Security Vulnerabilities, CVEs, Published In 2015 (XSS) CVSS score >= 7
Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to bypass the Same Origin Policy for an IP address origin, and conduct cross-site scripting (XSS) attacks, by appending whitespace characters to an IP address string.
Max CVSS
7.5
EPSS Score
1.63%
Published
2015-11-05
Updated
2016-12-07
SQL injection vulnerability in the actionIndex function in protected/modules_core/notification/controllers/ListController.php in HumHub 0.10.0-rc.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the from parameter to index.php. NOTE: this can be leveraged for cross-site scripting (XSS) attacks via a request that causes an error.
Max CVSS
7.5
EPSS Score
0.21%
Published
2015-01-06
Updated
2017-09-08
SQL injection vulnerability in incl/create.inc.php in Installatron GQ File Manager 0.2.5 allows remote attackers to execute arbitrary SQL commands via the create parameter to index.php. NOTE: this can be leveraged for cross-site scripting (XSS) attacks by creating a file that generates an error. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information.
Max CVSS
7.5
EPSS Score
0.16%
Published
2015-01-02
Updated
2017-09-08
3 vulnerabilities found