CVEs from 2016
Total
8,452
critical
critical 1,165
high
high 3,521
medium
medium 3,172
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-9980 | medium | 5.4 | 5.4 | 9y ago | IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intende… | |||
| CVE-2016-9979 | medium | 5.4 | 5.4 | 9y ago | IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intende… | |||
| CVE-2016-3038 | medium | 5.4 | 5.4 | 9y ago | IBM Cognos TM1 10.1 and 10.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potential… | |||
| CVE-2016-0228 | medium | 5.4 | 5.4 | 9y ago | IBM Marketing Platform 10.0 could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in various scripts. An attacker could exploit this vulnerability to red… | |||
| CVE-2016-4870 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the Schedule function. | |||
| CVE-2016-4888 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ServiceDesk Plus before 9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-8927 | medium | 5.4 | 5.4 | 9y ago | IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering… | |||
| CVE-2016-5642 | medium | 5.4 | 5.4 | 9y ago | Opmantek NMIS before 8.5.12G has XSS via SNMP. | |||
| CVE-2016-4317 | medium | 5.4 | 5.4 | 9y ago | Atlassian Confluence Server before 5.9.11 has XSS on the viewmyprofile.action page. | |||
| CVE-2016-3031 | medium | 5.4 | 5.4 | 9y ago | IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially … | |||
| CVE-2016-3015 | medium | 5.4 | 5.4 | 9y ago | IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially … | |||
| CVE-2016-8935 | medium | 5.4 | 5.4 | 9y ago | IBM Kenexa LMS on Cloud 13.1, 13.2, 13.2.2, 13.2.3, 13.2.4 and 14.0.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus alt… | |||
| CVE-2016-6036 | medium | 5.4 | 5.4 | 9y ago | IBM Rational Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intende… | |||
| CVE-2016-6031 | medium | 5.4 | 5.4 | 9y ago | IBM Rational Quality Manager 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended func… | |||
| CVE-2016-6022 | medium | 5.4 | 5.4 | 9y ago | IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functio… | |||
| CVE-2016-9472 | medium | 5.4 | 5.4 | 9y ago | Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected XSS. The Revive Adserver web installer scripts were vulnerable to a reflected XSS attack via the dbHost, dbUser, and possibly other param… | |||
| CVE-2016-9465 | medium | 5.4 | 5.4 | 9y ago | Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Stored XSS in CardDAV image export. The CardDAV image export functionality as implemented in Nextcloud/ownCloud all… | |||
| CVE-2016-9457 | medium | 5.4 | 5.4 | 9y ago | Revive Adserver before 3.2.3 suffers from Reflected XSS. `www/admin/stats.php` is vulnerable to reflected XSS attacks via multiple parameters that are not properly sanitised or escaped when displayed… | |||
| CVE-2016-9454 | medium | 5.4 | 5.4 | 9y ago | Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The banner image … | |||
| CVE-2016-9130 | medium | 5.4 | 5.4 | 9y ago | Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for persistent XSS attacks via the Revive Adserver user interface exists, requiring a trusted (non-admin) account. The website name … | |||
| CVE-2016-9128 | medium | 5.4 | 5.4 | 9y ago | Revive Adserver before 3.2.3 suffers from reflected XSS. The affiliate-preview.php script in www/admin is vulnerable to a reflected XSS attack. This vulnerability could be used by an attacker to stea… | |||
| CVE-2016-9126 | medium | 5.4 | 5.4 | 9y ago | Revive Adserver before 3.2.3 suffers from persistent XSS. Usernames are not properly escaped when displayed in the audit trail widget of the dashboard upon login, allowing persistent XSS attacks. An … | |||
| CVE-2016-9737 | medium | 5.4 | 5.4 | 9y ago | IBM TRIRIGA 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentia… | |||
| CVE-2016-6056 | medium | 5.4 | 5.4 | 9y ago | IBM Call Center for Commerce 9.3 and 9.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionali… | |||
| CVE-2016-9696 | medium | 5.4 | 5.4 | 9y ago | IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the secu… | |||
| CVE-2016-9694 | medium | 5.4 | 5.4 | 9y ago | IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pote… | |||
| CVE-2016-9006 | medium | 5.4 | 5.4 | 9y ago | IBM UrbanCode Deploy 6.1 and 6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality poten… | |||
| CVE-2016-5932 | medium | 5.4 | 5.4 | 9y ago | IBM Connections 4.0, 4.5, 5.0, and 5.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality… | |||
| CVE-2016-9261 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in Tenable Log Correlation Engine (aka LCE) before 4.8.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-9259 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-6055 | medium | 5.4 | 5.4 | 9y ago | IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended… | |||
| CVE-2016-8968 | medium | 5.4 | 5.4 | 9y ago | IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leadin… | |||
| CVE-2016-10223 | medium | 5.4 | 5.4 | 9y ago | An issue was discovered in BigTree CMS before 4.2.15. The vulnerability exists due to insufficient filtration of user-supplied data in the "id" HTTP GET parameter passed to the "core/admin/adjax/dash… | |||
| CVE-2016-3101 | medium | 5.4 | 5.4 | 9y ago | Jenkins Extra Columns Plugin allows Cross-Site Scripting (XSS) | |||
| CVE-2016-0310 | medium | 5.4 | 5.4 | 9y ago | IBM Connections 5.5 and earlier is vulnerable to possible host header injection attack that could cause navigation to the attacker's domain. | |||
| CVE-2016-0305 | medium | 5.4 | 5.4 | 9y ago | IBM Connections is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execut… | |||
| CVE-2016-6032 | medium | 5.4 | 5.4 | 9y ago | IBM Rational Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functiona… | |||
| CVE-2016-1566 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in the file browser in Guacamole 0.9.8 and 0.9.9, when file transfer is enabled to a location shared by multiple users, allows remote authenticated users to i… | |||
| CVE-2016-8999 | medium | 5.4 | 5.4 | 10y ago | IBM InfoSphere Information Server contains a Path-relative stylesheet import vulnerability that allows attackers to render a page in quirks mode thereby facilitating an attacker to inject malicious C… | |||
| CVE-2016-8929 | medium | 5.4 | 5.4 | 10y ago | IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the… | |||
| CVE-2016-5942 | medium | 5.4 | 5.4 | 10y ago | IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially le… | |||
| CVE-2016-5940 | medium | 5.4 | 5.4 | 10y ago | IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially le… | |||
| CVE-2016-2992 | medium | 5.4 | 5.4 | 10y ago | IBM Infosphere BigInsights is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially… | |||
| CVE-2016-2924 | medium | 5.4 | 5.4 | 10y ago | IBM Infosphere BigInsights is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted UR… | |||
| CVE-2016-0218 | medium | 5.4 | 5.4 | 10y ago | IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerabi… | |||
| CVE-2016-0217 | medium | 5.4 | 5.4 | 10y ago | IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vul… | |||
| CVE-2016-9731 | medium | 5.4 | 5.4 | 10y ago | IBM Business Process Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potential… | |||
| CVE-2016-8943 | medium | 5.4 | 5.4 | 10y ago | IBM Tivoli Storage Productivity Center is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality… | |||
| CVE-2016-8934 | medium | 5.4 | 5.4 | 10y ago | IBM WebSphere Application Server is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality poten… | |||
| CVE-2016-8920 | medium | 5.4 | 5.4 | 10y ago | IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended funct… | |||
| CVE-2016-8911 | medium | 5.4 | 5.4 | 10y ago | IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could… | |||
| CVE-2016-6125 | medium | 5.4 | 5.4 | 10y ago | IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended funct… | |||
| CVE-2016-6123 | medium | 5.4 | 5.4 | 10y ago | IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended funct… | |||
| CVE-2016-6072 | medium | 5.4 | 5.4 | 10y ago | IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentiall… | |||
| CVE-2016-6061 | medium | 5.4 | 5.4 | 10y ago | IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leadin… | |||
| CVE-2016-6054 | medium | 5.4 | 5.4 | 10y ago | IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leadin… | |||
| CVE-2016-6047 | medium | 5.4 | 5.4 | 10y ago | IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality poten… | |||
| CVE-2016-6046 | medium | 5.4 | 5.4 | 10y ago | IBM Tivoli Storage Manager Operations Center is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functio… | |||
| CVE-2016-6039 | medium | 5.4 | 5.4 | 10y ago | IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality poten… | |||
| CVE-2016-6030 | medium | 5.4 | 5.4 | 10y ago | IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leadin… | |||
| CVE-2016-5980 | medium | 5.4 | 5.4 | 10y ago | IBM TRIRIGA Application Platform is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality poten… | |||
| CVE-2016-5951 | medium | 5.4 | 5.4 | 10y ago | IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality poten… | |||
| CVE-2016-5948 | medium | 5.4 | 5.4 | 10y ago | IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality poten… | |||
| CVE-2016-5899 | medium | 5.4 | 5.4 | 10y ago | IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality poten… | |||
| CVE-2016-5897 | medium | 5.4 | 5.4 | 10y ago | IBM Jazz Reporting Service (JRS) is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the secur… | |||
| CVE-2016-5880 | medium | 5.4 | 5.4 | 10y ago | IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to cred… | |||
| CVE-2016-0265 | medium | 5.4 | 5.4 | 10y ago | IBM Campaign is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute s… | |||
| CVE-2016-9260 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to handling of .nessus files. | |||
| CVE-2016-8323 | medium | 5.4 | 5.4 | 10y ago | Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 5.1.0, 5.2.0 and 11.5.0. Easily ex… | |||
| CVE-2016-8316 | medium | 5.4 | 5.4 | 10y ago | Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0… | |||
| CVE-2016-8306 | medium | 5.4 | 5.4 | 10y ago | Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0… | |||
| CVE-2016-8304 | medium | 5.4 | 5.4 | 10y ago | Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.… | |||
| CVE-2016-5623 | medium | 5.4 | 5.4 | 10y ago | Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2… | |||
| CVE-2016-5014 | medium | 5.4 | 5.4 | 10y ago | Moodle sensitive information disclosure | |||
| CVE-2016-5013 | medium | 5.4 | 5.4 | 10y ago | Moodle Does Not Escape Characters In Email Headers | |||
| CVE-2016-7150 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the site name. | |||
| CVE-2016-6858 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in the Create Employee feature in Hybris Management Console (HMC) in SAP Hybris before 5.0.4.11, 5.1.0.x before 5.1.0.11, 5.1.1.x before 5.1.1.12, 5.2.0.x and… | |||
| CVE-2016-6857 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in the Create Catalogue feature in Hybris Management Console (HMC) in SAP Hybris before 5.2.0.13, 5.3.x before 5.3.0.11, 5.4.x before 5.4.0.11, 5.5.0.x before… | |||
| CVE-2016-9891 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in admin/media.php and admin/media_item.php in Dotclear before 2.11 allows remote authenticated users to inject arbitrary web script or HTML via the upfiletit… | |||
| CVE-2016-7463 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in the Host Client in VMware vSphere Hypervisor (aka ESXi) 5.5 and 6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted … | |||
| CVE-2016-9681 | medium | 5.4 | 5.4 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in Serendipity before 2.0.5 allow remote authenticated users to inject arbitrary web script or HTML via a category or directory name. | |||
| CVE-2016-9757 | medium | 5.4 | 5.4 | 10y ago | In the Create Tags page of the Rapid7 Nexpose version 6.4.12 user interface, any authenticated user who has the capability to create tags can inject cross-site scripting (XSS) elements in the tag nam… | |||
| CVE-2016-3173 | medium | 5.4 | 5.4 | 10y ago | An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. The aria-label parameter of tiles at the Portal can be used to inject script code. Those labels use the name of the file (e.g. … | |||
| CVE-2016-6626 | medium | 5.4 | 5.4 | 10y ago | An issue was discovered in phpMyAdmin. An attacker could redirect a user to a malicious web page. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to… | |||
| CVE-2016-2994 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in IBM UrbanCode Deploy 6.2.x before 6.2.1.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-2991 | medium | 5.4 | 5.4 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Protector for Mail Security 2.8.0.0 through 2.8.1.0 before 2.8.1.0-22115 allow remote authenticated users to inject arbitrary web scri… | |||
| CVE-2016-2955 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-2869 | medium | 5.4 | 5.4 | 10y ago | Multiple cross-site scripting (XSS) vulnerabilities in the UI in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allow remote authenticated users to inject arbitrary web script or HTML v… | |||
| CVE-2016-5905 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.10 IF3 and 7.6 before 7.6.0.5 IF2 allows remote authenticated users to inject arbitrary web script or HTML via… | |||
| CVE-2016-3014 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Quality Manager 4.0 before 4.0.7 iFix11 and 5… | |||
| CVE-2016-2926 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Quality Manager 4.0 … | |||
| CVE-2016-0316 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 and 6.0.2 before iFix003 allows remote authenticated users to… | |||
| CVE-2016-5981 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in IBM FileNet Workplace XT through 1.1.5.2-WPXT-LA011 and FileNet Workplace (Application Engine) through 4.0.2.14-P8AE-IF001, when RegExpSecurityFilter and S… | |||
| CVE-2016-5955 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in IBM Rational DOORS Next Generation 6.0.2 before iFix004 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2016-2986 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 6.x before 6.0.1 iFix6, Rational Quality Manager 6.x before 6.0.1 iFix6, Rational Team Concert 6.x before 6… | |||
| CVE-2016-2864 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rationa… | |||
| CVE-2016-0285 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rationa… | |||
| CVE-2016-0284 | medium | 5.4 | 5.4 | 10y ago | The XML parser in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 … | |||
| CVE-2016-0282 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in IBM iNotes before 8.5.3 FP6 IF2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka SPR KLYHAAHNUS. | |||
| CVE-2016-0273 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rationa… |