Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-27 | CVE-2017-1593 | Cross-site Scripting vulnerability in IBM Rational Doors Next Generation IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. | 5.4 |
| 2017-11-27 | CVE-2017-1560 | Cross-site Scripting vulnerability in IBM Rational Doors Next Generation IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. | 5.4 |
| 2017-11-27 | CVE-2017-1461 | Cross-site Scripting vulnerability in IBM Rational Doors Next Generation IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. | 5.4 |
| 2017-11-27 | CVE-2017-15051 | Cross-site Scripting vulnerability in Teampass Multiple stored cross-site scripting (XSS) vulnerabilities in TeamPass before 2.1.27.9 allow authenticated remote attackers to inject arbitrary web script or HTML via the (1) URL value of an item or (2) user log history. | 5.4 |
| 2017-11-27 | CVE-2017-8044 | Cross-site Scripting vulnerability in VMWare Single Sign-On for Pivotal Cloud Foundry In Pivotal Single Sign-On for PCF (1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3), certain pages allow code to be injected into the DOM environment through query parameters, leading to XSS attacks. | 6.1 |
| 2017-11-27 | CVE-2017-16962 | Cross-site Scripting vulnerability in Communigate PRO The WebMail components (Crystal, pronto, and pronto4) in CommuniGate Pro before 6.2.1 have stored XSS vulnerabilities via (1) the location or details field of a Google Calendar invitation, (2) a crafted Outlook.com calendar (aka Hotmail Calendar) invitation, (3) e-mail granting access to a directory that has JavaScript in its name, (4) JavaScript in a note name, (5) JavaScript in a task name, or (6) HTML e-mail that is mishandled in the Inbox component. | 6.1 |
| 2017-11-27 | CVE-2017-16956 | Cross-site Scripting vulnerability in Symphony Project Symphony 2.2.0 b3log Symphony (aka Sym) 2.2.0 allows an XSS attack by sending a private letter with a certain /article URI, and a second private letter with a modified title. | 6.1 |
| 2017-11-22 | CVE-2017-8178 | Cross-site Scripting vulnerability in Huawei Vicky-Al00 Firmware Huawei Email APP Vicky-AL00 smartphones with software of earlier than VKY-AL00C00B171 versions has a stored cross-site scripting vulnerability. | 5.4 |
| 2017-11-22 | CVE-2017-8139 | Cross-site Scripting vulnerability in Huawei Hedex Lite HedEx Earlier than V200R006C00 versions have the stored cross-site scripting (XSS) vulnerability. | 6.1 |
| 2017-11-22 | CVE-2017-8127 | Cross-site Scripting vulnerability in Huawei UMA V200R001 The UMA product with software V200R001 has a cross-site scripting (XSS) vulnerability due to insufficient input validation. | 6.1 |