CVE-2016-3968
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2016-3968
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Sophos Cyberoam CR100iNG UTM appliance with firmware 10.6.3 MR-1 build 503, CR35iNG UTM appliance with firmware 10.6.2 MR-1 build 383, and CR35iNG UTM appliance with firmware 10.6.2 Build 378 allow remote attackers to inject arbitrary web script or HTML via the (1) ipFamily parameter to corporate/webpages/trafficdiscovery/LiveConnections.jsp; the (2) ipFamily, (3) applicationname, or (4) username parameter to corporate/webpages/trafficdiscovery/LiveConnectionDetail.jsp; or the (5) X-Forwarded-For HTTP header.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
多款Sophos Cyberoam产品跨站脚本漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Sophos Cyberoam CR100iNG UTM、CR35iNG UTM和CR35iNG UTM都是英国Sophos公司的运行有CyberoamOS操作系统的新一代防火墙,它提供在线应用程序检测和控制、网页过滤、HTTPS检查、入侵防护等功能。 多款Sophos Cyberoam产品中存在跨站脚本漏洞,该漏洞源于corporate/webpages/trafficdiscovery/LiveConnections.jsp脚本没有充分过滤‘ipFamily’参数;corporate/webpages
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2016-3968
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2016-3968
请登录查看更多情报信息。
- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5313.phpx_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2016-3968
Same Patch Batch · n/a · 2016-04-06 · 22 CVEs total
| CVE-2016-1290 | Cisco Prime Infrastructure和Cisco Evolved Programmable Network Manager Web API 安全绕过漏洞 | |
| CVE-2016-3118 | CA API Gateway CRLF注入漏洞 | |
| CVE-2016-3969 | McAfee Email Gateway 跨站脚本漏洞 | |
| CVE-2016-2292 | Pro-face GP-Pro EX 基于栈的缓冲区错误漏洞 | |
| CVE-2016-2291 | Pro-face GP-Pro EX 拒绝服务漏洞 | |
| CVE-2016-2290 | Pro-face GP-Pro EX 基于堆的缓冲区错误漏洞 | |
| CVE-2016-2277 | Rockwell Automation Integrated Architecture Builder 任意代码执行漏洞 | |
| CVE-2016-2272 | Eaton Lighting Systems EG2 Web Control 安全漏洞 | |
| CVE-2016-1346 | Cisco Mobility Services Engine TelePresence Server 拒绝服务漏洞 | |
| CVE-2016-1313 | 多款Cisco产品安全漏洞 | |
| CVE-2016-1291 | Cisco Prime Infrastructure和Cisco Evolved Programmable Network Manager 任意代码执行漏洞 | |
| CVE-2015-6312 | Cisco TelePresence Server 拒绝服务漏洞 | |
| CVE-2016-1174 | baserCMS Menubook插件跨站请求伪造漏洞 | |
| CVE-2016-1173 | baserCMS Menubook插件跨站脚本漏洞 | |
| CVE-2016-1172 | baserCMS Recruit插件跨站请求伪造漏洞 | |
| CVE-2016-1171 | baserCMS Recruit插件跨站脚本漏洞 | |
| CVE-2016-1170 | baserCMS Casebook插件跨站请求伪造漏洞 | |
| CVE-2016-1169 | baserCMS Casebook插件跨站脚本漏洞 | |
| CVE-2016-0871 | Eaton Lighting Systems EG2 Web Control 安全漏洞 | |
| CVE-2015-7921 | Pro-face GP-Pro EX 安全漏洞 |
Showing top 20 of 22 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-8276
bettercap MySQL Server mysql_server.go integer coercion - CVE-2026-8275
bettercap zerogod IPP Service zerogod_ipp_primitives.go ippR - CVE-2026-8270
Open5GS SMF ogs_nas_parse_qos_rules denial of service - CVE-2026-8269
Open5GS SMF smf_nsmf_handle_create_sm_context denial of serv - CVE-2026-8268
Open5GS SMF OpenAPI_list_create denial of service
V. Comments for CVE-2016-3968
No comments yet