Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE	CVE	VULNERABILITY TITLE	RISK
2017-03-19	CVE-2016-8855	Cross-site Scripting vulnerability in Sitecore Experience Platform 8.1 Cross-Site Scripting (XSS) in "/sitecore/client/Applications/List Manager/Taskpages/Contact list" in Sitecore Experience Platform 8.1 rev. network low complexity sitecore CWE-79	6.1
2017-03-17	CVE-2017-3874	Cross-site Scripting vulnerability in Cisco Unified Communications Manager 11.5(1.11007.2) A vulnerability in the web framework of Cisco Unified Communications Manager (CallManager) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack. network low complexity cisco CWE-79	5.4
2017-03-17	CVE-2017-3872	Cross-site Scripting vulnerability in Cisco Unified Communications Manager A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of an affected device. network low complexity cisco CWE-79	6.1
2017-03-17	CVE-2017-3868	Cross-site Scripting vulnerability in Cisco Unified Computing System Director 6.0(0.0) A vulnerability in the web-based management interface of Cisco UCS Director could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. network low complexity cisco CWE-79	6.1
2017-03-17	CVE-2017-3866	Cross-site Scripting vulnerability in Cisco Prime Service Catalog 11.1.2/11.1Base A vulnerability in the web framework code of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. network low complexity cisco CWE-79	6.1
2017-03-17	CVE-2015-3883	Cross-site Scripting vulnerability in Qdpm 8.3 Multiple cross-site scripting (XSS) vulnerabilities in qdPM 8.3 allow remote attackers to inject arbitrary web script or HTML via the (1) search[keywords] parameter to index.php/users page; the (2) "Name of application" on index.php/configuration; (3) a new project name on index.php/projects; (4) the task name on index.php/tasks; (5) ticket name on index.php/tickets; (6) discussion name on index.php/discussions; (7) report name on index.php/projectReports; or (8) event name on index.php/scheduler/personal. network low complexity qdpm CWE-79	6.1
2017-03-17	CVE-2014-8707	Cross-site Scripting vulnerability in Pluck-Cms Pluck 4.7.2 Cross-site scripting (XSS) vulnerability in TinyMCE in Pluck CMS 4.7.2 allows remote authenticated users to inject arbitrary web script or HTML via the "edit HTML source" option. network low complexity pluck-cms CWE-79	5.4
2017-03-17	CVE-2014-8703	Cross-site Scripting vulnerability in Wondercms 2014 Cross-site scripting (XSS) vulnerability in Wonder CMS 2014 allows remote attackers to inject arbitrary web script or HTML. network low complexity wondercms CWE-79	6.1
2017-03-17	CVE-2017-6958	Cross-site Scripting vulnerability in Mantisbt Source Integration An XSS vulnerability in the MantisBT Source Integration Plugin (before 2.0.2) search result page allows an attacker to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by crafting any valid parameter. network low complexity mantisbt CWE-79	6.1
2017-03-17	CVE-2017-0110	Cross-site Scripting vulnerability in Microsoft Exchange Server 2013 Cross-site scripting (XSS) vulnerability in Microsoft Exchange Outlook Web Access (OWA) allows remote attackers to inject arbitrary web script or HTML via a crafted email or chat client, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." network low complexity microsoft CWE-79	6.1