Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-16 | CVE-2015-7485 | Cross-site Scripting vulnerability in IBM Rational Engineering Lifecycle Manager Cross-site scripting (XSS) vulnerability in IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2018-01-16 | CVE-2015-7474 | Cross-site Scripting vulnerability in IBM Rational Engineering Lifecycle Manager Cross-site scripting (XSS) vulnerability in Jazz Foundation in IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2018-01-16 | CVE-2014-6071 | Cross-site Scripting vulnerability in Jquery 1.4.2 jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after. | 6.1 |
| 2018-01-16 | CVE-2014-6027 | Cross-site Scripting vulnerability in Torrentflux Project Torrentflux 2.4 Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.4 allow (1) remote attackers to inject arbitrary web script or HTML by leveraging failure to encode file contents when downloading a torrent file or (2) remote authenticated users to inject arbitrary web script or HTML via vectors involving a link to torrent details. | 6.1 |
| 2018-01-16 | CVE-2018-5712 | Cross-site Scripting vulnerability in multiple products An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. | 6.1 |
| 2018-01-16 | CVE-2017-18032 | Cross-site Scripting vulnerability in Wpdownloadmanager Wordpress Download Manager The download-manager plugin before 2.9.52 for WordPress has XSS via the id parameter in a wpdm_generate_password action to wp-admin/admin-ajax.php. | 6.1 |
| 2018-01-15 | CVE-2018-5479 | Cross-site Scripting vulnerability in Foxsash Imghosting 1.5 FoxSash ImgHosting 1.5 (according to footer information) is vulnerable to XSS attacks. | 6.1 |
| 2018-01-14 | CVE-2018-5688 | Cross-site Scripting vulnerability in Ilias ILIAS before 5.2.4 has XSS via the cmd parameter to the displayHeader function in setup/classes/class.ilSetupGUI.php in the Setup component. | 6.1 |
| 2018-01-14 | CVE-2018-5692 | Cross-site Scripting vulnerability in Piwigo 2.8.2 Piwigo v2.8.2 has XSS via the `tab`, `to`, `section`, `mode`, `installstatus`, and `display` parameters of the `admin.php` file. | 6.1 |
| 2018-01-14 | CVE-2018-5691 | Cross-site Scripting vulnerability in Sonicwall Analyzer and Global Management System SonicWall Global Management System (GMS) 8.1 has XSS via the `newName` and `Name` values of the `/sgms/TreeControl` module. | 5.4 |