CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 3 and 3.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
4651 CVE-2016-10851 79 XSS 2019-08-01 2019-08-06
3.5
None Remote Medium ??? None Partial None
cPanel before 11.54.0.4 allows self XSS in the WHM PHP Configuration editor interface (SEC-84).
4652 CVE-2016-10827 79 XSS 2019-08-01 2019-08-07
3.5
None Remote Medium ??? None Partial None
cPanel before 55.9999.141 allows self stored XSS in WHM Edit System Mail Preferences (SEC-96).
4653 CVE-2016-10822 79 XSS 2019-08-01 2019-08-07
3.5
None Remote Medium ??? None Partial None
cPanel before 55.9999.141 allows self XSS in X3 Reseller Branding Images (SEC-88).
4654 CVE-2016-10813 79 XSS 2019-08-01 2019-08-06
3.5
None Remote Medium ??? None Partial None
cPanel before 57.9999.54 allows self XSS during ftp account creation under addon domains (SEC-118).
4655 CVE-2016-10806 79 XSS 2019-08-07 2019-08-09
3.5
None Remote Medium ??? None Partial None
cPanel before 57.9999.54 allows self XSS on the Paper Lantern Landing Page (SEC-110).
4656 CVE-2016-10784 79 XSS 2019-08-06 2019-08-08
3.5
None Remote Medium ??? None Partial None
cPanel before 60.0.25 allows self XSS in the alias upload interface (SEC-184).
4657 CVE-2016-10783 79 XSS 2019-08-06 2019-08-08
3.5
None Remote Medium ??? None Partial None
cPanel before 60.0.25 allows self stored XSS in SSL_listkeys (SEC-182).
4658 CVE-2016-10782 79 XSS 2019-08-06 2019-08-08
3.5
None Remote Medium ??? None Partial None
cPanel before 60.0.25 allows self stored XSS in postgres API1 listdbs (SEC-181).
4659 CVE-2016-10781 79 XSS 2019-08-06 2019-08-08
3.5
None Remote Medium ??? None Partial None
cPanel before 60.0.25 allows self XSS in the UI_confirm API (SEC-180).
4660 CVE-2016-10780 79 XSS 2019-08-06 2019-08-08
3.5
None Remote Medium ??? None Partial None
cPanel before 60.0.25 allows stored XSS in the ftp_sessions API (SEC-180).
4661 CVE-2016-10779 79 XSS 2019-08-06 2019-08-09
3.5
None Remote Medium ??? None Partial None
cPanel before 60.0.25 allows stored XSS in api1_listautoresponders (SEC-179).
4662 CVE-2016-10778 79 XSS 2019-08-06 2019-08-08
3.5
None Remote Medium ??? None Partial None
cPanel before 60.0.25 allows self stored XSS in the listftpstable API (SEC-178).
4663 CVE-2016-10777 79 XSS 2019-08-06 2019-08-08
3.5
None Remote Medium ??? None Partial None
cPanel before 60.0.25 allows self XSS in WHM Tweak Settings for autodiscover_host (SEC-177).
4664 CVE-2016-10776 79 XSS 2019-08-06 2019-08-08
3.5
None Remote Medium ??? None Partial None
cPanel before 60.0.25 allows stored XSS during the homedir removal phase of WHM Account termination (SEC-174).
4665 CVE-2016-10774 79 XSS 2019-08-05 2019-08-09
3.5
None Remote Medium ??? None Partial None
cPanel before 60.0.25 allows self XSS in the tail_ea4_migration.cgi interface (SEC-172).
4666 CVE-2016-10767 79 XSS 2019-08-05 2019-08-09
3.5
None Remote Medium ??? None Partial None
cPanel before 60.0.25 allows stored XSS in the WHM Repair Mailbox Permissions interface (SEC-159).
4667 CVE-2016-10763 79 XSS 2019-07-18 2019-07-18
3.5
None Remote Medium ??? None Partial None
The CampTix Event Ticketing plugin before 1.5 for WordPress allows XSS in the admin section via a ticket title or body.
4668 CVE-2016-10761 74 Bypass 2019-06-29 2019-07-08
3.3
None Local Network Low Not required None Partial None
Logitech Unifying devices before 2016-02-26 allow keystroke injection, bypassing encryption, aka MouseJack.
4669 CVE-2016-10737 79 XSS 2019-01-16 2019-01-23
3.5
None Remote Medium ??? None Partial None
Serendipity 2.0.4 has XSS via the serendipity_admin.php serendipity[body] parameter.
4670 CVE-2016-10716 79 XSS 2018-03-16 2018-04-09
3.5
None Remote Medium ??? None Partial None
The Mail.ru Calendar plugin before 2.5.0.61 for Atlassian Jira has XSS via the Name field in a Create Calender action, related to a MailRuCalendar.jspa#period/month URI.
4671 CVE-2016-10715 79 XSS 2018-03-16 2018-04-09
3.5
None Remote Medium ??? None Partial None
The Artezio Kanban Board plugin 1.4 revision 1914 for Atlassian Jira has XSS via the Board Name in a Create New Board action, related to an artezioboard/mainPage.jspa?kanbanId=7#/kanban-view URI.
4672 CVE-2016-10537 79 XSS 2018-05-31 2019-10-09
3.5
None Remote Medium ??? None Partial None
backbone is a module that adds in structure to a JavaScript heavy application through key-value pairs and custom events connecting to your RESTful API through JSON There exists a potential Cross Site Scripting vulnerability in the `Model#Escape` function of backbone 0.3.3 and earlier, if a user is able to supply input. This is due to the regex that's replacing things to miss the conversion of things such as `<` to `<`.
4673 CVE-2016-10376 310 2017-05-28 2017-11-06
3.5
None Remote Medium ??? Partial None None
Gajim through 0.16.7 unconditionally implements the "XEP-0146: Remote Controlling Clients" extension. This can be abused by malicious XMPP servers to, for example, extract plaintext from OTR encrypted sessions.
4674 CVE-2016-10223 284 Exec Code 2017-02-14 2017-02-16
3.5
None Remote Medium ??? None Partial None
An issue was discovered in BigTree CMS before 4.2.15. The vulnerability exists due to insufficient filtration of user-supplied data in the "id" HTTP GET parameter passed to the "core/admin/adjax/dashboard/check-module-integrity.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
4675 CVE-2016-10112 79 XSS 2017-01-04 2017-01-12
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.6.9 for WordPress allows remote authenticated administrators to inject arbitrary web script or HTML by providing crafted tax-rate table values in CSV format.
4676 CVE-2016-9989 79 XSS 2017-07-05 2017-07-12
3.5
None Remote Medium ??? None Partial None
IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120555.
4677 CVE-2016-9988 79 XSS 2017-07-05 2017-07-12
3.5
None Remote Medium ??? None Partial None
IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120554.
4678 CVE-2016-9987 79 XSS 2017-07-05 2017-07-12
3.5
None Remote Medium ??? None Partial None
IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120553.
4679 CVE-2016-9986 79 XSS 2017-07-05 2017-07-12
3.5
None Remote Medium ??? None Partial None
IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120552.
4680 CVE-2016-9983 200 +Info 2017-06-22 2017-06-26
3.5
None Remote Medium ??? Partial None None
IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user with special privileges to view files that they should not have access to. IBM X-Force ID: 120275.
4681 CVE-2016-9980 79 XSS 2017-04-20 2017-04-27
3.5
None Remote Medium ??? None Partial None
IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120256.
4682 CVE-2016-9979 79 XSS 2017-04-20 2017-04-27
3.5
None Remote Medium ??? None Partial None
IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120255.
4683 CVE-2016-9973 79 XSS 2017-06-13 2017-06-26
3.5
None Remote Medium ??? None Partial None
IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120209.
4684 CVE-2016-9891 79 XSS 2016-12-29 2017-01-03
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in admin/media.php and admin/media_item.php in Dotclear before 2.11 allows remote authenticated users to inject arbitrary web script or HTML via the upfiletitle or media_title parameter (aka the media title).
4685 CVE-2016-9757 79 XSS 2016-12-20 2016-12-27
3.5
None Remote Medium ??? None Partial None
In the Create Tags page of the Rapid7 Nexpose version 6.4.12 user interface, any authenticated user who has the capability to create tags can inject cross-site scripting (XSS) elements in the tag name field. Once this tag is viewed in the Tag Detail page of the Rapid7 Nexpose 6.4.12 UI by another authenticated user, the script is run in that user's browser context.
4686 CVE-2016-9747 79 XSS 2017-06-22 2017-06-28
3.5
None Remote Medium ??? None Partial None
IBM RELM 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
4687 CVE-2016-9746 79 XSS 2017-07-05 2017-07-26
3.5
None Remote Medium ??? None Partial None
IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119821.
4688 CVE-2016-9737 79 XSS 2017-03-27 2017-03-29
3.5
None Remote Medium ??? None Partial None
IBM TRIRIGA 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1996200.
4689 CVE-2016-9733 79 XSS 2017-07-05 2017-07-26
3.5
None Remote Medium ??? None Partial None
IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119762.
4690 CVE-2016-9732 79 XSS 2017-08-29 2017-09-02
3.5
None Remote Medium ??? None Partial None
IBM Curam Social Program Management 6.0, 6.1, 6.2 and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119761.
4691 CVE-2016-9731 79 XSS 2017-02-01 2018-05-02
3.5
None Remote Medium ??? None Partial None
IBM Business Process Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
4692 CVE-2016-9719 20 2017-07-31 2017-08-03
3.5
None Remote Medium ??? None Partial None
IBM InfoSphere Master Data Management Server 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 119733.
4693 CVE-2016-9718 79 XSS 2017-07-31 2017-08-03
3.5
None Remote Medium ??? None Partial None
IBM InfoSphere Master Data Management Server 10.1. 11.0. 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119732.
4694 CVE-2016-9715 79 XSS 2017-07-31 2017-08-03
3.5
None Remote Medium ??? None Partial None
IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119728.
4695 CVE-2016-9701 79 XSS 2017-07-05 2017-07-26
3.5
None Remote Medium ??? None Partial None
IBM Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 119529.
4696 CVE-2016-9696 79 Exec Code XSS 2017-03-20 2017-03-23
3.5
None Remote Medium ??? None Partial None
IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM Reference #: 1999960.
4697 CVE-2016-9694 79 XSS 2017-03-20 2017-03-23
3.5
None Remote Medium ??? None Partial None
IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference #: 1999960.
4698 CVE-2016-9681 79 XSS 2016-12-25 2016-12-30
3.5
None Remote Medium ??? None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Serendipity before 2.0.5 allow remote authenticated users to inject arbitrary web script or HTML via a category or directory name.
4699 CVE-2016-9637 264 +Priv 2017-02-17 2018-02-08
3.7
None Local High Not required Partial Partial Partial
The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administrators to gain qemu process privileges via vectors involving an out-of-range ioport access.
4700 CVE-2016-9595 59 2018-07-27 2019-10-09
3.6
None Local Low Not required None Partial Partial
A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.