Security Vulnerabilities, CVEs, Published In 2016 (XSS)
XSS and SQLi in huge IT gallery v1.1.5 for Joomla
Max CVSS
9.8
EPSS Score
1.27%
Published
2016-10-06
Updated
2019-12-19
Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 through 7.0.0.9, and 7.0 Feature Pack 8 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
Max CVSS
8.8
EPSS Score
0.11%
Published
2016-01-15
Updated
2019-09-30
Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
Max CVSS
8.8
EPSS Score
0.11%
Published
2016-02-15
Updated
2016-02-26
Cross-site request forgery (CSRF) vulnerability in Lotus Mashups in IBM Mashup Center 3.0.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
Max CVSS
8.8
EPSS Score
0.11%
Published
2016-01-02
Updated
2016-11-28
Cross-site request forgery (CSRF) vulnerability in IBM Flash System V9000 7.4 before 7.4.1.4, 7.5 before 7.5.1.3, and 7.6 before 7.6.0.4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
Max CVSS
8.8
EPSS Score
0.11%
Published
2016-03-12
Updated
2018-10-17
Cross-site request forgery (CSRF) vulnerability in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
Max CVSS
8.8
EPSS Score
0.11%
Published
2016-01-10
Updated
2016-01-12
Cross-site request forgery (CSRF) vulnerability in the PA_Theme_Creator application in IBM WebSphere Portal 8.5 CF08 through CF10 and Web Content Manager allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
Max CVSS
8.8
EPSS Score
0.09%
Published
2016-06-26
Updated
2016-08-18
Cross-site request forgery (CSRF) vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
Max CVSS
8.8
EPSS Score
0.11%
Published
2016-11-30
Updated
2016-12-03
Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Wireless Framework. NOTE: the previous information is from the July 2016 CPU. Oracle has not commented on third-party claims that this issue is a cross-site scripting (XSS) vulnerability, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
8.5
EPSS Score
0.17%
Published
2016-07-21
Updated
2017-09-01
ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899.
Max CVSS
8.2
EPSS Score
42.77%
Published
2016-07-04
Updated
2020-07-15
Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 12.0.6, 12.1, and 12.2 allows remote attackers to affect confidentiality and integrity via vectors related to JRAD Heartbeat. NOTE: the previous information is from the April 2016 CPU. Oracle has not commented on third-party claims that that this issue involves multiple cross-site scripting (XSS) vulnerabilities, which allow remote attackers to inject arbitrary web script or HTML via three unspecified parameters in an unknown JSP file.
Max CVSS
8.2
EPSS Score
0.24%
Published
2016-04-21
Updated
2017-09-03
Unspecified vulnerability in the Oracle Advanced Inbound Telephony component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to SDK client integration. NOTE: the previous information is from the July 2016 CPU. Oracle has not commented on third-party claims that this issue involves multiple cross-site scripting (XSS) vulnerabilities, which allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
8.2
EPSS Score
0.17%
Published
2016-07-21
Updated
2017-09-01
Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Remote Launch. NOTE: the previous information is from the July 2016 CPU. Oracle has not commented on third-party claims that this issue is a cross-site scripting (XSS) vulnerability, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
8.2
EPSS Score
0.17%
Published
2016-07-21
Updated
2017-09-01
Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Deliverables. NOTE: the previous information is from the July 2016 CPU. Oracle has not commented on third-party claims that this issue involves multiple cross-site scripting (XSS) vulnerabilities, which allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
8.2
EPSS Score
0.17%
Published
2016-07-21
Updated
2017-09-01
Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 7.0 Feature Pack 8, 8.0.0.x before 8.0.0.10, and 8.0.1.x before 8.0.1.2 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
Max CVSS
8.0
EPSS Score
0.08%
Published
2016-07-03
Updated
2019-09-30
Multiple cross-site request forgery (CSRF) vulnerabilities in IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 allow remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.
Max CVSS
8.0
EPSS Score
0.08%
Published
2016-11-30
Updated
2016-12-23
Cross-site request forgery (CSRF) vulnerability in IBM Forms Experience Builder 8.5.x and 8.6.x before 8.6.3.1, in an unspecified non-default configuration, allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
Max CVSS
8.0
EPSS Score
0.08%
Published
2016-11-30
Updated
2016-12-01
Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
7.6
EPSS Score
0.09%
Published
2016-09-18
Updated
2016-11-28
The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting (XSS) attacks via a URL containing basic authentication, as demonstrated by http://mysite.example.com\@attacker.com.
Max CVSS
7.4
EPSS Score
0.32%
Published
2016-04-08
Updated
2017-09-08
Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS
Max CVSS
7.2
EPSS Score
0.20%
Published
2016-10-21
Updated
2017-11-13
Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS
Max CVSS
7.2
EPSS Score
0.12%
Published
2016-10-21
Updated
2017-03-28
XSS & SQLi in HugeIT slideshow v1.0.4
Max CVSS
7.2
EPSS Score
0.29%
Published
2016-10-21
Updated
2017-01-06
XSS & SQLi in HugeIT slideshow v1.0.4
Max CVSS
7.2
EPSS Score
0.29%
Published
2016-10-21
Updated
2018-05-02
SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla
Max CVSS
7.2
EPSS Score
0.29%
Published
2016-10-21
Updated
2018-05-02
SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla
Max CVSS
7.2
EPSS Score
0.32%
Published
2016-10-27
Updated
2016-12-22