Medium
CVE-2016-3056
Cross-site scripting (XSS) vulnerability in Business Space in IBM Business Process Manager 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, and 8.5 before 8.5.7.0 CF2016.09 allows remote authenticated users…
Tag: Cross-site Scripting (XSS)
All CVEs associated with "Cross-site Scripting (XSS)". Page 315/398 • 47660 CVEs.
Subscribe CVEs: RSS for “Cross-site Scripting (XSS)” · RSS (High+Critical only)
About “Cross-site Scripting (XSS)”
A curated feed of “Cross-site Scripting (XSS)”-related CVEs appears below. We currently track 47660 CVEs for this tag (all time). In the last 365 days, 7590 were published. Average CVSS is 5.6 (all time; 5.9 over 365d), and 11% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-352 - Cross-Site Request Forgery (CSRF), CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS).
In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2016-10-14
2016-10-10
Medium
CVE-2016-1000155
Reflected XSS in wordpress plugin wpsolr-search-engine v7.6
Medium
CVE-2016-1000154
Reflected XSS in wordpress plugin whizz v1.0.7
Medium
CVE-2016-1000153
Reflected XSS in wordpress plugin tidio-gallery v1.1
Medium
CVE-2016-1000152
Reflected XSS in wordpress plugin tidio-form v1.0
Medium
CVE-2016-1000151
Reflected XSS in wordpress plugin tera-charts v1.0
Medium
CVE-2016-1000150
Reflected XSS in wordpress plugin simplified-content v1.0.0
Medium
CVE-2016-1000149
Reflected XSS in wordpress plugin simpel-reserveren v3.5.2
Medium
CVE-2016-1000148
Reflected XSS in wordpress plugin s3-video v0.983
Medium
CVE-2016-1000147
Reflected XSS in wordpress plugin recipes-writer v1.0.4
Medium
CVE-2016-1000146
Reflected XSS in wordpress plugin pondol-formmail v1.1
Medium
CVE-2016-1000145
Reflected XSS in wordpress plugin pondol-carousel v1.0
Medium
CVE-2016-1000144
Reflected XSS in wordpress plugin photoxhibit v2.1.8
Medium
CVE-2016-1000143
Reflected XSS in wordpress plugin photoxhibit v2.1.8
Medium
CVE-2016-1000142
Reflected XSS in wordpress plugin parsi-font v4.2.5
Medium
CVE-2016-1000141
Reflected XSS in wordpress plugin page-layout-builder v1.9.3
Medium
CVE-2016-1000140
Reflected XSS in wordpress plugin new-year-firework v1.1.9
Medium
CVE-2016-1000139
Reflected XSS in wordpress plugin infusionsoft v1.5.11
Medium
CVE-2016-1000138
Reflected XSS in wordpress plugin indexisto v1.0.5
Medium
CVE-2016-1000137
Reflected XSS in wordpress plugin hero-maps-pro v2.1.0
Medium
CVE-2016-1000136
Reflected XSS in wordpress plugin heat-trackr v1.0
Medium
CVE-2016-1000135
Reflected XSS in wordpress plugin hdw-tube v1.2
Medium
CVE-2016-1000134
Reflected XSS in wordpress plugin hdw-tube v1.2
Medium
CVE-2016-1000133
Reflected XSS in wordpress plugin forget-about-shortcode-buttons v1.1.1
Medium
CVE-2016-1000132
Reflected XSS in wordpress plugin enhanced-tooltipglossary v3.2.8
Medium
CVE-2016-1000131
Reflected XSS in wordpress plugin e-search v1.0
Medium
CVE-2016-1000130
Reflected XSS in wordpress plugin e-search v1.0
Medium
CVE-2016-1000129
Reflected XSS in wordpress plugin defa-online-image-protector v3.3
Medium
CVE-2016-1000128
Reflected XSS in wordpress plugin anti-plagiarism v3.60
Medium
CVE-2016-1000127
Reflected XSS in wordpress plugin ajax-random-post v2.00
Medium
CVE-2016-1000126
Reflected XSS in wordpress plugin admin-font-editor v1.8
2016-10-07
Medium
CVE-2016-1000007
Pagure 2.2.1 XSS in raw file endpoint
Medium
CVE-2015-7363
Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x be…
2016-10-06
Medium
CVE-2016-1000114
XSS in huge IT gallery v1.1.5 for Joomla
Critical
CVE-2016-1000113
XSS and SQLi in huge IT gallery v1.1.5 for Joomla
Medium
CVE-2015-1000004
XSS in filedownload v1.4 wordpress plugin
Medium
CVE-2016-6436
Cross-site scripting (XSS) vulnerability in HostScan Engine 3.0.08062 through 3.1.14018 in the Cisco Host Scan package, as used in ASA Web VPN, allows remote attackers to inject arbitrary web script…
Medium
CVE-2016-6425
Cross-site scripting (XSS) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers t…
2016-10-05
Medium
CVE-2016-6418
Cross-site scripting (XSS) vulnerability in Cisco Videoscape Distribution Suite Service Manager (VDS-SM) 3.0 through 3.4.0 allows remote attackers to inject arbitrary web script or HTML via a crafted…
Medium
CVE-2016-5901
Cross-site scripting (XSS) vulnerability in a test page in IBM Business Process Manager Advanced 8.5.6.0 through 8.5.7.0 before cumulative fix 2016.09 allows remote authenticated users to inject arbi…
Medium
CVE-2016-5892
Cross-site scripting (XSS) vulnerability in IBM 10x, as used in Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications before 1.0.0.5_2, allows remote authenticated…
2016-10-03
Medium
CVE-2016-7571
Cross-site scripting (XSS) vulnerability in Drupal 8.x before 8.1.10 allows remote attackers to inject arbitrary web script or HTML via vectors involving an HTTP exception.
Medium
CVE-2016-5398
Cross-site scripting (XSS) vulnerability in Business Process Editor in Red Hat JBoss BPM Suite before 6.3.3 allows remote authenticated users to inject arbitrary web script or HTML by levering permis…
2016-10-01
Medium
CVE-2016-3042
Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via v…
2016-09-30
Medium
CVE-2016-6647
Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
2016-09-29
Medium
CVE-2016-5061
Multiple cross-site scripting (XSS) vulnerabilities in the web server in Aternity before 9.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTPAgent, (2) MacAgent, (3) g…
2016-09-27
Medium
CVE-2016-4058
Cross-site scripting (XSS) vulnerability in Huawei Policy Center before V100R003C10SPC020 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to "special char…
2016-09-26
Medium
CVE-2016-6913
Cross-site scripting (XSS) vulnerability in AlienVault OSSIM before 5.3 and USM before 5.3 allows remote attackers to inject arbitrary web script or HTML via the back parameter to ossim/conf/reload.p…
Medium
CVE-2016-6840
Cross-site scripting (XSS) vulnerability in the management interface in Huawei OceanStor ISM before V200R001C04SPC200 allows remote attackers to inject arbitrary web script or HTML via the loginName…
Medium
CVE-2016-5395
Cross-site scripting (XSS) vulnerability in the create user functionality in the policy admin tool in Apache Ranger before 0.6.1 allows remote authenticated administrators to inject arbitrary web scr…
Medium
CVE-2016-5978
Cross-site scripting (XSS) vulnerability in the Web UI in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9…
Medium
CVE-2016-5975
Cross-site scripting (XSS) vulnerability in the Web UI in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9…
Medium
CVE-2016-5974
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to inject arbitrary…
Medium
CVE-2016-5944
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to inject arbitrary…
Medium
CVE-2016-3006
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or H…
Medium
CVE-2016-3003
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or H…
Medium
CVE-2016-3001
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or H…
2016-09-25
Medium
CVE-2016-4618
Cross-site scripting (XSS) vulnerability in Safari Reader in Apple iOS before 10 and Safari before 10 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Unive…
2016-09-21
Medium
CVE-2016-4969
Cross-site scripting (XSS) vulnerability in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote attackers to inject arbitrary web script or HTML via the IP parameter to script/statisti…
Medium
CVE-2016-0925
Cross-site scripting (XSS) vulnerability in the Case Management application in EMC RSA Adaptive Authentication (On-Premise) before 6.0.2.1.SP3.P4 HF210, 7.0.x and 7.1.x before 7.1.0.0.SP0.P6 HF50, an…
2016-09-18
Medium
CVE-2016-6404
Cross-site scripting (XSS) vulnerability in the web framework in Cisco IOx Local Manager in IOS 15.5(2)T and IOS XE allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a…
Medium
CVE-2016-6643
Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
High
CVE-2016-6641
Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Medium
CVE-2016-0927
Cross-site scripting (XSS) vulnerability in Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Medium
CVE-2016-0926
Cross-site scripting (XSS) vulnerability in Apps Manager in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.32 and 1.7.x before 1.7.8 allows remote attackers to inject arbitrary web script or…
2016-09-17
Medium
CVE-2016-7419
Cross-site scripting (XSS) vulnerability in share.js in the gallery application in ownCloud Server before 9.0.4 and Nextcloud Server before 9.0.52 allows remote authenticated users to inject arbitrar…
2016-09-14
Medium
CVE-2016-3379
Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2016 Cumulative Update 1 and 2 allows remote attackers to inject arbitrary web script or HTML via a meeting-invitation request, a…
2016-09-12
Medium
CVE-2016-6395
Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1 allows remote authenticated use…
Medium
CVE-2016-0331
Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert 6.0.1 and 6.0.2 before 6.0.2 iFix2 and Rational Collaborative Lifecycle Management 6.0.1 and 6.0.2 before 6.0.2 iFix2 allows remo…
2016-09-11
Medium
CVE-2016-5165
Cross-site scripting (XSS) vulnerability in the Developer Tools (aka DevTools) subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allows remote attack…
Medium
CVE-2016-5164
Cross-site scripting (XSS) vulnerability in WebKit/Source/platform/v8_inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Li…
Medium
CVE-2016-5148
Cross-site scripting (XSS) vulnerability in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web s…
Medium
CVE-2016-5147
Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles deferred page loads, which allows remote attackers to inject arbitrary web script…
2016-09-08
Medium
CVE-2016-4380
Cross-site scripting (XSS) vulnerability in the AdminUI in HPE Operations Manager 9.21.x before 9.21.130 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vecto…
2016-09-07
Medium
CVE-2016-6316
Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or…
Medium
CVE-2016-7033
Multiple cross-site scripting (XSS) vulnerabilities in the admin pages in dashbuilder in Red Hat JBoss BPM Suite 6.3.2 allow remote attackers to inject arbitrary web script or HTML via unspecified ve…
2016-09-03
Medium
CVE-2015-5720
Multiple cross-site scripting (XSS) vulnerabilities in the template-creation feature in Malware Information Sharing Platform (MISP) before 2.3.90 allow remote attackers to inject arbitrary web script…
2016-09-02
Medium
CVE-2016-4851
Cross-site scripting (XSS) vulnerability in Let's PHP! simple chat before 2016-08-15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Medium
CVE-2016-4848
Cross-site scripting (XSS) vulnerability in ClipBucket before 2.8.1 RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Medium
CVE-2016-1471
Cross-site scripting (XSS) vulnerability in the web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 allows remote attackers to inject arbitrary web script…
2016-09-01
Medium
CVE-2016-3010
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary we…
Medium
CVE-2016-3008
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified ve…
Medium
CVE-2016-3005
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary we…
Medium
CVE-2016-2997
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary we…
Medium
CVE-2016-2995
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary we…
Medium
CVE-2016-2956
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified ve…
Medium
CVE-2016-2954
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 5.0 before CR4 and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified ve…
Low
CVE-2016-0370
Cross-site scripting (XSS) vulnerability in IBM Forms Experience Builder 8.5.x and 8.6.x before 8.6.3 allows remote authenticated users to inject arbitrary web script or HTML via crafted input to an…
Medium
CVE-2016-0293
Cross-site scripting (XSS) vulnerability in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.1.8 and 9.2.x before 9.2.8 allows remote attackers to inject arbitrary web script or HT…
2016-08-31
Medium
CVE-2016-7119
Cross-site scripting (XSS) vulnerability in the user-profile biography section in DotNetNuke (DNN) before 8.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted…
2016-08-29
Medium
CVE-2016-5721
Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
2016-08-26
Medium
CVE-2015-5399
Cross-site scripting (XSS) vulnerability in PHPVibe before 4.21 allows remote authenticated users to inject arbitrary web script or HTML via a comment.
Medium
CVE-2016-5663
Multiple cross-site scripting (XSS) vulnerabilities in oauth_callback.php on Accellion Kiteworks appliances before kw2016.03.00 allow remote attackers to inject arbitrary web script or HTML via the (…
2016-08-23
Medium
CVE-2016-6365
Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.0.2, 5.3.1, and 5.4.0 allows remote attackers to inject arbitrary web script or HTML via unspec…
2016-08-22
Medium
CVE-2016-6359
Cross-site scripting (XSS) vulnerability in Cisco Transport Gateway Installation Software 4.1(4.0) on Smart Call Home Transport Gateway devices allows remote attackers to inject arbitrary web script…
Medium
CVE-2016-1485
Cross-site scripting (XSS) vulnerability in Cisco Identity Services Engine 1.3(0.876) allows remote attackers to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCva46497.
Medium
CVE-2016-1476
Cross-site scripting (XSS) vulnerability on Cisco IP Phone 8800 devices with software 11.0 allows remote authenticated users to inject arbitrary web script or HTML via crafted parameters, aka Bug ID…
2016-08-19
Medium
CVE-2016-6320
Cross-site scripting (XSS) vulnerability in app/assets/javascripts/host_edit_interfaces.js in Foreman before 1.12.2 allows remote authenticated users to inject arbitrary web script or HTML via the ne…
Medium
CVE-2016-6319
Cross-site scripting (XSS) vulnerability in app/helpers/form_helper.rb in Foreman before 1.12.2, as used by Remote Execution and possibly other plugins, allows remote attackers to inject arbitrary we…
Medium
CVE-2016-3195
Cross-site scripting (XSS) vulnerability in the Web-UI in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows remote attac…
Medium
CVE-2016-3194
Cross-site scripting (XSS) vulnerability in the address added page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.6 allows…
Medium
CVE-2016-3193
Cross-site scripting (XSS) vulnerability in the appliance web-application in Fortinet FortiManager 5.x before 5.0.12, 5.2.x before 5.2.6, and 5.4.x before 5.4.1 and FortiAnalyzer 5.x before 5.0.13, 5…
Medium
CVE-2016-3089
Cross-site scripting (XSS) vulnerability in the SWF panel in Apache OpenMeetings before 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the swf parameter.
2016-08-09
Medium
CVE-2016-4170
Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Medium
CVE-2016-4168
Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 5.6.1, 6.0, and 6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
2016-08-08
Medium
CVE-2016-3054
Cross-site scripting (XSS) vulnerability in IBM FileNet Workplace 4.0.2 allows remote authenticated users to inject arbitrary web script or HTML by uploading a file.
Medium
CVE-2016-2925
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF30, 8.0.0.x through 8.0.0.1 CF21, and 8.5.0 before C…
Medium
CVE-2016-2912
Cross-site scripting (XSS) vulnerability in the Document Builder in IBM Rational Publishing Engine (aka RPENG) 2.0.1 before ifix002 allows remote authenticated users to inject arbitrary web script or…
Medium
CVE-2016-0280
Cross-site scripting (XSS) vulnerability in IBM Information Server Framework 8.5, Information Server Framework and InfoSphere Information Server Business Glossary 8.7 before FP2, Information Server F…
2016-08-07
Medium
CVE-2016-6634
Cross-site scripting (XSS) vulnerability in the network settings page in WordPress before 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Medium
CVE-2015-8935
The sapi_header_op function in main/SAPI.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 supports deprecated line folding without considering browser compatibility, which allows r…
2016-08-05
Medium
CVE-2016-6186
Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, an…
Medium
CVE-2016-0782
The administration web console in Apache ActiveMQ 5.x before 5.11.4, 5.12.x before 5.12.3, and 5.13.x before 5.13.2 allows remote authenticated users to conduct cross-site scripting (XSS) attacks and…
Medium
CVE-2016-3196
Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 allows remote authenticated users…
Medium
CVE-2016-3097
Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via a group name, related to viewing snapshot data.
Medium
CVE-2016-3080
Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via the (1) RHNMD User or (2) Filesystem parameters,…
Medium
CVE-2016-5265
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow user-assisted remote attackers to bypass the Same Origin Policy, and conduct Universal XSS (UXSS) attacks or read arbitrary files, b…
Medium
CVE-2016-5262
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 process JavaScript event-handler attributes of a MARQUEE element within a sandboxed IFRAME element that lacks the sandbox="allow-scripts"…
2016-08-03
Medium
CVE-2016-4833
Cross-site scripting (XSS) vulnerability in the Nofollow Links plugin before 1.0.11 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
2016-08-01
Medium
CVE-2016-1609
Multiple cross-site scripting (XSS) vulnerabilities in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allow remote authenticated users to inject arbitrary web script or HTM…