Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE	CVE	VULNERABILITY TITLE	RISK
2017-04-10	CVE-2015-6021	Cross-site Scripting vulnerability in Spiceworks Desktop Spiceworks Desktop before 2015-12-01 has XSS via an SNMP response. network low complexity spiceworks CWE-79	6.1
2017-04-10	CVE-2015-2883	Cross-site Scripting vulnerability in Philips In.Sight B12037 Philips In.Sight B120/37 has XSS, related to the Weaved cloud web service, as demonstrated by the name parameter to deviceSettings.php or shareDevice.php. network low complexity philips CWE-79	5.4
2017-04-09	CVE-2017-7591	Cross-site Scripting vulnerability in Openidm Project Openidm 4.0.0/4.5.0 OpenIDM through 4.0.0 and 4.5.0 is vulnerable to reflected cross-site scripting (XSS) attacks within the Admin UI, as demonstrated by the _sortKeys parameter to the authzRoles script under managed/user/. network low complexity openidm-project CWE-79	6.1
2017-04-09	CVE-2017-7590	Cross-site Scripting vulnerability in Openidm Project Openidm 4.0.0/4.5.0 OpenIDM through 4.0.0 and 4.5.0 is vulnerable to persistent cross-site scripting (XSS) attacks within the Admin UI, as demonstrated by a crafted Managed Object Name. network low complexity openidm-project CWE-79	6.1
2017-04-07	CVE-2017-7583	Cross-site Scripting vulnerability in Ilias ILIAS before 5.2.3 has XSS via SVG documents. network low complexity ilias CWE-79	6.1
2017-04-07	CVE-2017-3888	Cross-site Scripting vulnerability in Cisco Unified Communications Manager 12.0(0.98000.452) A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. network low complexity cisco CWE-79	5.4
2017-04-07	CVE-2017-3848	Cross-site Scripting vulnerability in Cisco Prime Infrastructure 2.2(2)/3.0 A vulnerability in the HTTP web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected system. network low complexity cisco CWE-79	6.1
2017-04-07	CVE-2017-7579	Cross-site Scripting vulnerability in PHPmyfaq inc/PMF/Faq.php in phpMyFAQ before 2.9.7 has XSS in the question field. network low complexity phpmyfaq CWE-79	6.1
2017-04-06	CVE-2016-1000307	Cross-site Scripting vulnerability in Clip-Bucket Clipbucket Multiple Cross Site Scripting (XSS) Vulnerabilities in ClipBucket v2.8.1 and probably prior allow Remote Attackers to inject arbitrary web script or HTML via (1) profile_desc, about_me, schools, occupation, companies, hobbies, fav_movies, fav_music, fav_books parameters to ProfileSettings page; (2) note parameter to PersonalNotes Section; (3) closed_msg, description, allowed_types parameters to WebsiteConfigurations Section. network low complexity clip-bucket CWE-79	6.1
2017-04-06	CVE-2015-4673	Cross-site Scripting vulnerability in Clip-Bucket Clipbucket 2.7.0.5 Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.7.0.5 allow remote authenticated users to inject arbitrary web script or HTML via (1) the collection_description parameter to upload/manage_collections.php in an add_new action or the (2) photo_description, (3) photo_tags, or (4) photo_title parameter to upload/actions/photo_uploader.php. network low complexity clip-bucket CWE-79	5.4