CVE-2016-1609 in Filr
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allow remote authenticated users to inject arbitrary web script or HTML via crafted input, as demonstrated by a crafted attribute of an IMG element in the phone field of a user profile.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Reservation
01/12/2016
Disclosure
07/31/2016
Status
Confirmed
Entries
VulDB provides additional information and datapoints for this CVE:
| ID | Vulnerability | CWE | Exp | Cou | CVE |
|---|---|---|---|---|---|
| 90393 | Novell Filr User Profile cross site scripting | 79 | Proof-of-Concept | Official fix | CVE-2016-1609 |