Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-3372 | 1 Node Invite Project | 1 Node Invite | 2016-12-06 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Node Invite module before 6.x-2.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title. | |||||
| CVE-2015-3369 | 1 Taxonews Project | 1 Taxonews | 2016-12-06 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Taxonews module before 6.x-1.2 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via a term name in a block. | |||||
| CVE-2015-3385 | 1 Taxonomy Path Project | 1 Taxonomy Path | 2016-12-06 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Taxonomy Path module before 7.x-1.2 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the "Link to path" field formatter. | |||||
| CVE-2015-3397 | 1 Yiiframework | 1 Yiiframework | 2016-12-06 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to JSON, arrays, and Internet Explorer 6 or 7. | |||||
| CVE-2015-3381 | 1 Insite | 1 Node Basket | 2016-12-06 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Node basket module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-3126 | 1 Blackberry | 1 Enterprise Server | 2016-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2016-3144 | 2 Fedoraproject, Fourkitchens | 2 Fedora, Block Class | 2016-12-03 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Block Class module 7.x-2.x before 7.x-2.2 for Drupal allows remote authenticated users with the "Administer block classes" permission to inject arbitrary web script or HTML via a class name. | |||||
| CVE-2016-2559 | 1 Phpmyadmin | 1 Phpmyadmin | 2016-12-03 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the format function in libraries/sql-parser/src/Utils/Error.php in the SQL parser in phpMyAdmin 4.5.x before 4.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query. | |||||
| CVE-2016-2560 | 1 Phpmyadmin | 1 Phpmyadmin | 2016-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.15, 4.4.x before 4.4.15.5, and 4.5.x before 4.5.5.1 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted Host HTTP header, related to libraries/Config.class.php; (2) crafted JSON data, related to file_echo.php; (3) a crafted SQL query, related to js/functions.js; (4) the initial parameter to libraries/server_privileges.lib.php in the user accounts page; or (5) the it parameter to libraries/controllers/TableSearchController.class.php in the zoom search page. | |||||
| CVE-2016-2511 | 2 Debian, Websvn | 2 Debian Linux, Websvn | 2016-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in WebSVN 2.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the path parameter to log.php. | |||||
| CVE-2016-2561 | 1 Phpmyadmin | 1 Phpmyadmin | 2016-12-03 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.5 and 4.5.x before 4.5.5.1 allow remote authenticated users to inject arbitrary web script or HTML via (1) normalization.php or (2) js/normalization.js in the database normalization page, (3) templates/database/structure/sortable_header.phtml in the database structure page, or (4) the pos parameter to db_central_columns.php in the central columns page. | |||||
| CVE-2016-2789 | 1 Citrix | 1 Xenmobile Server | 2016-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Web User Interface in Citrix XenMobile Server 10.0, 10.1 before Rolling Patch 4, and 10.3 before Rolling Patch 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-1918 | 1 Blackberry | 1 Enterprise Server | 2016-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-1917. | |||||
| CVE-2016-1916 | 1 Blackberry | 1 Enterprise Server | 2016-12-03 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote authenticated users to inject arbitrary web script or HTML by leveraging basic administrative access to create a crafted policy, leading to improper rendering on a certain Export IT screen. | |||||
| CVE-2016-1917 | 1 Blackberry | 1 Enterprise Server | 2016-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-1918. | |||||
| CVE-2016-1036 | 1 Adobe | 1 Analytics Appmeasurement For Flash Library | 2016-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Adobe Analytics AppMeasurement for Flash Library before 4.0.1, when debugTracking is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2016-1314 | 1 Sun | 1 Opensolaris | 2016-12-03 | 3.5 LOW | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Cisco Unified Communications Domain Manager (CDM) 8.1(1) allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux80760. | |||||
| CVE-2016-1377 | 1 Cisco | 1 Unity Connection | 2016-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Cisco Unity Connection through 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCus21776. | |||||
| CVE-2016-1355 | 1 Cisco | 1 Firesight System Software | 2016-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Device Management UI in the management interface in Cisco FireSIGHT System Software 6.1.0 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy41687. | |||||
| CVE-2016-0283 | 1 Ibm | 1 Websphere Application Server | 2016-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the OpenID Connect (OIDC) client web application in IBM WebSphere Application Server (WAS) Liberty Profile 8.5.5 before 8.5.5.9 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||