Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-10 | CVE-2017-16878 | Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os Cross-site scripting (XSS) vulnerability in the Captive Portal function in Palo Alto Networks PAN-OS before 8.0.7 allows remote attackers to inject arbitrary web script or HTML by leveraging an unspecified configuration. | 6.1 |
| 2018-01-10 | CVE-2017-15941 | Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os Cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.7, when the GlobalProtect gateway or portal is configured, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2018-01-10 | CVE-2017-16514 | Cross-site Scripting vulnerability in Websitebaker 2.10.0 Multiple persistent stored Cross-Site-Scripting (XSS) vulnerabilities in the files /wb/admin/admintools/tool.php (Droplet Description) and /install/index.php (Site Title) in WebsiteBaker 2.10.0 allow attackers to insert persistent JavaScript code that gets reflected back to users in multiple areas in the application. | 6.1 |
| 2018-01-10 | CVE-2017-1623 | Cross-site Scripting vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. | 6.1 |
| 2018-01-10 | CVE-2017-1533 | Cross-site Scripting vulnerability in IBM Security Access Manager 9.0 Firmware IBM Security Access Manager Appliance 9.0.3 is vulnerable to cross-site scripting. | 6.1 |
| 2018-01-10 | CVE-2016-6810 | Cross-site Scripting vulnerability in Apache Activemq In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scripting vulnerability was identified to be present in the web based administration console. | 6.1 |
| 2018-01-10 | CVE-2017-15717 | Cross-site Scripting vulnerability in Apache products A flaw in the way URLs are escaped and encoded in the org.apache.sling.xss.impl.XSSAPIImpl#getValidHref and org.apache.sling.xss.impl.XSSFilterImpl#isValidHref allows special crafted URLs to pass as valid, although they carry XSS payloads. | 6.1 |
| 2018-01-10 | CVE-2018-5331 | Cross-site Scripting vulnerability in Discuz Discuzx X3.4 Discuz! DiscuzX X3.4 has XSS via the view parameter to include/space/space_poll.php, as demonstrated by a mod=space do=poll request to home.php. | 5.4 |
| 2018-01-10 | CVE-2017-1000428 | Cross-site Scripting vulnerability in Flatcore Flatcore-Cms 1.4.6 flatCore-CMS 1.4.6 is vulnerable to reflected XSS in user_management.php due to the use of $_SERVER['PHP_SELF'] to build links and a stored XSS in the admin log panel by specifying a malformed User-Agent string. | 6.1 |
| 2018-01-10 | CVE-2016-10257 | Cross-site Scripting vulnerability in Broadcom Advanced Secure Gateway and Symantec Proxysg The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7.2.1), ProxySG 6.5 (prior to 6.5.10.6), ProxySG 6.6, and ProxySG 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. | 6.1 |