Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10257 | 1 Broadcom | 2 Advanced Secure Gateway, Symantec Proxysg | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7.2.1), ProxySG 6.5 (prior to 6.5.10.6), ProxySG 6.6, and ProxySG 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10256.
|
|||||
| CVE-2016-10256 | 1 Broadcom | 1 Symantec Proxysg | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Symantec ProxySG 6.5 (prior to 6.5.10.6), 6.6, and 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10257.
|
|||||
| CVE-2016-10245 | 1 Doxygen | 1 Doxygen | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Insufficient sanitization of the query parameter in templates/html/search_opensearch.php could lead to reflected cross-site scripting or iframe injection.
|
|||||
| CVE-2016-1000237 | 1 Apostrophecms | 1 Sanitize-html | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
sanitize-html before 1.4.3 has XSS.
|
|||||
| CVE-2016-1000229 | 2 Redhat, Smartbear | 3 Jboss Fuse, Openshift, Swagger-ui | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
swagger-ui has XSS in key names
|
|||||
| CVE-2016-1000037 | 2 Fedoraproject, Redhat | 3 Fedora, Enterprise Linux, Pagure | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Pagure: XSS possible in file attachment endpoint
|
|||||
| CVE-2016-1000029 | 1 Tenable | 1 Nessus | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Tenable Nessus before 6.8 has a stored XSS issue that requires admin-level authentication to the Nessus UI, and would potentially impact other admins (Tenable IDs 5218 and 5269).
|
|||||
| CVE-2016-1000028 | 1 Tenable | 1 Nessus | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Tenable Nessus before 6.8 has a stored XSS issue that requires admin-level authentication to the Nessus UI, and would only potentially impact other admins. (Tenable ID 5198).
|
|||||
| CVE-2016-0344 | 1 Ibm | 1 Tririga Application Platform | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the My Reports component in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.3, and 3.5 before 3.5.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 111785.
|
|||||
| CVE-2016-0336 | 1 Ibm | 1 Security Identity Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 111737.
|
|||||
| CVE-2016-0311 | 1 Ibm | 1 Tivoli Business Service Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in IBM Tivoli Business Service Manager 6.1.0 before 6.1.0-TIV-BSM-FP0004 and 6.1.1 before 6.1.1-TIV-BSM-FP0004 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 111480.
|
|||||
| CVE-2016-0303 | 1 Ibm | 1 Tivoli Integrated Portal | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in IBM Tivoli Integrated Portal 2.2.0.0 through 2.2.0.15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
|||||
| CVE-2016-0261 | 1 Ibm | 2 Care Management, Curam Social Program Management | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0.0 before SP2 EP29, 6.0.4 before 6.0.4.6 iFix3, 6.0.5 before 6.0.5.9 iFix2, 6.1.0 before 6.1.0.1 iFix1, and 6.1.1 before 6.1.1.1 iFix1; and IBM Care Management 6.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 110604.
|
|||||
| CVE-2016-0253 | 1 Ibm | 1 Financial Transaction Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in IBM Financial Transaction Manager (FTM) for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager (FTM) for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager (FTM) for Corporate Payment Services (CPS) for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 11 ...
Show More |
|||||
| CVE-2016-0223 | 1 Ibm | 1 Forms Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the Webform Framework API in IBM Forms Server 4.0.x, 8.0.x, 8.1, and 8.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 110006.
|
|||||
| CVE-2015-9549 | 1 Ocportal | 1 Ocportal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A reflected Cross-site Scripting (XSS) vulnerability exists in OcPortal 9.0.20 via the OCF_EMOTICON_CELL.tpl FIELD_NAME field to data/emoticons.php.
|
|||||
| CVE-2015-9539 | 1 Fast Secure Contact Form Project | 1 Fast Secure Contact Form | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Fast Secure Contact Form plugin before 4.0.38 for WordPress allows fs_contact_form1[welcome] XSS.
|
|||||
| CVE-2015-9537 | 1 Imagely | 1 Nextgen Gallery | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
The NextGEN Gallery plugin before 2.1.10 for WordPress has multiple XSS issues involving thumbnail_width, thumbnail_height, thumbwidth, thumbheight, wmXpos, and wmYpos, and template.
|
|||||
| CVE-2015-9504 | 1 Weeklynews Theme Project | 1 Weeklynews Theme | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The weeklynews theme before 2.2.9 for WordPress has XSS via the s parameter.
|
|||||
| CVE-2015-9503 | 1 Webmandesign | 1 Modern Theme | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Modern theme before 1.4.2 for WordPress has XSS via the genericons/example.html anchor identifier.
|
|||||
| CVE-2015-9502 | 1 Webmandesign | 1 Auberge Theme | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Auberge theme before 1.4.5 for WordPress has XSS via the genericons/example.html anchor identifier.
|
|||||
| CVE-2015-9501 | 1 Artificial Intelligence Project | 1 Artificial Intelligence | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Artificial Intelligence theme before 1.2.4 for WordPress has XSS because Genericons HTML files are unnecessarily placed under the web root.
|
|||||
| CVE-2015-9500 | 1 Exquisite Ultimate Newspaper Project | 1 Exquisite Ultimate Newspaper | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Exquisite Ultimate Newspaper theme 1.3.3 for WordPress has XSS via the anchor identifier to assets/js/jquery.foundation.plugins.js.
|
|||||
| CVE-2015-9495 | 1 Syndication Links Project | 1 Syndication Links | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The syndication-links plugin before 1.0.3 for WordPress has XSS via the genericons/example.html anchor identifier.
|
|||||
| CVE-2015-9494 | 1 Indieweb Post Kinds Project | 1 Indieweb Post Kinds | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The indieweb-post-kinds plugin before 1.3.1.1 for WordPress has XSS via the genericons/example.html anchor identifier.
|
|||||
| CVE-2015-9493 | 1 Nlb-creationst | 1 My Wish List | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The my-wish-list plugin before 1.4.2 for WordPress has multiple XSS issues.
|
|||||
| CVE-2015-9478 | 1 No-margin-for-error | 1 Prettyphoto | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
prettyPhoto before 3.1.6 has js/jquery.prettyPhoto.js XSS.
|
|||||
| CVE-2015-9472 | 1 Monitorbacklinks | 1 Incoming Links | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The incoming-links plugin before 0.9.10b for WordPress has referrers.php XSS via the Referer HTTP header.
|
|||||
| CVE-2015-9469 | 1 Cybercraftit | 1 Content-grabber | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
The content-grabber plugin 1.0 for WordPress has XSS via obj_field_name or obj_field_id.
|
|||||
| CVE-2015-9468 | 1 K-78 | 1 Broken Link Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The broken-link-manager plugin 0.4.5 for WordPress has XSS via the page parameter in a delURL action.
|
|||||
| CVE-2015-9459 | 1 Seo Searchterms Tagging 2 Project | 1 Seo Searchterms Tagging 2 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The searchterms-tagging-2 plugin through 1.535 for WordPress has XSS via the wp-admin/options-general.php count parameter.
|
|||||
| CVE-2015-9453 | 1 K-78 | 1 Broken Link Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The broken-link-manager plugin before 0.6.0 for WordPress has XSS via the HTTP Referer or User-Agent header to a URL that does not exist.
|
|||||
| CVE-2015-9444 | 1 Altosresearch | 1 Altos-connect | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The altos-connect plugin 1.3.0 for WordPress has XSS via the wp-content/plugins/altos-connect/jquery-validate/demo/demo/captcha/index.php/ PATH_SELF.
|
|||||
| CVE-2015-9439 | 1 Addthis | 1 Addthis | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
The addthis plugin before 5.0.13 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=addthis_social_widget pubid parameter.
|
|||||
| CVE-2015-9438 | 1 Display-widgets Project | 1 Display-widgets | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
The display-widgets plugin before 2.04 for WordPress has XSS via the wp-admin/admin-ajax.php?action=dw_show_widget id_base, widget_number, or instance parameter.
|
|||||
| CVE-2015-9430 | 1 Crazy Bone Project | 1 Crazy Bone | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The crazy-bone plugin before 0.6.0 for WordPress has XSS via the User-Agent HTTP header.
|
|||||
| CVE-2015-9426 | 1 Manual Image Crop Project | 1 Manual Image Crop | 2024-11-21 | 3.5 LOW | 4.6 MEDIUM |
|
The manual-image-crop plugin before 1.11 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=mic_editor_window postId parameter.
|
|||||
| CVE-2015-9423 | 1 Simplysymphony | 1 Plugnedit | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has XSS via wp-admin/admin-ajax.php?action=simple_fields_field_type_post_dialog_load PlugneditBGColor, PlugneditEditorMargin, plugnedit_width, pnemedcount, or plugneditcontent parameters.
|
|||||
| CVE-2015-9420 | 1 Mightymess | 1 Soundcloud Is Gold | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The soundcloud-is-gold plugin before 2.3.2 for WordPress has XSS via the wp-admin/admin-ajax.php?action=get_soundcloud_player id parameter.
|
|||||
| CVE-2015-9419 | 1 Captain-slider Project | 1 Captain-slider | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The captain-slider plugin 1.0.6 for WordPress has XSS via a Title or Caption section.
|
|||||