Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-1000140 | 1 New-year-firework Project | 1 New-year-firework | 2016-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in wordpress plugin new-year-firework v1.1.9 | |||||
| CVE-2016-1000141 | 1 Page-layout-builder Project | 1 Page-layout-builder | 2016-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in wordpress plugin page-layout-builder v1.9.3 | |||||
| CVE-2016-1000146 | 1 Pondol-formmail Project | 1 Pondol-formmail | 2016-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in wordpress plugin pondol-formmail v1.1 | |||||
| CVE-2016-1000154 | 1 Browserweb | 1 Whizz | 2016-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in wordpress plugin whizz v1.0.7 | |||||
| CVE-2016-1000143 | 1 Photoxhibit Project | 1 Photoxhibit | 2016-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in wordpress plugin photoxhibit v2.1.8 | |||||
| CVE-2016-1000127 | 1 Ajax-random-post Project | 1 Ajax-random-post | 2016-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in wordpress plugin ajax-random-post v2.00 | |||||
| CVE-2016-1000138 | 1 Indexisto Project | 1 Indexisto | 2016-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in wordpress plugin indexisto v1.0.5 | |||||
| CVE-2016-1000129 | 1 Defa-online-image-protector Project | 1 Defa-online-image-protector | 2016-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in wordpress plugin defa-online-image-protector v3.3 | |||||
| CVE-2016-1000121 | 1 Huge-it | 1 Slider | 2016-11-28 | 3.5 LOW | 4.8 MEDIUM |
| XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension | |||||
| CVE-2016-1000126 | 1 Admin-font-editor Project | 1 Admin-font-editor | 2016-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected XSS in wordpress plugin admin-font-editor v1.8 | |||||
| CVE-2016-0370 | 1 Ibm | 1 Forms Experience Builder | 2016-11-28 | 3.5 LOW | 2.7 LOW |
| Cross-site scripting (XSS) vulnerability in IBM Forms Experience Builder 8.5.x and 8.6.x before 8.6.3 allows remote authenticated users to inject arbitrary web script or HTML via crafted input to an application that was built with this product. | |||||
| CVE-2016-0387 | 1 Ibm | 1 Tririga Application Platform | 2016-11-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-2883. | |||||
| CVE-2016-0246 | 1 Ibm | 1 Security Guardium | 2016-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM Security Guardium 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2016-0269 | 1 Ibm | 1 Bigfix Platform | 2016-11-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM BigFix Platform 9.x before 9.1.8 and 9.2.x before 9.2.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2016-0293 | 1 Ibm | 1 Bigfix Platform | 2016-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.1.8 and 9.2.x before 9.2.8 allows remote attackers to inject arbitrary web script or HTML via a modified .beswrpt file. | |||||
| CVE-2015-8834 | 1 Wordpress | 1 Wordpress | 2016-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3440. | |||||
| CVE-2015-7676 | 1 Ipswitch | 1 Moveit Dmz | 2016-11-28 | 3.5 LOW | 5.4 MEDIUM |
| Ipswitch MOVEit File Transfer (formerly DMZ) 8.1 and earlier, when configured to support file view on download, allows remote authenticated users to conduct cross-site scripting (XSS) attacks by uploading HTML files. | |||||
| CVE-2015-6400 | 1 Cisco | 1 Emergency Responder | 2016-11-28 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Cisco Emergency Responder 10.5(1a) allow remote attackers to inject arbitrary web script or HTML via unspecified fields, aka Bug ID CSCuv25547. | |||||
| CVE-2015-5720 | 1 Misp-project | 1 Malware Information Sharing Platform | 2016-11-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the template-creation feature in Malware Information Sharing Platform (MISP) before 2.3.90 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) add.ctp, (2) edit.ctp, and (3) ajaxification.js. | |||||
| CVE-2015-5507 | 1 Inline Entity Form Project | 1 Inline Entity Form | 2016-11-28 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Inline Entity Form module 7.x-1.x before 7.x-1.6 for Drupal allows remote authenticated users with permission to create or edit fields to inject arbitrary web script or HTML via unspecified vectors. | |||||