Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-6337 | 1 Cisco | 1 Application Policy Infrastructure Controller Enterprise Module | 2016-12-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0.10 allows remote attackers to inject arbitrary web script or HTML via a crafted hostname in an SNMP response, aka Bug ID CSCuw47238. | |||||
| CVE-2015-6354 | 1 Cisco | 1 Firesight System Software | 2016-12-07 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSight Management Center (MC) 5.4.1.3 and 6.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuv73338. | |||||
| CVE-2015-6363 | 1 Cisco | 1 Firesight System Software | 2016-12-07 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco FireSIGHT Management Center (MC) 5.4.1.4 and 6.0.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuw88396. | |||||
| CVE-2015-6353 | 1 Cisco | 1 Firesight System Software | 2016-12-07 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSight Management Center (MC) 5.3.1.5 and 5.4.x through 5.4.1.3 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuu28922. | |||||
| CVE-2015-6356 | 1 Cisco | 1 Socialminer | 2016-12-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the WeChat page in Cisco Social Miner 10.0(1) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuw60212. | |||||
| CVE-2015-6346 | 1 Cisco | 1 Secure Access Control Server | 2016-12-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2015-6349 | 1 Cisco | 1 Secure Access Control Server | 2016-12-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2015-6017 | 1 Zyxel | 1 P-660hw-t1 V2 Firmware | 2016-12-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Forms/rpAuth_1 on ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0) allow remote attackers to inject arbitrary web script or HTML via the (1) LoginPassword or (2) hiddenPassword parameter. | |||||
| CVE-2015-5667 | 1 Html-scrubber Project | 1 Html-scrubber | 2016-12-07 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the HTML-Scrubber module before 0.15 for Perl, when the comment feature is enabled, allows remote attackers to inject arbitrary web script or HTML via a crafted comment. | |||||
| CVE-2015-5365 | 1 Zurmo | 1 Zurmo Crm | 2016-12-07 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Zurmo CRM 3.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "What's going on?" profile field. | |||||
| CVE-2015-5447 | 1 Hp | 1 Storeonce Backup System Software | 2016-12-07 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in HP StoreOnce Backup system software before 3.13.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-5061 | 1 Zohocorp | 1 Manageengine Assetexplorer | 2016-12-07 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 and earlier allows remote authenticated users with permissions to add new vendors to inject arbitrary web script or HTML via the organizationName parameter to VendorDef.do. | |||||
| CVE-2015-4959 | 1 Ibm | 1 Tivoli Federated Identity Manager | 2016-12-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before FP16 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2015-4725 | 1 Audiosharescript | 1 Audioshare | 2016-12-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in forgot.php in AudioShare 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the email parameter. | |||||
| CVE-2015-4518 | 1 Mozilla | 1 Firefox | 2016-12-07 | 4.3 MEDIUM | N/A |
| The Reader View implementation in Mozilla Firefox before 42.0 has an improper whitelist, which makes it easier for remote attackers to bypass the Content Security Policy (CSP) protection mechanism and conduct cross-site scripting (XSS) attacks via vectors involving SVG animations and the about:reader URL. | |||||
| CVE-2015-4608 | 1 Be User Log Project | 1 Be User Log | 2016-12-07 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the BE User Log (beko_beuserlog) extension 1.1.1 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-4671 | 1 Opencart | 1 Opencart | 2016-12-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in OpenCart before 2.1.0.2 allows remote attackers to inject arbitrary web script or HTML via the zone_id parameter to index.php. | |||||
| CVE-2015-4714 | 1 Dream-multimedia-tv | 2 Dreambox Dm500-s, Dreambox Dm500-s Firmware | 2016-12-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the DreamBox DM500-S allows remote attackers to inject arbitrary web script or HTML via the mode parameter to /body. | |||||
| CVE-2015-4679 | 1 Airties | 2 Rt-210, Rt-210 Firmware | 2016-12-07 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the web interface in Airties RT-210 allow remote attackers to inject arbitrary web script or HTML via the (1) ddns_domainame or (2) ddns_account parameter to ddns.stm. | |||||
| CVE-2015-4587 | 1 Alcatel-lucent | 2 Cellpipe 7130 Router, Cellpipe 7130 Router Firmware | 2016-12-07 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Alcatel-Lucent CellPipe 7130 router with firmware 1.0.0.20h.HOL allows remote attackers to inject arbitrary web script or HTML via the "Custom application" field in the "port triggering" menu. | |||||