Total
34649 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-2018 | 1 Mozilla | 3 Seamonkey, Thunderbird, Thunderbird Esr | 2016-10-04 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in a (1) OBJECT or (2) EMBED element, a related issue to CVE-2013-6674. | |||||
| CVE-2016-0927 | 1 Pivotal Software | 1 Cloud Foundry Elastic Runtime | 2016-09-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2012-1038 | 1 Juniper | 1 Networks Mobility System Software | 2016-09-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the WebAAA login functionality (wba_login.html) in Juniper Networks Mobility System Software (MSS) 7.6.x before 7.6.3, 7.7.x before 7.7.1, 7.5.x before 7.5.3, and other unspecified versions before 7.4 and 7.3 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter name. | |||||
| CVE-2016-6913 | 1 Alienvault | 2 Open Source Security Information And Event Management, Unified Security Management | 2016-09-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in AlienVault OSSIM before 5.3 and USM before 5.3 allows remote attackers to inject arbitrary web script or HTML via the back parameter to ossim/conf/reload.php. | |||||
| CVE-2016-5974 | 1 Ibm | 1 Security Privileged Identity Manager Virtual Appliance | 2016-09-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Web UI in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string. | |||||
| CVE-2016-6840 | 1 Huawei | 1 Oceanstor Ism | 2016-09-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the management interface in Huawei OceanStor ISM before V200R001C04SPC200 allows remote attackers to inject arbitrary web script or HTML via the loginName parameter to cgi-bin/doLogin_CgiEntry and possibly other unspecified vectors. | |||||
| CVE-2016-5395 | 1 Apache | 1 Ranger | 2016-09-27 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the create user functionality in the policy admin tool in Apache Ranger before 0.6.1 allows remote authenticated administrators to inject arbitrary web script or HTML via vectors related to policies. | |||||
| CVE-2016-4969 | 1 Fortinet | 1 Fortiwan | 2016-09-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote attackers to inject arbitrary web script or HTML via the IP parameter to script/statistics/getconn.php. | |||||
| CVE-2013-6711 | 1 Cisco | 1 Webex Sales Center | 2016-09-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the product-creation administrative page in Cisco WebEx Sales Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCul25540. | |||||
| CVE-2013-6690 | 1 Cisco | 1 Prime Collaboration | 2016-09-15 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the web interface in the Assurance component in Cisco Prime Collaboration allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs CSCui92643, CSCui94038, and CSCui94161. | |||||
| CVE-2013-6974 | 1 Cisco | 1 Secure Access Control System | 2016-09-09 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud89431. | |||||
| CVE-2014-3265 | 1 Cisco | 1 Security Manager | 2016-09-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Auto Update Server (AUS) web framework in Cisco Security Manager 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuo06900. | |||||
| CVE-2014-4301 | 1 Ajenti | 1 Ajenti | 2016-09-06 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the respond_error function in routing.py in Eugene Pankov Ajenti before 1.2.21.7 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) resources.js or (2) resources.css in ajenti:static/, related to the traceback page. | |||||
| CVE-2014-4303 | 1 Drupac | 1 Touch | 2016-09-06 | 2.1 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Touch theme 7.x-1.x before 7.x-1.9 for Drupal allow remote authenticated users with the Administer themes permission to inject arbitrary web script or HTML via vectors related to the (1) Twitter and (2) Facebook username settings. | |||||
| CVE-2014-4304 | 1 Sqlbuddy | 1 Sql Buddy | 2016-09-06 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in browse.php in SQL Buddy 1.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the table parameter. | |||||
| CVE-2014-3922 | 1 Trendmicro | 1 Interscan Messaging Security Virtual Appliance | 2016-09-06 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Trend Micro InterScan Messaging Security Virtual Appliance 8.5.1.1516 allows remote authenticated users to inject arbitrary web script or HTML via the addWhiteListDomainStr parameter to addWhiteListDomain.imss. | |||||
| CVE-2012-6684 | 2 Debian, Redcloth | 2 Debian Linux, Redcloth Library | 2016-09-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the RedCloth library 4.2.9 for Ruby and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI. | |||||
| CVE-2015-5399 | 1 Phpvibe | 1 Phpvibe | 2016-08-29 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in PHPVibe before 4.21 allows remote authenticated users to inject arbitrary web script or HTML via a comment. | |||||
| CVE-2016-4363 | 1 Hp | 1 Insight Control Server Deployment | 2016-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| HPE Insight Control server deployment allows remote attackers to modify data via unspecified vectors. | |||||
| CVE-2014-3994 | 1 Reviewboard | 2 Djblets, Reviewboard | 2016-08-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in util/templatetags/djblets_js.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django, as used in Review Board, allows remote attackers to inject arbitrary web script or HTML via a JSON object, as demonstrated by the name field when changing a user name. | |||||