Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-18 | CVE-2017-12630 | Cross-site Scripting vulnerability in Apache Drill In Apache Drill 1.11.0 and earlier when submitting form from Query page users are able to pass arbitrary script or HTML which will take effect on Profile page afterwards. | 5.4 |
| 2017-12-18 | CVE-2017-17737 | Cross-site Scripting vulnerability in Brightsign 4K242 Firmware 6.2.63 The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has XSS via the REF parameter to /network_diagnostics.html or /storage_info.html. | 6.1 |
| 2017-12-17 | CVE-2017-16950 | Cross-site Scripting vulnerability in Urbackup Server Cross - site scripting (XSS) vulnerability in UrBackup Server before 2.1.20 allows remote attackers to inject arbitrary web script or HTML via the action parameter. | 6.1 |
| 2017-12-16 | CVE-2017-17714 | Cross-site Scripting vulnerability in Boxug Trape Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, the /register lat parameter, the /register lon parameter, the /register org parameter, the /register query parameter, the /register region parameter, the /register regionName parameter, the /register timezone parameter, the /register vId parameter, the /register zip parameter, or the /tping id parameter. | 6.1 |
| 2017-12-16 | CVE-2017-14134 | Cross-site Scripting vulnerability in Maplesoft Maple T.A. 2016.0.6 A Reflected XSS Vulnerability affects the forgotten password page of Maplesoft Maple T.A. | 6.1 |
| 2017-12-16 | CVE-2017-14093 | Cross-site Scripting vulnerability in Trendmicro Scanmail 12.0 The Log Query and Quarantine Query pages in Trend Micro ScanMail for Exchange 12.0 are vulnerable to cross site scripting (XSS) attacks. | 6.1 |
| 2017-12-15 | CVE-2017-17698 | Cross-site Scripting vulnerability in Zohocorp Manageengine Password Manager PRO Zoho ManageEngine Password Manager Pro 9 before 9.4 (9400) has reflected XSS in SearchResult.ec and BulkAccessControlView.ec. | 6.1 |
| 2017-12-15 | CVE-2017-15890 | Cross-site Scripting vulnerability in Synology Mailplus Server Cross-site scripting (XSS) vulnerability in Disclaimer in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary web script or HTML via the NAME parameter. | 4.8 |
| 2017-12-15 | CVE-2017-17694 | Cross-site Scripting vulnerability in Techno - Portfolio Management Panel Project Techno - Portfolio Management Panel 1.0/20171116 Techno - Portfolio Management Panel through 2017-11-16 allows XSS via the panel/search.php s parameter. | 5.4 |
| 2017-12-13 | CVE-2017-1546 | Cross-site Scripting vulnerability in IBM products IBM DOORS Next Generation (DNG/RRC) 4.07, 5.0, and 6.0 is vulnerable to cross-site scripting. | 5.4 |