CVE-2016-1609
published 2016-08-01CVE-2016-1609: Multiple cross-site scripting (XSS) vulnerabilities in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allow remote authenticated…
PriorityP429medium5.4CVSS 3.0
AVNACLPRLUIRSCCLILAN
EXPLOIT
EPSS
3.24%
86.7th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allow remote authenticated users to inject arbitrary web script or HTML via crafted input, as demonstrated by a crafted attribute of an IMG element in the phone field of a user profile.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mongodb | mongodb | >= 0 < 1:2.4.9-1ubuntu2+esm2 | 1:2.4.9-1ubuntu2+esm2 |
| mongodb | mongodb | >= 0 < 1:2.6.10-0ubuntu1+esm2 | 1:2.6.10-0ubuntu1+esm2 |
| mongodb | mongodb | >= 0 < 1:3.6.3-0ubuntu1.4+esm1 | 1:3.6.3-0ubuntu1.4+esm1 |
| novell | filr | <= 1.2 | — |
| novell | filr | <= 2.0 | — |
CVSS provenance
nvdv3.05.4MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
osv5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
mongodb vulnerabilities
osv·2026-02-25·CVSS 5.0
CVE-2015-1609 mongodb vulnerabilities
mongodb vulnerabilities
Eliot Horowitz discovered that MongoDB may fail to validate some instances
of malformed BSON. A remote attacker could possibly use this issue to cause
MongoDB to crash, resulting in a denial of service. This issue only
affected Ubuntu 14.04 LTS. (CVE-2015-1609)
It was discovered that MongoDB read raw permissions from .dbshell history
files. A local attacker could possibly use this issue to obtain sensitive
information. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04
LTS. (CVE-2016-6494)
Travis Brown discovered that MongoDB may be unable to parse specially
crafted UTF-8 strings in BSON requests. A remote attacker could possibly
use this issue to cause MongoDB to crash, resulting in a denial of service.
This issue only affected Ubuntu 18.04 LTS. (CVE-201
GHSA
GHSA-wgfp-j8vx-9mxq: Multiple cross-site scripting (XSS) vulnerabilities in Novell Filr before 1
ghsa_unreviewed·2022-05-17
CVE-2016-1609 [MEDIUM] CWE-79 GHSA-wgfp-j8vx-9mxq: Multiple cross-site scripting (XSS) vulnerabilities in Novell Filr before 1
Multiple cross-site scripting (XSS) vulnerabilities in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allow remote authenticated users to inject arbitrary web script or HTML via crafted input, as demonstrated by a crafted attribute of an IMG element in the phone field of a user profile.
No detection rules found.
No writeups or analysis indexed.
http://seclists.org/bugtraq/2016/Jul/119http://www.securityfocus.com/bid/92113https://download.novell.com/Download?buildid=3V-3ArYN85I~https://download.novell.com/Download?buildid=BOTiHcBFfv0~https://www.exploit-db.com/exploits/40161/https://www.novell.com/support/kb/doc.php?id=7017787http://seclists.org/bugtraq/2016/Jul/119http://www.securityfocus.com/bid/92113https://download.novell.com/Download?buildid=3V-3ArYN85I~https://download.novell.com/Download?buildid=BOTiHcBFfv0~https://www.exploit-db.com/exploits/40161/https://www.novell.com/support/kb/doc.php?id=7017787
2016-08-01
Published