Total
39861 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-8608 | 1 Redhat | 4 Jboss Bpm Suite, Jboss Bpms, Jboss Business Rules Management System and 1 more | 2024-11-21 | N/A |
| JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via business process editor. The flaw is due to an incomplete fix for CVE-2016-5398. Remote, authenticated attackers that have privileges to create business processes can store scripts in them, which are not properly sanitized before showing to other users, including admins. | ||||
| CVE-2016-8532 | 1 Hp | 1 Matrix Operating Environment | 2024-11-21 | N/A |
| A cross site scripting vulnerability in HPE Matrix Operating Environment version 7.6 was found. | ||||
| CVE-2016-8527 | 1 Hp | 1 Airwave | 2024-11-21 | N/A |
| Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to a reflected cross-site scripting (XSS). The vulnerability is present in the VisualRF component of AirWave. By exploiting this vulnerability, an attacker who can trick a logged-in AirWave administrative user into clicking a link could obtain sensitive information, such as session cookies or passwords. The vulnerability requires that an administrative users click on the malicious link while currently logged into AirWave in the same browser. | ||||
| CVE-2016-8522 | 1 Hp | 1 Diagnostics | 2024-11-21 | N/A |
| A cross-site scripting vulnerability in HPE Diagnostics version 9.24 IP1, 9.26 , 9.26IP1 was found. | ||||
| CVE-2016-8517 | 1 Hp | 1 Systems Insight Manager | 2024-11-21 | N/A |
| A cross site scripting vulnerability in HPE Systems Insight Manager in all versions prior to 7.6 was found. | ||||
| CVE-2016-7394 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-11-21 | N/A |
| tiki wiki cms groupware <=15.2 has a xss vulnerability, allow attackers steal user's cookie. | ||||
| CVE-2016-6810 | 1 Apache | 1 Activemq | 2024-11-21 | N/A |
| In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scripting vulnerability was identified to be present in the web based administration console. The root cause of this issue is improper user data output validation. | ||||
| CVE-2016-6588 | 1 Symantec | 1 It Management Suite | 2024-11-21 | 5.4 Medium |
| A Cross-Site Scripting (XSS) vulnerability exists in the ITMS workflow process manager console in Symantec IT Management Suite 8.0. | ||||
| CVE-2016-6556 | 1 Opennms | 1 Opennms | 2024-11-21 | 7.1 High |
| OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP agent supplied data. By creating a malicious SNMP 'sysName' or 'sysContact' response, an attacker can store an XSS payload which will trigger when a user of the web UI views the data. This issue was fixed in version 18.0.2, released on September 20, 2016. | ||||
| CVE-2016-6555 | 1 Opennms | 1 Opennms | 2024-11-21 | 7.1 High |
| OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the events list page. This issue was fixed in version 18.0.2, released on September 20, 2016. | ||||
| CVE-2016-6343 | 1 Redhat | 3 Jboss Bpm Suite, Jboss Bpms, Jboss Data Virtualization | 2024-11-21 | N/A |
| JBoss BPM Suite 6 is vulnerable to a reflected XSS via dashbuilder. Remote attackers can entice authenticated users that have privileges to access dashbuilder (usually admins) to click on links to /dashbuilder/Controller containing malicious scripts. Successful exploitation would allow execution of script code within the context of the affected user. | ||||
| CVE-2016-6217 | 2 Linux, Sophos | 2 Linux Kernel, Puremessage | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in Sophos PureMessage for UNIX before 6.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2016-6154 | 2 Microsoft, Watchguard | 2 Windows, Fireware | 2024-11-21 | N/A |
| The authentication applet in Watchguard Fireware 11.11 Operating System has reflected XSS (this can also cause an open redirect). | ||||
| CVE-2016-5819 | 1 Moxa | 10 Oncell G3100v2, Oncell G3100v2 Firmware, Oncell G3111 and 7 more | 2024-11-21 | N/A |
| Moxa G3100V2 Series, editions prior to Version 2.8, and OnCell G3111/G3151/G3211/G3251 Series, editions prior to Version 1.7 allows a reflected cross-site scripting attack which may allow an attacker to execute arbitrary script code in the user’s browser within the trust relationship between their browser and the server. | ||||
| CVE-2016-5236 | 1 F5 | 1 Websafe Alert Server | 2024-11-21 | N/A |
| Cross-Site-Scripting (XSS) vulnerabilities in F5 WebSafe Dashboard 3.9.5 and earlier, aka F5 WebSafe Alert Server, allow privileged authenticated users to inject arbitrary web script or HTML when creating a new user, account or signature. | ||||
| CVE-2016-5235 | 1 F5 | 1 Websafe Alert Server | 2024-11-21 | N/A |
| A Cross Site Scripting (XSS) vulnerability in versions of F5 WebSafe Dashboard 3.9.x and earlier, aka F5 WebSafe Alert Server, allows an unauthenticated user to inject HTML via a crafted alert. | ||||
| CVE-2016-4406 | 1 Hp | 3 Integrated Lights-out, Integrated Lights-out 3 Firmware, Integrated Lights-out 4 Firmware | 2024-11-21 | N/A |
| A remote cross site scripting vulnerability was identified in HPE iLO 3 all version prior to v1.88 and HPE iLO 4 all versions prior to v2.44. | ||||
| CVE-2016-4400 | 1 Hp | 1 Network Node Manager I | 2024-11-21 | N/A |
| A security vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10. The vulnerability could result in cross-site scripting (XSS). | ||||
| CVE-2016-4399 | 1 Hp | 1 Network Node Manager I | 2024-11-21 | N/A |
| A security vulnerability was identified in HP Network Node Manager i (NNMi) Software 10.00, 10.01 (patch1), 10.01 (patch 2), 10.10. The vulnerability could result in cross-site scripting (XSS). | ||||
| CVE-2016-4392 | 1 Hp | 1 Business Service Management | 2024-11-21 | N/A |
| A remote cross site scripting vulnerability has been identified in HP Business Service Management software v9.1x, v9.20 - v9.25IP1. | ||||