Vulnerabilities > Novell > Filr > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-08-01 | CVE-2016-1609 | Cross-site Scripting vulnerability in Novell Filr 1.2/2.0 Multiple cross-site scripting (XSS) vulnerabilities in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allow remote authenticated users to inject arbitrary web script or HTML via crafted input, as demonstrated by a crafted attribute of an IMG element in the phone field of a user profile. | 5.4 |
| 2016-03-18 | CVE-2015-5968 | Cross-site Scripting vulnerability in Novell Filr 1.2 Cross-site scripting (XSS) vulnerability in Novell Filr 1.2 before Hot Patch 4 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 6.1 |