Export limit exceeded: 43918 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (43918 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-7394 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-11-21 | N/A |
| tiki wiki cms groupware <=15.2 has a xss vulnerability, allow attackers steal user's cookie. | ||||
| CVE-2016-6810 | 1 Apache | 1 Activemq | 2024-11-21 | N/A |
| In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scripting vulnerability was identified to be present in the web based administration console. The root cause of this issue is improper user data output validation. | ||||
| CVE-2016-6588 | 1 Symantec | 1 It Management Suite | 2024-11-21 | 5.4 Medium |
| A Cross-Site Scripting (XSS) vulnerability exists in the ITMS workflow process manager console in Symantec IT Management Suite 8.0. | ||||
| CVE-2016-6556 | 1 Opennms | 1 Opennms | 2024-11-21 | 7.1 High |
| OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP agent supplied data. By creating a malicious SNMP 'sysName' or 'sysContact' response, an attacker can store an XSS payload which will trigger when a user of the web UI views the data. This issue was fixed in version 18.0.2, released on September 20, 2016. | ||||
| CVE-2016-6555 | 1 Opennms | 1 Opennms | 2024-11-21 | 7.1 High |
| OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the events list page. This issue was fixed in version 18.0.2, released on September 20, 2016. | ||||
| CVE-2016-6543 | 1 Ieasytec | 1 Itrack Easy | 2024-11-21 | N/A |
| A captured MAC/device ID of an iTrack Easy can be registered under multiple user accounts allowing access to getgps GPS data, which can allow unauthenticated parties to track the device. | ||||
| CVE-2016-6343 | 1 Redhat | 3 Jboss Bpm Suite, Jboss Bpms, Jboss Data Virtualization | 2024-11-21 | N/A |
| JBoss BPM Suite 6 is vulnerable to a reflected XSS via dashbuilder. Remote attackers can entice authenticated users that have privileges to access dashbuilder (usually admins) to click on links to /dashbuilder/Controller containing malicious scripts. Successful exploitation would allow execution of script code within the context of the affected user. | ||||
| CVE-2016-6217 | 2 Linux, Sophos | 2 Linux Kernel, Puremessage | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Sophos PureMessage for UNIX before 6.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2016-6154 | 2 Microsoft, Watchguard | 2 Windows, Fireware | 2024-11-21 | N/A |
| The authentication applet in Watchguard Fireware 11.11 Operating System has reflected XSS (this can also cause an open redirect). | ||||
| CVE-2016-5819 | 1 Moxa | 10 Oncell G3100v2, Oncell G3100v2 Firmware, Oncell G3111 and 7 more | 2024-11-21 | N/A |
| Moxa G3100V2 Series, editions prior to Version 2.8, and OnCell G3111/G3151/G3211/G3251 Series, editions prior to Version 1.7 allows a reflected cross-site scripting attack which may allow an attacker to execute arbitrary script code in the user’s browser within the trust relationship between their browser and the server. | ||||
| CVE-2016-5236 | 1 F5 | 1 Websafe Alert Server | 2024-11-21 | N/A |
| Cross-Site-Scripting (XSS) vulnerabilities in F5 WebSafe Dashboard 3.9.5 and earlier, aka F5 WebSafe Alert Server, allow privileged authenticated users to inject arbitrary web script or HTML when creating a new user, account or signature. | ||||
| CVE-2016-5235 | 1 F5 | 1 Websafe Alert Server | 2024-11-21 | N/A |
| A Cross Site Scripting (XSS) vulnerability in versions of F5 WebSafe Dashboard 3.9.x and earlier, aka F5 WebSafe Alert Server, allows an unauthenticated user to inject HTML via a crafted alert. | ||||
| CVE-2016-4406 | 1 Hp | 3 Integrated Lights-out, Integrated Lights-out 3 Firmware, Integrated Lights-out 4 Firmware | 2024-11-21 | N/A |
| A remote cross site scripting vulnerability was identified in HPE iLO 3 all version prior to v1.88 and HPE iLO 4 all versions prior to v2.44. | ||||
| CVE-2016-4400 | 1 Hp | 1 Network Node Manager I | 2024-11-21 | N/A |
| A security vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10. The vulnerability could result in cross-site scripting (XSS). | ||||
| CVE-2016-4399 | 1 Hp | 1 Network Node Manager I | 2024-11-21 | N/A |
| A security vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10. The vulnerability could result in cross-site scripting (XSS). | ||||
| CVE-2016-4392 | 1 Hp | 1 Business Service Management | 2024-11-21 | N/A |
| A remote cross site scripting vulnerability has been identified in HP Business Service Management software v9.1x, v9.20 - v9.25IP1. | ||||
| CVE-2016-3953 | 1 Web2py | 1 Web2py | 2024-11-21 | N/A |
| The sample web application in web2py before 2.14.2 might allow remote attackers to execute arbitrary code via vectors involving use of a hardcoded encryption key when calling the session.connect function. | ||||
| CVE-2016-2360 | 1 Milesight | 2 Ip Security Camera, Ip Security Camera Firmware | 2024-11-21 | 9.8 Critical |
| Milesight IP security cameras through 2016-11-14 have a default root password in /etc/shadow that is the same across different customers' installations. | ||||
| CVE-2016-2358 | 1 Milesight | 2 Ip Security Camera, Ip Security Camera Firmware | 2024-11-21 | 9.8 Critical |
| Milesight IP security cameras through 2016-11-14 have a default set of 10 privileged accounts with hardcoded credentials. They are accessible if the customer has not configured 10 actual user accounts. | ||||
| CVE-2016-2357 | 1 Milesight | 2 Ip Security Camera, Ip Security Camera Firmware | 2024-11-21 | 9.8 Critical |
| Milesight IP security cameras through 2016-11-14 have a hardcoded SSL private key under the /etc/config directory. | ||||