CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2016-1609

Multiple cross-site scripting (XSS) vulnerabilities in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allow remote authenticated users to inject arbitrary web script or HTML via crafted input, as demonstrated by a crafted attribute of an IMG element in the phone field of a user profile.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.014

EPSS Ranking 79.3%

CVSS Severity

CVSS v3 Score 5.4

CVSS v2 Score 3.5

References

http://seclists.org/bugtraq/2016/Jul/119
http://www.securityfocus.com/bid/92113
https://download.novell.com/Download?buildid=3V-3ArYN85I~
https://download.novell.com/Download?buildid=BOTiHcBFfv0~
https://www.exploit-db.com/exploits/40161/
https://www.novell.com/support/kb/doc.php?id=7017787
http://seclists.org/bugtraq/2016/Jul/119
http://www.securityfocus.com/bid/92113
https://download.novell.com/Download?buildid=3V-3ArYN85I~
https://download.novell.com/Download?buildid=BOTiHcBFfv0~
https://www.exploit-db.com/exploits/40161/
https://www.novell.com/support/kb/doc.php?id=7017787

Products affected by CVE-2016-1609

Novell » Filr » Version: 1.2

cpe:2.3:a:novell:filr:1.2
Novell » Filr » Version: 2.0

cpe:2.3:a:novell:filr:2.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2016-1609

Products

Pricing

Contact Us