Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-10-27 | CVE-2016-6440 | Improper Input Validation vulnerability in Cisco Unified Communications Manager 11.5(0.99838.4) The Cisco Unified Communications Manager (CUCM) may be vulnerable to data that can be displayed inside an iframe within a web page, which in turn could lead to a clickjacking attack. | 6.5 |
| 2016-10-27 | CVE-2016-6438 | Permissions, Privileges, and Access Controls vulnerability in Cisco IOS XE A vulnerability in Cisco IOS XE Software running on Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause a configuration integrity change to the vty line configuration on an affected device. | 5.9 |
| 2016-10-27 | CVE-2016-6437 | Resource Management Errors vulnerability in Cisco Wide Area Application Services A vulnerability in the SSL session cache management of Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high consumption of disk space. | 5.9 |
| 2016-10-27 | CVE-2016-1000121 | Cross-site Scripting vulnerability in Huge-It Slider 1.0.9 XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension | 4.8 |
| 2016-10-27 | CVE-2016-1598 | Cross-site Scripting vulnerability in Novell products XSS in NetIQ IDM 4.5 Identity Applications before 4.5.4 allows attackers able to change their username to inject arbitrary HTML code into the Role Assignment administrator HTML pages. | 5.4 |
| 2016-10-27 | CVE-2016-1592 | Cross-site Scripting vulnerability in Netiq Identity Manager 4.5 XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the nrfEntitlementReport.do CGI. | 6.1 |
| 2016-10-27 | CVE-2015-0787 | Cross-site Scripting vulnerability in Netiq Identity Manager 4.5 XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the accessMgrDN value of the forgotUser.do CGI. | 6.1 |
| 2016-10-26 | CVE-2016-8506 | Cross-site Scripting vulnerability in Yandex Browser XSS in Yandex Browser Translator in Yandex browser for desktop for versions from 15.12 to 16.2 could be used by remote attacker for evaluation arbitrary javascript code. | 6.1 |
| 2016-10-26 | CVE-2016-8505 | Cross-site Scripting vulnerability in Yandex Yandex.Browser 16.4.0.94.4 XSS in Yandex Browser BookReader in Yandex browser for desktop for versions before 16.6. | 6.1 |
| 2016-10-26 | CVE-2016-8504 | Cross-Site Request Forgery (CSRF) vulnerability in Yandex Browser CSRF of synchronization form in Yandex Browser for desktop before version 16.6 could be used by remote attacker to steal saved data in browser profile. | 4.3 |