CVEs from 2017
Total
11,613
critical
critical 1,650
high
high 5,043
medium
medium 4,169
low
low 159
% Critical
14.2%
% with KEV
0.7%
% with exploit
9.9%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-12296 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected system. The vulnerability … | |||
| CVE-2017-12288 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the web-based management interface of Cisco Unified Contact Center Express could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a … | |||
| CVE-2017-12272 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the web framework code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface o… | |||
| CVE-2017-8024 | medium | 6.1 | 6.1 | 9y ago | EMC Isilon OneFS (versions prior to 8.1.0.1, versions prior to 8.0.1.2, versions prior to 8.0.0.6, version 7.2.1.x) is impacted by a reflected cross-site scripting vulnerability that may potentially … | |||
| CVE-2017-15574 | medium | 6.1 | 6.1 | 9y ago | In Redmine before 3.2.6 and 3.3.x before 3.3.3, stored XSS is possible by using an SVG document as an attachment. | |||
| CVE-2017-15573 | medium | 6.1 | 6.1 | 9y ago | In Redmine before 3.2.6 and 3.3.x before 3.3.3, XSS exists because markup is mishandled in wiki content. | |||
| CVE-2017-15571 | medium | 6.1 | 6.1 | 9y ago | In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/issues/_list.html.erb via crafted column data. | |||
| CVE-2017-15570 | medium | 6.1 | 6.1 | 9y ago | In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/views/timelog/_list.html.erb via crafted column data. | |||
| CVE-2017-15569 | medium | 6.1 | 6.1 | 9y ago | In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/queries_helper.rb via a multi-value field with a crafted value that is mishandled during rendering of an… | |||
| CVE-2017-15568 | medium | 6.1 | 6.1 | 9y ago | In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/application_helper.rb via a multi-value field with a crafted value that is mishandled during rendering o… | |||
| CVE-2017-15384 | medium | 6.1 | 6.1 | 9y ago | rate-me.php in Rate Me 1.0 has XSS via the id field in a rate action. | |||
| CVE-2017-15294 | medium | 6.1 | 6.1 | 9y ago | The Java administration console in SAP CRM has XSS. This is SAP Security Note 2478964. | |||
| CVE-2017-15375 | medium | 6.1 | 6.1 | 9y ago | Multiple client-side cross site scripting vulnerabilities have been discovered in the WpJobBoard v4.5.1 web-application for WordPress. The vulnerabilities are located in the `query` and `id` paramete… | |||
| CVE-2017-15362 | medium | 6.1 | 6.1 | 9y ago | osTicket 1.10.1 allows arbitrary client-side JavaScript code execution on victims who click a crafted support/scp/tickets.php?status= link, aka XSS. Session ID and data theft may follow as well as th… | |||
| CVE-2017-15305 | medium | 6.1 | 6.1 | 9y ago | XSS exists in NexusPHP 1.5 via the keyword parameter to messages.php. | |||
| CVE-2017-8017 | medium | 6.1 | 6.1 | 9y ago | EMC Network Configuration Manager (NCM) 9.3.x, 9.4.0.x, 9.4.1.x, and 9.4.2.x is affected by a reflected cross-site scripting Vulnerability that could potentially be exploited by malicious users to co… | |||
| CVE-2017-14372 | medium | 6.1 | 6.1 | 9y ago | RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting vulnerabilities via certain RSA Archer Help pages. Attackers could potentially exploit this to execute arbitrary… | |||
| CVE-2017-14371 | medium | 6.1 | 6.1 | 9y ago | RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected cross-site scripting via the request URL. Attackers could potentially exploit this to execute arbitrary HTML in the user's browser se… | |||
| CVE-2017-14588 | medium | 6.1 | 6.1 | 9y ago | Various resources in Atlassian Fisheye and Crucible before version 4.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the dialog par… | |||
| CVE-2017-15215 | medium | 6.1 | 6.1 | 9y ago | Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php. If the victim is an administrator, an attacker can (fo… | |||
| CVE-2017-15194 | medium | 6.1 | 6.1 | 9y ago | include/global_session.php in Cacti 1.1.25 has XSS related to (1) the URI or (2) the refresh page. | |||
| CVE-2017-1503 | medium | 6.1 | 6.1 | 9y ago | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the s… | |||
| CVE-2017-15216 | medium | 6.1 | 6.1 | 9y ago | MISP before 2.4.81 has a potential reflected XSS in a quickDelete action that is used to delete a sighting, related to app/View/Sightings/ajax/quickDeleteConfirmationForm.ctp and app/webroot/js/misp.… | |||
| CVE-2017-13994 | medium | 6.1 | 6.1 | 9y ago | A Cross-site Scripting issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web interface lacks proper web request validation, which could allow XSS attacks to occur if an authenticat… | |||
| CVE-2017-14354 | medium | 6.1 | 6.1 | 9y ago | A remote cross-site scripting vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33 could be remotely exploited to allow cross-site … | |||
| CVE-2017-12265 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attac… | |||
| CVE-2017-12258 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the web-based UI of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack. The vulnerability exists b… | |||
| CVE-2017-12257 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface … | |||
| CVE-2017-1000109 | medium | 6.1 | 6.1 | 9y ago | Persistent XSS vulnerability in Jenkins OWASP Dependency-Check Plugin | |||
| CVE-2017-8047 | medium | 6.1 | 6.1 | 9y ago | In Cloud Foundry router routing-release all versions prior to v0.163.0 and cf-release all versions prior to v274, in some applications, it is possible to append a combination of characters to the URL… | |||
| CVE-2017-15009 | medium | 6.1 | 6.1 | 9y ago | PRTG Network Monitor version 17.3.33.2830 is vulnerable to reflected Cross-Site Scripting on error.htm (the error page), via the errormsg parameter. | |||
| CVE-2017-14995 | medium | 6.1 | 6.1 | 9y ago | The Management Console in WSO2 Application Server 5.3.0, WSO2 Business Process Server 3.6.0, WSO2 Business Rules Server 2.2.0, WSO2 Complex Event Processor 4.2.0, WSO2 Dashboard Server 2.0.0, WSO2 Da… | |||
| CVE-2017-14756 | medium | 6.1 | 6.1 | 9y ago | OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Cross-Site Scripting: /xAdmin/html/Deployment (… | |||
| CVE-2017-14755 | medium | 6.1 | 6.1 | 9y ago | OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to Cross-Site Scripting: /xAdmin/html/XPressoDoc, … | |||
| CVE-2017-12792 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in NexusPHP 1.5 allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) a… | |||
| CVE-2017-14957 | medium | 6.1 | 6.1 | 9y ago | Stored XSS vulnerability via a comment in inc/conv.php in BlogoText before 3.7.6 allows an unauthenticated attacker to inject JavaScript. If the victim is an administrator, an attacker can (for examp… | |||
| CVE-2017-14920 | medium | 6.1 | 6.1 | 9y ago | eGroupware Community Edition Stored XSS vulnerability | |||
| CVE-2017-14352 | medium | 6.1 | 6.1 | 9y ago | A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. These vulnerabilities could be remotely exploited to allow … | |||
| CVE-2017-13986 | medium | 6.1 | 6.1 | 9y ago | A reflected Cross-Site Scripting(XSS) vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows for unintended information when a speci… | |||
| CVE-2017-7554 | medium | 6.1 | 6.1 | 9y ago | It was found that the App Studio component of RHMAP 4.4 executes javascript provided by a user. An attacker could use this flaw to execute a stored XSS attack on an application administrator using Ap… | |||
| CVE-2017-11479 | medium | 6.1 | 6.1 | 9y ago | Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) vulnerability in Timelion that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of… | |||
| CVE-2017-10701 | medium | 6.1 | 6.1 | 9y ago | Cross site scripting (XSS) vulnerability in SAP Enterprise Portal 7.50 allows remote attackers to inject arbitrary web script or HTML, aka SAP Security Notes 2469860, 2471209, and 2488516. | |||
| CVE-2017-1591 | medium | 6.1 | 6.1 | 9y ago | IBM WebSphere DataPower Appliances 7.0.0 through 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended… | |||
| CVE-2017-14622 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in the 2kb Amazon Affiliates Store plugin before 2.1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page… | |||
| CVE-2017-14525 | medium | 6.1 | 6.1 | 9y ago | Multiple open redirect vulnerabilities in OpenText Documentum Webtop 6.8.0160.0073 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in the st… | |||
| CVE-2017-14524 | medium | 6.1 | 6.1 | 9y ago | Multiple open redirect vulnerabilities in OpenText Documentum Administrator 7.2.0180.0055 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in… | |||
| CVE-2017-14765 | medium | 6.1 | 6.1 | 9y ago | GeniXCMS Cross-site Scripting (XSS) via the Menu ID field | |||
| CVE-2017-14762 | medium | 6.1 | 6.1 | 9y ago | GeniXCMS Cross-site Scripting (XSS) via id parameter | |||
| CVE-2017-14761 | medium | 6.1 | 6.1 | 9y ago | GeniXCMS Cross-site Scripting (XSS) vulnerability via id parameter | |||
| CVE-2017-14751 | medium | 6.1 | 6.1 | 9y ago | The Intense WP "WP Jobs" plugin 1.5 for WordPress has XSS, related to the Job Qualification field. | |||
| CVE-2017-14744 | medium | 6.1 | 6.1 | 9y ago | UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element. | |||
| CVE-2017-14735 | medium | 6.1 | 6.1 | 9y ago | OWASP AntiSamy Cross-site Scripting vulnerability | |||
| CVE-2017-9551 | medium | 6.1 | 6.1 | 9y ago | Mahara 15.04 before 15.04.14 and 16.04 before 16.04.8 and 16.10 before 16.10.5 and 17.04 before 17.04.3 are vulnerable to a user submitting potential dangerous payload, e.g. XSS code, to be saved as … | |||
| CVE-2017-1551 | medium | 6.1 | 6.1 | 9y ago | IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploi… | |||
| CVE-2017-14726 | medium | 6.1 | 6.1 | 9y ago | Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor. | |||
| CVE-2017-14724 | medium | 6.1 | 6.1 | 9y ago | Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery. | |||
| CVE-2017-14721 | medium | 6.1 | 6.1 | 9y ago | Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name. | |||
| CVE-2017-14720 | medium | 6.1 | 6.1 | 9y ago | Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name. | |||
| CVE-2017-14718 | medium | 6.1 | 6.1 | 9y ago | Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL. | |||
| CVE-2017-12254 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the web interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to perform a Document Object Model (DOM)-based cross-site scripting attack. T… | |||
| CVE-2017-12248 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the web framework code of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user o… | |||
| CVE-2017-14615 | medium | 6.1 | 6.1 | 9y ago | An FBX-5313 issue was discovered in WatchGuard Fireware before 12.0. When a failed login attempt is made to the login endpoint of the XML-RPC interface, if JavaScript code, properly encoded to be con… | |||
| CVE-2017-14142 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in Kaltura before 13.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) partnerId or (2) playerVersion parameter to serv… | |||
| CVE-2017-14534 | medium | 6.1 | 6.1 | 9y ago | Cross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via the PATH_INFO to location.php, related to PHP_SELF. | |||
| CVE-2017-12156 | medium | 6.1 | 6.1 | 9y ago | Moodle XSS Vulnerability | |||
| CVE-2017-14510 | medium | 6.1 | 6.1 | 9y ago | An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). The WebToLeadCapture functionality is found vulnerable to unau… | |||
| CVE-2017-14498 | medium | 6.1 | 6.1 | 9y ago | Silverstripe CMS XSS Vulnerability | |||
| CVE-2017-1002150 | medium | 6.1 | 6.1 | 9y ago | python-fedora 0.8.0 and lower is vulnerable to an open redirect resulting in loss of CSRF protection | |||
| CVE-2017-1002017 | medium | 6.1 | 6.1 | 9y ago | Vulnerability in wordpress plugin gift-certificate-creator v1.0, The code in gc-list.php doesn't sanitize user input to prevent a stored XSS vulnerability. | |||
| CVE-2017-14416 | medium | 6.1 | 6.1 | 9y ago | D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/wandetect.php. | |||
| CVE-2017-14415 | medium | 6.1 | 6.1 | 9y ago | D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/sitesurvey.php. | |||
| CVE-2017-14414 | medium | 6.1 | 6.1 | 9y ago | D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/shareport.php. | |||
| CVE-2017-14413 | medium | 6.1 | 6.1 | 9y ago | D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/wpsacts.php. | |||
| CVE-2017-8758 | medium | 6.1 | 6.1 | 9y ago | Microsoft Exchange Server 2016 allows an elevation of privilege vulnerability when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Cross-Sit… | |||
| CVE-2017-14347 | medium | 6.1 | 6.1 | 9y ago | NexusPHP 1.5.beta5.20120707 has XSS in the returnto parameter to fun.php in a delete action. | |||
| CVE-2017-14313 | medium | 6.1 | 6.1 | 9y ago | The shibboleth_login_form function in shibboleth.php in the Shibboleth plugin before 1.8 for WordPress is prone to an XSS vulnerability due to improper use of add_query_arg(). | |||
| CVE-2017-14268 | medium | 6.1 | 6.1 | 9y ago | EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices have XSS in the sms_content parameter in a getSMSlist request. | |||
| CVE-2017-8041 | medium | 6.1 | 6.1 | 9y ago | In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, a user can execute a XSS attack on certain Single Sign-On service UI pages by inputt… | |||
| CVE-2017-6789 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the Cisco Unified Intelligence Center web interface could allow an unauthenticated, remote attacker to impact the integrity of the system by executing a Document Object Model (DOM)… | |||
| CVE-2017-12220 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack aga… | |||
| CVE-2017-12212 | medium | 6.1 | 6.1 | 9y ago | A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web inter… | |||
| CVE-2017-14195 | medium | 6.1 | 6.1 | 9y ago | The call_msg function in controllers/Form.php in dayrui FineCms 5.0.11 might have XSS related to the Referer HTTP header with Internet Explorer. | |||
| CVE-2017-14194 | medium | 6.1 | 6.1 | 9y ago | The out function in controllers/member/Login.php in dayrui FineCms 5.0.11 has XSS related to the Referer HTTP header with Internet Explorer. | |||
| CVE-2017-14193 | medium | 6.1 | 6.1 | 9y ago | The oauth function in controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the Referer HTTP header with Internet Explorer. | |||
| CVE-2017-14192 | medium | 6.1 | 6.1 | 9y ago | The checktitle function in controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the module field. | |||
| CVE-2017-1189 | medium | 6.1 | 6.1 | 9y ago | IBM WebSphere Portal and Web Content Manager 6.1, 7.0, and 8.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering th… | |||
| CVE-2017-12906 | medium | 6.1 | 6.1 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in NexusPHP allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) cheaters.php or (2) confirm_resend.php. | |||
| CVE-2017-12794 | medium | 6.1 | 6.1 | 9y ago | In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cr… | |||
| CVE-2017-12416 | medium | 6.1 | 6.1 | 9y ago | Cross-site scripting (XSS) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x b… | |||
| CVE-2017-1457 | medium | 6.1 | 6.1 | 9y ago | IBM QRadar Network Security 5.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potent… | |||
| CVE-2017-7855 | medium | 6.1 | 6.1 | 9y ago | In the webmail component in IceWarp Server 11.3.1.5, there was an XSS vulnerability discovered in the "language" parameter. | |||
| CVE-2017-14070 | medium | 6.1 | 6.1 | 9y ago | Cross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via the PATH_INFO to ipsearch.php, related to PHP_SELF. | |||
| CVE-2017-1450 | medium | 6.1 | 6.1 | 9y ago | IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote att… | |||
| CVE-2017-1443 | medium | 6.1 | 6.1 | 9y ago | IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functiona… | |||
| CVE-2017-14038 | medium | 6.1 | 6.1 | 9y ago | CrushFTP before 7.8.0 and 8.x before 8.2.0 has a redirect vulnerability. | |||
| CVE-2017-14037 | medium | 6.1 | 6.1 | 9y ago | CrushFTP before 7.8.0 and 8.x before 8.2.0 has an HTTP header vulnerability. | |||
| CVE-2017-14036 | medium | 6.1 | 6.1 | 9y ago | CrushFTP before 7.8.0 and 8.x before 8.2.0 has XSS. | |||
| CVE-2017-13778 | medium | 6.1 | 6.1 | 9y ago | Fiyo CMS 2.0.7 has XSS in dapur\apps\app_config\sys_config.php via the site_name parameter. | |||
| CVE-2017-13762 | medium | 6.1 | 6.1 | 9y ago | ONOS versions 1.8.0, 1.9.0, and 1.10.0 are vulnerable to XSS. | |||
| CVE-2017-1428 | medium | 6.1 | 6.1 | 9y ago | IBM Cognos Analytics 11.0 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnera… |