CVEs from 2016
Total
8,453
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-5833 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the column_title function in wp-admin/includes/class-wp-media-list-table.php in WordPress before 4.5.3 allows remote attackers to inject arbitrary web scri… | |||
| CVE-2016-0229 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in IBM Marketing Platform 8.6.x and 9.x before 9.1.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||
| CVE-2016-4513 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the Schneider Electric PowerLogic PM8ECC module before 2.651 for PowerMeter 800 devices allows remote attackers to inject arbitrary web script or HTML via … | |||
| CVE-2016-4827 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a d… | |||
| CVE-2016-4826 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a d… | |||
| CVE-2016-1439 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Contact Center Enterprise through 10.5(2) allows remote attackers to inject arbitrary web script or HTML via a cr… | |||
| CVE-2016-1226 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Trend Micro Internet Security 8 and 10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-1197 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.x before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2… | |||
| CVE-2016-1396 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices w… | |||
| CVE-2016-1224 | medium | 6.1 | 6.1 | 10y ago | CRLF injection vulnerability in Trend Micro Worry-Free Business Security Service 5.x and Worry-Free Business Security 9.0 allows remote attackers to inject arbitrary HTTP headers and conduct cross-si… | |||
| CVE-2016-1431 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, … | |||
| CVE-2016-5433 | medium | 6.1 | 6.1 | 10y ago | Citrix iOS Receiver before 7.0 allows attackers to cause TLS certificates to be incorrectly validated via unspecified vectors. | |||
| CVE-2016-4164 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Adobe Brackets before 1.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-4159 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 20, 11 before Update 9, and 2016 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unspe… | |||
| CVE-2016-3212 | medium | 6.1 | 6.1 | 10y ago | The XSS Filter in Microsoft Internet Explorer 9 through 11 does not properly identify JavaScript, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafte… | |||
| CVE-2016-2833 | medium | 6.1 | 6.1 | 10y ago | Mozilla Firefox before 47.0 ignores Content Security Policy (CSP) directives for cross-domain Java applets, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks vi… | |||
| CVE-2016-4363 | medium | 6.1 | 6.1 | 10y ago | HPE Insight Control server deployment allows remote attackers to modify data via unspecified vectors. | |||
| CVE-2016-2078 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the Web Client in VMware vCenter Server 5.1 before update 3d, 5.5 before update 3d, and 6.0 before update 2 on Windows allows remote attackers to inject ar… | |||
| CVE-2016-1682 | medium | 6.1 | 6.1 | 10y ago | The ServiceWorkerContainer::registerServiceWorkerImpl function in WebKit/Source/modules/serviceworkers/ServiceWorkerContainer.cpp in Blink, as used in Google Chrome before 51.0.2704.63, allows remote… | |||
| CVE-2016-1230 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in NTT PC Communications WebARENA Service formmail before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-1222 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Kobe Beauty php-contact-form before 2016-05-18 allows remote attackers to inject arbitrary web script or HTML via a crafted URI. | |||
| CVE-2016-4812 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the Markdown on Save Improved plugin before 2.5.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-1211 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Epoch Web Mailing List 0.31 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-4945 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in vpn/js/gateway_login_form_view.js in Citrix NetScaler Gateway 11.0 before Build 66.11 allows remote attackers to inject arbitrary web script or HTML via th… | |||
| CVE-2016-4789 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the system configuration section in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, a… | |||
| CVE-2016-4575 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the email APP in Huawei PLK smartphones with software AL10C00 before AL10C00B211 and AL10C92 before AL10C92B211; ATH smartphones with software AL00C00 befo… | |||
| CVE-2016-4783 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Lenovo SHAREit before 3.5.98_ww on Android before 4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universa… | |||
| CVE-2016-2153 | medium | 6.1 | 6.1 | 10y ago | Moodle Reflected XSS in mod_data advanced search | |||
| CVE-2016-2152 | medium | 6.1 | 6.1 | 10y ago | Moodle XSS from profile fields from external db | |||
| CVE-2016-4567 | medium | 6.1 | 6.1 | 10y ago | MediaElement Vulnerable to Reflected XSS | |||
| CVE-2016-4566 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-O… | |||
| CVE-2016-1564 | medium | 6.1 | 6.1 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/class-wp-theme.php in WordPress before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via a (1) stylesheet name… | |||
| CVE-2016-1401 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Computing System (UCS) Central Software 1.4(1a) allows remote attackers to inject arbitrary web script or HTML vi… | |||
| CVE-2016-1807 | medium | 5.1 | 6.1 | 10y ago | Race condition in the Disk Images subsystem in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows local users to obtain sensitive information from kernel … | |||
| CVE-2016-1236 | medium | 6.1 | 6.1 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in (1) revision.php, (2) log.php, (3) listing.php, and (4) comp.php in WebSVN allow context-dependent attackers to inject arbitrary web script or H… | |||
| CVE-2016-1113 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 allows remote attackers to inject arbitrary web script or HTML via unspe… | |||
| CVE-2016-4561 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in… | |||
| CVE-2016-2350 | medium | 6.1 | 6.1 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities on the Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allow remote attackers to inject arbitrary web script or HTML via unspecified inp… | |||
| CVE-2016-0901 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulne… | |||
| CVE-2016-0900 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulne… | |||
| CVE-2016-0892 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-1205 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the shiro8 (1) category_freearea_ addition_plugin plugin 1.0 and (2) itemdetail_freearea_ addition_plugin plugin 1.0 for EC-CUBE allows remote attackers to… | |||
| CVE-2016-3126 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted … | |||
| CVE-2016-1918 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted … | |||
| CVE-2016-1917 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted … | |||
| CVE-2016-1036 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Adobe Analytics AppMeasurement for Flash Library before 4.0.1, when debugTracking is enabled, allows remote attackers to inject arbitrary web script or HTM… | |||
| CVE-2016-2305 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||
| CVE-2016-3463 | medium | 6.1 | 6.1 | 10y ago | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 12.0.3 allows remote attackers to affect confidentiality and integrity via vectors rela… | |||
| CVE-2016-3416 | medium | 6.1 | 6.1 | 10y ago | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, 12.1.3, and 12.2.1 allows remote attackers to affect confidentiality and integrity via ve… | |||
| CVE-2016-0700 | medium | 6.1 | 6.1 | 10y ago | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors re… | |||
| CVE-2016-0675 | medium | 6.1 | 6.1 | 10y ago | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors re… | |||
| CVE-2016-0672 | medium | 6.1 | 6.1 | 10y ago | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 12.0.2 and 12.0.3 allows remote attackers to affect confidentiality and integrity via v… | |||
| CVE-2016-0640 | medium | 6.1 | 6.1 | 10y ago | Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users… | |||
| CVE-2016-0479 | medium | 6.1 | 6.1 | 10y ago | Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote attackers to affect confide… | |||
| CVE-2016-1652 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the Extensions subsystem in Google Chrome before 50.0.2661.75 allow… | |||
| CVE-2016-2423 | medium | 6.1 | 6.1 | 10y ago | server/telecom/CallsManager.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider whether a device is provisioned… | |||
| CVE-2016-2421 | medium | 6.1 | 6.1 | 10y ago | Setup Wizard in Android 5.1.x before 5.1.1 and 6.x before 2016-04-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified … | |||
| CVE-2016-4016 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in SAP Manufacturing Integration and Intelligence (aka MII, formerly xMII) 15 allows remote attackers to inject arbitrary web script or HTML via the title par… | |||
| CVE-2016-3079 | medium | 6.1 | 6.1 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Spacewalk and Red Hat Satellite 5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to systems… | |||
| CVE-2016-2103 | medium | 6.1 | 6.1 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the list_1680466951_oldfilterval parameter to systems/… | |||
| CVE-2016-2228 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in horde/templates/topbar/_menubar.html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inje… | |||
| CVE-2016-1377 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Cisco Unity Connection through 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCus21776. | |||
| CVE-2016-4003 | medium | 6.1 | 6.1 | 10y ago | Cross-site Scripting in Apache Struts | |||
| CVE-2016-2162 | medium | 6.1 | 6.1 | 10y ago | Apache Struts XSS Vulnerability | |||
| CVE-2016-2163 | medium | 6.1 | 6.1 | 10y ago | Apache OpenMeetings Cross-site Scripting vulnerability | |||
| CVE-2016-0712 | medium | 6.1 | 6.1 | 10y ago | Cross-site Scripting in Apache Jetspeed | |||
| CVE-2016-0711 | medium | 6.1 | 6.1 | 10y ago | Apache Jetspeed vulnerable to Cross-site Scripting | |||
| CVE-2016-3984 | medium | 5.1 | 6.1 | 10y ago | The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response (MAR) before 1.1.0.161, Agent (MA) 5.x before 5.0.2 Hotfix 1110392 (5.0.2.333), Data Exchange Layer 2.x (DXL) before 2.0.1.140.1,… | |||
| CVE-2016-1375 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Cisco IP Interoperability and Collaboration System 4.10(1) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSC… | |||
| CVE-2016-1180 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the Cyber-Will Social-button Premium plugin before 1.1 for EC-CUBE 2.13.x allows remote attackers to inject arbitrary web script or HTML via unspecified ve… | |||
| CVE-2016-3978 | medium | 6.1 | 6.1 | 10y ago | The Web User Interface (WebUI) in FortiOS 5.0.x before 5.0.13, 5.2.x before 5.2.3, and 5.4.x before 5.4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks… | |||
| CVE-2016-2789 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the Web User Interface in Citrix XenMobile Server 10.0, 10.1 before Rolling Patch 4, and 10.3 before Rolling Patch 1 allows remote attackers to inject arbi… | |||
| CVE-2016-0789 | medium | 6.1 | 6.1 | 10y ago | Jenkins has CRLF Injection Vulnerability in the CLI | |||
| CVE-2016-2511 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in WebSVN 2.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the path parameter to log.php. | |||
| CVE-2016-3975 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to inject arbitrary web script or HTML via the navigationTarget parameter to irj/servlet/prt/… | |||
| CVE-2016-0734 | medium | 6.1 | 6.1 | 10y ago | Improper Neutralization of Input During Web Page Generation in Apache ActiveMQ | |||
| CVE-2016-1173 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the Menubook plugin before 0.9.3 for baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-1171 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the Recruit plugin before 0.9.3 for baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-1169 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the Casebook plugin before 0.9.4 for baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-3969 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in McAfee Email Gateway (MEG) 7.6.x before 7.6.404, when File Filtering is enabled with the action set to ESERVICES:REPLACE, allows remote attackers to inject… | |||
| CVE-2016-3968 | medium | 6.1 | 6.1 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in Sophos Cyberoam CR100iNG UTM appliance with firmware 10.6.3 MR-1 build 503, CR35iNG UTM appliance with firmware 10.6.2 MR-1 build 383, and CR35i… | |||
| CVE-2016-1177 | medium | 6.1 | 6.1 | 10y ago | The management screen in Falcon WisePoint 4.3.1 and earlier and WisePoint Authenticator 4.1.19.22 and earlier allows remote attackers to conduct clickjacking attacks via unspecified vectors. | |||
| CVE-2016-1314 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager (CDM) 8.1(1) allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka Bu… | |||
| CVE-2016-1160 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the WP Favorite Posts plugin before 1.6.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-1599 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in NetIQ Self Service Password Reset (SSPR) 2.x and 3.x before 3.3.1 HF2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||
| CVE-2016-0283 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the OpenID Connect (OIDC) client web application in IBM WebSphere Application Server (WAS) Liberty Profile 8.5.5 before 8.5.5.9 allows remote attackers to … | |||
| CVE-2016-2287 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in XZERES 442SR OS on 442SR wind turbines allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-0832 | medium | 6.1 | 6.1 | 10y ago | Setup Wizard in Android 5.1.x before LMY49H and 6.x before 2016-03-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified… | |||
| CVE-2016-1355 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the Device Management UI in the management interface in Cisco FireSIGHT System Software 6.1.0 allows remote attackers to inject arbitrary web script or HTM… | |||
| CVE-2016-1354 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager (UCDM) 8.x before 8.1.1 allows remote attackers to inject arbitrary web script or HTML via crafted markup data,… | |||
| CVE-2016-2560 | medium | 6.1 | 6.1 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML… | |||
| CVE-2016-0244 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.… | |||
| CVE-2016-0243 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.… | |||
| CVE-2016-1157 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in log_chat.cgi in Script* Log-Chat before 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-0725 | medium | 6.1 | 6.1 | 10y ago | Moodle Cross-site scripting (XSS) vulnerability in course management search | |||
| CVE-2016-2072 | medium | 6.1 | 6.1 | 10y ago | The Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, 10.5.e before Build 59.130… | |||
| CVE-2016-2046 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in the UserPortal page in SOPHOS UTM before 9.353 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | |||
| CVE-2016-1150 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than C… | |||
| CVE-2016-1149 | medium | 6.1 | 6.1 | 10y ago | Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than C… | |||
| CVE-2016-2387 | medium | 6.1 | 6.1 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Java Proxy Runtime ProxyServer servlet in SAP NetWeaver 7.4 allow remote attackers to inject arbitrary web script or HTML via the (1) ns or … |