Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-07 | CVE-2016-7136 | Cross-site Scripting vulnerability in Plone z3c.form in Plone CMS 5.x through 5.0.6 and 4.x through 4.3.11 allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted GET request. | 6.1 |
| 2017-03-07 | CVE-2016-4948 | Cross-site Scripting vulnerability in Cloudera Manager Multiple cross-site scripting (XSS) vulnerabilities in Cloudera Manager 5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Template Name field when renaming a template; (2) KDC Server host, (3) Kerberos Security Realm, (4) Kerberos Encryption Types, (5) Advanced Configuration Snippet (Safety Valve) for [libdefaults] section of krb5.conf, (6) Advanced Configuration Snippet (Safety Valve) for the Default Realm in krb5.conf, (7) Advanced Configuration Snippet (Safety Valve) for remaining krb5.conf, or (8) Active Directory Account Prefix fields in the Kerberos wizard; or (9) classicWizard parameter to cmf/cloudera-director/redirect. | 6.1 |
| 2017-03-07 | CVE-2016-4946 | Cross-site Scripting vulnerability in Cloudera HUE 3.9.0 Multiple cross-site scripting (XSS) vulnerabilities in Cloudera HUE 3.9.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) First name or (2) Last name field in the HUE Users page. | 6.1 |
| 2017-03-07 | CVE-2016-9148 | Cross-site Scripting vulnerability in CA Service Desk Manager 12.9/14.1 Cross-site scripting (XSS) vulnerability in CA Service Desk Manager (formerly CA Service Desk) 12.9 and 14.1 allows remote attackers to inject arbitrary web script or HTML via the QBE.EQ.REF_NUM parameter. | 6.1 |
| 2017-03-06 | CVE-2017-5197 | Cross-site Scripting vulnerability in Silverstripe There is XSS in SilverStripe CMS before 3.4.4 and 3.5.x before 3.5.2. | 6.1 |
| 2017-03-06 | CVE-2017-6503 | Cross-site Scripting vulnerability in Qbittorrent WebUI in qBittorrent before 3.3.11 did not escape many values, which could potentially lead to XSS. | 6.1 |
| 2017-03-05 | CVE-2017-6446 | Cross-site Scripting vulnerability in Dotclear 2.11.2 XSS was discovered in Dotclear v2.11.2, affecting admin/blogs.php and admin/users.php with the sortby and order parameters. | 6.1 |
| 2017-03-05 | CVE-2017-6491 | Cross-site Scripting vulnerability in Epesi 1.8.1.1 Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. | 6.1 |
| 2017-03-05 | CVE-2017-6490 | Cross-site Scripting vulnerability in Epesi 1.8.1.1 Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. | 6.1 |
| 2017-03-05 | CVE-2017-6489 | Cross-site Scripting vulnerability in Epesi 1.8.1.1 Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI 1.8.1.1. | 6.1 |