Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2017-02-22 CVE-2017-3838 Cross-site Scripting vulnerability in Cisco Secure Access Control System 5.8(2.5)
A vulnerability in Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to conduct a DOM-based cross-site scripting (XSS) attack against the user of the web interface of the affected system.
network
low complexity
cisco CWE-79
6.1
6.1
2017-02-22 CVE-2017-3833 Cross-site Scripting vulnerability in Cisco Unified Communications Manager 12.0(0.99999.2)
A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected software.
network
low complexity
cisco CWE-79
6.1
6.1
2017-02-22 CVE-2017-3829 Cross-site Scripting vulnerability in Cisco Unified Communications Manager 11.0(1.10000.10)/11.5(1.10000.6)
A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.
network
low complexity
cisco CWE-79
6.1
6.1
2017-02-22 CVE-2017-3828 Cross-site Scripting vulnerability in Cisco Unified Communications Manager 11.0(1.10000.10)/11.5(1.10000.6)
A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.
network
low complexity
cisco CWE-79
6.1
6.1
2017-02-22 CVE-2017-3821 Cross-site Scripting vulnerability in Cisco Unified Communications Manager 10.5(2.14076.1)
A vulnerability in the serviceability page of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct reflected cross-site scripting (XSS) attacks.
network
low complexity
cisco CWE-79
6.1
6.1
2017-02-21 CVE-2016-9316 Cross-site Scripting vulnerability in Trendmicro Interscan web Security Virtual Appliance
Multiple stored Cross-Site-Scripting (XSS) vulnerabilities in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allow authenticated, remote users with least privileges to inject arbitrary HTML/JavaScript code into web pages.
network
low complexity
trendmicro CWE-79
5.4
5.4
2017-02-20 CVE-2017-2361 Cross-site Scripting vulnerability in Apple mac OS X
An issue was discovered in certain Apple products.
network
low complexity
apple CWE-79
6.1
6.1
2017-02-20 CVE-2016-7762 Cross-site Scripting vulnerability in Apple Iphone OS
An issue was discovered in certain Apple products.
network
low complexity
apple CWE-79
6.1
6.1
2017-02-20 CVE-2016-7650 Cross-site Scripting vulnerability in Apple Iphone OS
An issue was discovered in certain Apple products.
network
high complexity
apple CWE-79
4.7
4.7
2017-02-17 CVE-2016-7111 Cross-site Scripting vulnerability in Mantisbt
MantisBT before 1.3.1 and 2.x before 2.0.0-beta.2 uses a weak Content Security Policy when using the Gravatar plugin, which allows remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.
network
high complexity
mantisbt CWE-79
4.7
4.7