Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-79
Total 34649 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-5834 1 Wordpress 1 Wordpress 2016-11-30 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the wp_get_attachment_link function in wp-includes/post-template.php in WordPress before 4.5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment name, a different vulnerability than CVE-2016-5833.
CVE-2016-5833 1 Wordpress 1 Wordpress 2016-11-30 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the column_title function in wp-admin/includes/class-wp-media-list-table.php in WordPress before 4.5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment name, a different vulnerability than CVE-2016-5834.
CVE-2016-1396 1 Cisco 6 Rv110w Wireless-n Vpn Firewall, Rv110w Wireless-n Vpn Firewall Firmware, Rv130w Wireless-n Multifunction Vpn Router and 3 more 2016-11-30 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the web-based management interface on Cisco RV110W devices with firmware before 1.2.1.7, RV130W devices with firmware before 1.0.3.16, and RV215W devices with firmware before 1.3.0.8 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCux82583.
CVE-2016-1439 1 Cisco 1 Unified Contact Center Enterprise 2016-11-30 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Contact Center Enterprise through 10.5(2) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux59650.
CVE-2016-1226 1 Trendmicro 1 Internet Security 2016-11-30 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in Trend Micro Internet Security 8 and 10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-0285 1 Ibm 1 Rational Team Concert 2016-11-30 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted field.
CVE-2016-0273 1 Ibm 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more 2016-11-30 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
CVE-2015-1919 1 Ibm 1 Security Qradar Incident Forensics 2016-11-30 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in IBM Security QRadar Incident Forensics before 7.2.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVE-2015-1911 1 Ibm 3 Sterling Field Sales, Sterling Order Management, Sterling Selling And Fulfillment Foundation 2016-11-30 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Sterling Order Management 8.5 before HF113, Sterling Selling and Fulfillment Foundation 9.0.0 before FP92, and Sterling Field Sales (SFS) 9.0 before HF7 in IBM Sterling Selling and Fulfillment Suite allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVE-2015-1968 1 Ibm 1 Infosphere Master Data Management 2016-11-30 3.5 LOW N/A
Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
CVE-2015-2034 1 Piwigo 1 Piwigo 2016-11-30 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the administrative backend in Piwigo before 2.7.4 allows remote attackers to inject arbitrary web script or HTML via the page parameter to admin.php.
CVE-2015-1979 1 Ibm 1 Case Manager 2016-11-30 3.5 LOW N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Error dialog in IBM Case Manager 5.2.1 before 5.2.1.2 allow remote authenticated users to inject arbitrary web script or HTML via crafted input to the (1) addressability or (2) comments component.
CVE-2015-2069 1 Woothemes 1 Woocommerce 2016-11-30 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.2.11 for WordPress allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING in the wc-reports page to wp-admin/admin.php.
CVE-2015-1908 1 Ibm 1 Websphere Portal 2016-11-30 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF16, and 8.5.0 through CF05, as used in Web Content Manager and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVE-2016-9188 1 Moodle 1 Moodle 2016-11-29 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerabilities in Moodle CMS on or before 3.1.2 allow remote attackers to inject arbitrary web script or HTML via the s_additionalhtmlhead, s_additionalhtmltopofbody, and s_additionalhtmlfooter parameters.
CVE-2016-0316 1 Ibm 1 Jazz Reporting Service 2016-11-28 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and 6.0.1 before 6.0.1 iFix006 and 6.0.2 before iFix003 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
CVE-2016-8583 1 Alienvault 2 Open Source Security Information And Event Management, Unified Security Management 2016-11-28 4.3 MEDIUM 6.1 MEDIUM
Multiple GET parameters in the vulnerability scan scheduler of AlienVault OSSIM and USM before 5.3.2 are vulnerable to reflected XSS.
CVE-2016-7119 1 Dotnetnuke 1 Dotnetnuke 2016-11-28 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in the user-profile biography section in DotNetNuke (DNN) before 8.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted onclick attribute in an IMG element.
CVE-2016-6641 1 Emc 1 Vipr Srm 2016-11-28 3.5 LOW 7.6 HIGH
Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-6643 1 Emc 1 Vipr Srm 2016-11-28 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.