) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): xss
- Search Type: Search All
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2016-1000131 |
Reflected XSS in wordpress plugin e-search v1.0 Published: October 10, 2016; 4:59:06 PM -0400 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2016-1000130 |
Reflected XSS in wordpress plugin e-search v1.0 Published: October 10, 2016; 4:59:05 PM -0400 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2016-1000129 |
Reflected XSS in wordpress plugin defa-online-image-protector v3.3 Published: October 10, 2016; 4:59:04 PM -0400 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2016-1000128 |
Reflected XSS in wordpress plugin anti-plagiarism v3.60 Published: October 10, 2016; 4:59:03 PM -0400 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2016-1000127 |
Reflected XSS in wordpress plugin ajax-random-post v2.00 Published: October 10, 2016; 4:59:01 PM -0400 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2016-1000126 |
Reflected XSS in wordpress plugin admin-font-editor v1.8 Published: October 10, 2016; 4:59:00 PM -0400 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2016-1000007 |
Pagure 2.2.1 XSS in raw file endpoint Published: October 07, 2016; 2:59:02 PM -0400 |
V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2016-1000114 |
XSS in huge IT gallery v1.1.5 for Joomla Published: October 06, 2016; 10:59:20 AM -0400 |
V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2016-1000113 |
XSS and SQLi in huge IT gallery v1.1.5 for Joomla Published: October 06, 2016; 10:59:19 AM -0400 |
V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2015-1000004 |
XSS in filedownload v1.4 wordpress plugin Published: October 06, 2016; 10:59:04 AM -0400 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2016-4618 |
Cross-site scripting (XSS) vulnerability in Safari Reader in Apple iOS before 10 and Safari before 10 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)." Published: September 25, 2016; 6:59:01 AM -0400 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2016-5164 |
Cross-site scripting (XSS) vulnerability in WebKit/Source/platform/v8_inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML into the Developer Tools (aka DevTools) subsystem via a crafted web site, aka "Universal XSS (UXSS)." Published: September 11, 2016; 6:59:20 AM -0400 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2016-5148 |
Cross-site scripting (XSS) vulnerability in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML via vectors related to widget updates, aka "Universal XSS (UXSS)." Published: September 11, 2016; 6:59:02 AM -0400 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2016-5147 |
Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles deferred page loads, which allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)." Published: September 11, 2016; 6:59:00 AM -0400 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2016-5265 |
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow user-assisted remote attackers to bypass the Same Origin Policy, and conduct Universal XSS (UXSS) attacks or read arbitrary files, by arranging for the presence of a crafted HTML document and a crafted shortcut file in the same local directory. Published: August 04, 2016; 9:59:21 PM -0400 |
V3.0: 5.5 MEDIUM V2.0: 4.0 MEDIUM |
| CVE-2016-3273 |
The XSS Filter in Microsoft Internet Explorer 9 through 11 and Microsoft Edge does not properly restrict JavaScript code, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." Published: July 12, 2016; 9:59:28 PM -0400 |
V3.0: 5.3 MEDIUM V2.0: 2.6 LOW |
| CVE-2016-2863 |
Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 7.0 Feature Pack 8, 8.0.0.x before 8.0.0.10, and 8.0.1.x before 8.0.1.2 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences. Published: July 03, 2016; 5:59:12 PM -0400 |
V3.0: 8.0 HIGH V2.0: 6.0 MEDIUM |
| CVE-2016-2901 |
Cross-site request forgery (CSRF) vulnerability in the PA_Theme_Creator application in IBM WebSphere Portal 8.5 CF08 through CF10 and Web Content Manager allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. Published: June 25, 2016; 9:59:02 PM -0400 |
V3.0: 8.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2016-1864 |
The XSS auditor in WebKit, as used in Apple iOS before 9.3 and Safari before 9.1, does not properly handle redirects in block mode, which allows remote attackers to obtain sensitive information via a crafted URL. Published: June 19, 2016; 4:59:11 PM -0400 |
V3.0: 4.3 MEDIUM V2.0: 5.0 MEDIUM |
| CVE-2016-3212 |
The XSS Filter in Microsoft Internet Explorer 9 through 11 does not properly identify JavaScript, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, aka "Internet Explorer XSS Filter Vulnerability." Published: June 15, 2016; 9:59:16 PM -0400 |
V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |