integrity via vectors related t… | |||
| CVE-2016-3555 | medium | 6.1 | 6.1 | 10y ago | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality and integrity via vectors related t… | |||
| CVE-2016-3519 | medium | 6.1 | 6.1 | 10y ago | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality and integrity via vectors related t… | |||
| CVE-2016-3478 | medium | 6.1 | 6.1 | 10y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote attackers to affect confidentiality and integrity via vec… | |||
| CVE-2016-3448 | medium | 6.1 | 6.1 | 10y ago | Unspecified vulnerability in the Application Express component in Oracle Database Server before 5.0.4 allows remote attackers to affect confidentiality and integrity via unknown vectors. | |||
| CVE-2016-5660 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in AttachmentsList.aspx in Accela Civic Platform Citizen Access portal allows remote attackers to inject arbitrary web script or HTML via the iframeid paramet… | |||
| CVE-2016-1451 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Meeting Server (formerly Acano Conferencing Server) 1.7 through 1.9 allows remote attackers to inject arbitrary… | |||
| CVE-2016-1449 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Cisco WebEx Meetings Server 2.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy92711. | |||
| CVE-2016-1447 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the administrator interface in Cisco WebEx Meetings Server 2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka … | |||
| CVE-2016-4508 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Rexroth Bosch BLADEcontrol-WebVIS 3.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-5099 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 allows remote attackers to inject arbitrary web script or HTML via special characters that are mish… | |||
| CVE-2016-2862 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 before 7.0.0.9 cumulative iFix 3, and 8.0 before 8.0.0.5 allows remote attackers to inject arbitrary web s… | |||
| CVE-2016-0359 | medium | 6.1 | 6.1 | 10y ago | CRLF injection vulnerability in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 Full before 8.5.5.10, and 8.5 Liberty before Liberty Fix Pack 16.0.0.2 allows remo… | |||
| CVE-2016-5733 | medium | 6.1 | 6.1 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML v… | |||
| CVE-2016-5732 | medium | 6.1 | 6.1 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in the partition-range implementation in templates/table/structure/display_partitions.phtml in the table-structure page in phpMyAdmin 4.6.x before … | |||
| CVE-2016-5731 | medium | 6.1 | 6.1 | 10y ago | phpMyAdmin Cross-site scripting (XSS) vulnerability | |||
| CVE-2016-5705 | medium | 6.1 | 6.1 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) … | |||
| CVE-2016-5704 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the table-structure page in phpMyAdmin 4.6.x before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving a comment. | |||
| CVE-2016-5701 | medium | 6.1 | 6.1 | 10y ago | phpMyAdmin vulnerable to Cross-site Scripting | |||
| CVE-2016-2081 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-5834 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the wp_get_attachment_link function in wp-includes/post-template.php in WordPress before 4.5.3 allows remote attackers to inject arbitrary web script or HT… |