Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE	CVE	VULNERABILITY TITLE	RISK
2017-03-17	CVE-2017-0107	Cross-site Scripting vulnerability in Microsoft Sharepoint Foundation 2013 Microsoft SharePoint Server fails to sanitize crafted web requests, allowing remote attackers to run cross-script in local security context, aka "Microsoft SharePoint XSS Vulnerability." network low complexity microsoft CWE-79	6.1
2017-03-17	CVE-2017-0055	Cross-site Scripting vulnerability in Microsoft products Microsoft Internet Information Server (IIS) in Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to perform cross-site scripting and run script with local user privileges via a crafted request, aka "Microsoft IIS Server XSS Elevation of Privilege Vulnerability." network low complexity microsoft CWE-79	6.1
2017-03-17	CVE-2017-0017	Cross-site Scripting vulnerability in Microsoft Edge The RegEx class in the XSS filter in Microsoft Edge allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive information via unspecified vectors, aka "Microsoft Edge Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0009, CVE-2017-0011, CVE-2017-0065, and CVE-2017-0068. network low complexity microsoft CWE-79	6.1
2017-03-16	CVE-2016-0770	Cross-site Scripting vulnerability in Zahmit Design Connections Business Directory Plugin 8.5.8 Cross-site scripting (XSS) vulnerability in includes/admin/pages/manage.php in the Connections Business Directory plugin before 8.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s variable. network low complexity zahmit-design CWE-79	6.1
2017-03-16	CVE-2017-6061	Cross-site Scripting vulnerability in SAP Businessobjects Financial Consolidation 10.0.0.1933 Cross-site scripting (XSS) vulnerability in the help component of SAP BusinessObjects Financial Consolidation 10.0.0.1933 allows remote attackers to inject arbitrary web script or HTML via a GET request. network low complexity sap CWE-79	4.7
2017-03-15	CVE-2016-7103	Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function. network low complexity jqueryui oracle fedoraproject netapp redhat juniper debian CWE-79	6.1
2017-03-15	CVE-2017-6443	Cross-site Scripting vulnerability in Epson Tmnet Webconfig 1.00 Cross-site scripting (XSS) vulnerability in EPSON TMNet WebConfig 1.00 allows remote attackers to inject arbitrary web script or HTML via the W_AD1 parameter to Forms/oadmin_1. network low complexity epson CWE-79	6.1
2017-03-15	CVE-2017-5938	Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the nav_path function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the nav_data name. network low complexity debian opensuse-project opensuse viewvc CWE-79	6.1
2017-03-15	CVE-2017-5584	Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os Cross-site scripting (XSS) vulnerability in the Management Web Interface in Palo Alto Networks PAN-OS 5.1, 6.x before 6.1.16, 7.0.x before 7.0.13, and 7.1.x before 7.1.8 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. network low complexity paloaltonetworks CWE-79	5.4
2017-03-15	CVE-2017-6909	Cross-site Scripting vulnerability in Shishnet Shimmie An issue was discovered in Shimmie <= 2.5.1. network low complexity shishnet CWE-79	6.1