CVE-2016-1609

Name: CVE-2016-1609
Creator: NVD / NIST
Published: 2016-08-01T02:59:06.777+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 3.24%

Last modified Jun 17, 2026

CVE-2016-1609 is a vulnerability of currently unknown severity. Multiple cross-site scripting (XSS) vulnerabilities in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allow remote authenticated users to inject arbitrary web script or HTML via crafted input, as demonstrated by a crafted attribute of an IMG element in the phone field of a user profile.. EPSS estimates a 3.24% chance of exploitation in the next 30 days.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allow remote authenticated users to inject arbitrary web script or HTML via crafted input, as demonstrated by a crafted attribute of an IMG element in the phone field of a user profile.

Metrics

EPSS Probability

3.24%

86.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-79

Affected Software

Vendor	Product	Versions	Update
Novell	Filr	<= 1.2	Security Update 2
Novell	Filr	<= 2.0	Security Update 1

References

Timeline

Published: Aug 1, 2016
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2016-1609?

How severe is CVE-2016-1609?

Severity scoring for CVE-2016-1609 is pending analysis. The EPSS model estimates a 3.24% probability of exploitation in the next 30 days.

How do I fix CVE-2016-1609?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2016-1609?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST