Total
36825 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-15032 | 1 Mh Httpbl Project | 1 Mh Httpbl | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in mback2k mh_httpbl Extension up to 1.1.7 on TYPO3. This affects the function stopOutput of the file class.tx_mhhttpbl.php. The manipulation of the argument $_SERVER['REMOTE_ADDR'] leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.1.8 is able to address this issue. The patch is named a754bf306a433a8c18b55e25595593e8f19b9463. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230391. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2016-15029 | 1 Mapicoin Project | 1 Mapicoin | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability has been found in Ydalb mapicoin up to 1.9.0 and classified as problematic. This vulnerability affects unknown code of the file webroot/stats.php. The manipulation of the argument link/search leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.10.0 is able to address this issue. The patch is identified as 67e87f0f0c1ac238fcd050f4c3db298229bc9679. It is recommended to upgrade the affected component. VDB-223402 is the identifier assigned to this vulnerability. | |||||
| CVE-2016-15027 | 1 Metaphorcreations | 1 Post Duplicator | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in meta4creations Post Duplicator Plugin 2.18 on WordPress. It has been classified as problematic. Affected is the function mtphr_post_duplicator_notice of the file includes/notices.php. The manipulation of the argument post-duplicated leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.19 is able to address this issue. The name of the patch is ca67c05e490c0cf93a1e9b2d93bfeff3dd96f594. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-221496. | |||||
| CVE-2016-15025 | 1 Generator-hottowel Project | 1 Generator-hottowel | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability, which was classified as problematic, was found in generator-hottowel 0.0.11. Affected is an unknown function of the file app/templates/src/server/_app.js of the component 404 Error Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is c17092fd4103143a9ddab93c8983ace8bf174396. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-221484. | |||||
| CVE-2016-15022 | 1 Cimage | 1 Cimage | 2024-11-21 | 1.7 LOW | 2.0 LOW |
| A vulnerability was found in mosbth cimage up to 0.7.18. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file check_system.php. The manipulation of the argument $_SERVER['SERVER_SOFTWARE'] leads to cross site scripting. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 0.7.19 is able to address this issue. The patch is named 401478c8393989836beeddfeac5ce44570af162b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-219715. | |||||
| CVE-2016-15010 | 1 Django-ucamlookup Project | 1 Django-ucamlookup | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in University of Cambridge django-ucamlookup up to 1.9.1. Affected by this vulnerability is an unknown functionality of the component Lookup Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.9.2 is able to address this issue. The identifier of the patch is 5e25e4765637ea4b9e0bf5fcd5e9a922abee7eb3. It is recommended to upgrade the affected component. The identifier VDB-217441 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2016-15008 | 1 Coebot-www Project | 1 Coebot-www | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in oxguy3 coebot-www and classified as problematic. This issue affects the function displayChannelCommands/displayChannelQuotes/displayChannelAutoreplies/showChannelHighlights/showChannelBoir of the file js/channel.js. The manipulation leads to cross site scripting. The attack may be initiated remotely. The patch is named c1a6c44092585da4236237e0e7da94ee2996a0ca. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217355. | |||||
| CVE-2016-11085 | 1 Expresstech | 1 Quiz And Survey Master | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| php/qmn_options_questions_tab.php in the quiz-master-next plugin before 4.7.9 for WordPress allows CSRF, with resultant stored XSS, via the question_name parameter because js/admin_question.js mishandles parsing inside of a SCRIPT element. | |||||
| CVE-2016-11083 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Mattermost Server before 2.2.0. It allows XSS because it configures files to be opened in a browser window. | |||||
| CVE-2016-11082 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Mattermost Server before 2.2.0. It allows XSS via a crafted link. | |||||
| CVE-2016-11079 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a redirect URL. | |||||
| CVE-2016-11073 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a Legal or Support setting. | |||||
| CVE-2016-11071 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Mattermost Server before 3.1.0. It allows XSS because the noreferrer and noopener protection mechanisms were not in place. | |||||
| CVE-2016-11070 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Mattermost Server before 3.1.0. It allows XSS via theme color-code values. | |||||
| CVE-2016-11063 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Mattermost Server before 3.5.1. XSS can occur via file preview. | |||||
| CVE-2016-11016 | 1 Netgear | 2 Jnr1010, Jnr1010 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| NETGEAR JNR1010 devices before 1.0.0.32 allow webproc?getpage= XSS. | |||||
| CVE-2016-11013 | 1 Agentevolution | 1 Impress Listings | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-listings plugin before 2.0.2 for WordPress has includes/views/single-listing.php XSS. | |||||
| CVE-2016-11012 | 1 Solaplugins | 1 Sola Support Tickets | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The sola-support-tickets plugin before 3.13 for WordPress has incorrect access control for /wp-admin with resultant XSS. | |||||
| CVE-2016-11005 | 1 Elfsight | 1 Instalinker | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The instalinker plugin before 1.1.2 for WordPress has includes/instalinker-admin-preview.php?client_id= XSS. | |||||
| CVE-2016-11001 | 1 Plugin-planet | 1 User Submitted Posts | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The user-submitted-posts plugin before 20160215 for WordPress has XSS via the user-submitted-content field. | |||||