Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2017-03-31 CVE-2017-7363 Cross-site Scripting vulnerability in Lucidcrew Pixie 1.04
Pixie 1.0.4 allows an admin/index.php s=publish&m=module&x= XSS attack.
network
low complexity
lucidcrew CWE-79
6.1
6.1
2017-03-31 CVE-2017-7362 Cross-site Scripting vulnerability in Lucidcrew Pixie 1.04
Pixie 1.0.4 allows an admin/index.php s=publish&m=dynamic&x= XSS attack.
network
low complexity
lucidcrew CWE-79
6.1
6.1
2017-03-31 CVE-2017-7361 Cross-site Scripting vulnerability in Lucidcrew Pixie 1.04
Pixie 1.0.4 allows an admin/index.php s=publish&m=static&x= XSS attack.
network
low complexity
lucidcrew CWE-79
6.1
6.1
2017-03-31 CVE-2017-7360 Cross-site Scripting vulnerability in Lucidcrew Pixie 1.04
Pixie 1.0.4 allows an admin/index.php s=settings&x= XSS attack.
network
low complexity
lucidcrew CWE-79
6.1
6.1
2017-03-31 CVE-2017-7359 Cross-site Scripting vulnerability in Lucidcrew Pixie 1.04
Pixie 1.0.4 allows an admin/index.php s=login&m= XSS attack.
network
low complexity
lucidcrew CWE-79
6.1
6.1
2017-03-31 CVE-2017-7309 Cross-site Scripting vulnerability in Mantisbt
A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted 'config_option' parameter.
network
low complexity
mantisbt CWE-79
4.8
4.8
2017-03-31 CVE-2017-7241 Cross-site Scripting vulnerability in Mantisbt
A cross-site scripting (XSS) vulnerability in the MantisBT Move Attachments page (move_attachments_page.php, part of admin tools) allows remote attackers to inject arbitrary code through a crafted 'type' parameter, if Content Security Protection (CSP) settings allows it.
network
low complexity
mantisbt CWE-79
4.8
4.8
2017-03-31 CVE-2017-6973 Cross-site Scripting vulnerability in Mantisbt
A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code through a crafted 'action' parameter.
network
low complexity
mantisbt CWE-79
4.8
4.8
2017-03-30 CVE-2017-7320 Cross-site Scripting vulnerability in Modx Revolution
setup/controllers/language.php in MODX Revolution 2.5.4-pl and earlier does not properly constrain the language parameter, which allows remote attackers to conduct Cookie-Bombing attacks and cause a denial of service (cookie quota exhaustion), or conduct HTTP Response Splitting attacks with resultant XSS, via an invalid parameter value.
network
low complexity
modx CWE-79
6.1
6.1
2017-03-29 CVE-2017-5900 Cross-site Scripting vulnerability in Netcomm Nb16Wv-02 Firmware Nb16Wvr0.09
Cross-site scripting (XSS) vulnerability in the NetComm NB16WV-02 router with firmware NB16WV_R0.09 allows remote authenticated users to inject arbitrary web script or HTML via the S801F0334 parameter to hdd.htm.
network
low complexity
netcomm CWE-79
5.4
5.4