Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-17 | CVE-2017-13700 | Cross-site Scripting vulnerability in Moxa Eds-G512E Firmware 5.1 An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. | 4.8 |
| 2017-11-17 | CVE-2017-16819 | Cross-site Scripting vulnerability in Icontime Rtc-1000 Firmware 2.5.7458 A stored cross-site scripting vulnerability in the Icon Time Systems RTC-1000 v2.5.7458 and earlier time clock allows remote attackers to inject arbitrary JavaScript in the nameFirst (aka First Name) field for the employee details page (/employee.html) that is then reflected in multiple pages where that field data is utilized, resulting in session hijacking and possible elevation of privileges. | 5.4 |
| 2017-11-17 | CVE-2017-4929 | Cross-site Scripting vulnerability in VMWare NSX Edge VMware NSX Edge (6.2.x before 6.2.9 and 6.3.x before 6.3.5) contains a moderate Cross-Site Scripting (XSS) issue which may lead to information disclosure. | 6.1 |
| 2017-11-17 | CVE-2017-10886 | Cross-site Scripting vulnerability in Cs-Cart and Cs-Cart Multivendor Cross-site scripting vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2017-11-17 | CVE-2017-1000225 | Cross-site Scripting vulnerability in Relevanssi 1.14.8 Reflected XSS in Relevanssi Premium version 1.14.8 when using relevanssi_didyoumean() could allow unauthenticated attacker to do almost anything an admin can | 6.1 |
| 2017-11-17 | CVE-2017-1000223 | Cross-site Scripting vulnerability in Modx Revolution A stored web content injection vulnerability (WCI, a.k.a XSS) is present in MODX Revolution CMS version 2.5.6 and earlier. | 5.4 |
| 2017-11-17 | CVE-2017-1000164 | Cross-site Scripting vulnerability in Tine20 Tine 2.0 2017.02.4 Tine 2.0 version 2017.02.4 is vulnerable to XSS in the Addressbook resulting code execution and privilege escalation | 5.4 |
| 2017-11-17 | CVE-2017-1000160 | Cross-site Scripting vulnerability in Expressionengine 3.4.2 EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection | 5.4 |
| 2017-11-17 | CVE-2017-1000236 | Cross-site Scripting vulnerability in I-Librarian I Librarian I, Librarian version <=4.6 & 4.7 is vulnerable to Reflected Cross-Site Scripting in the temp.php resulting in an attacker being able to inject malicious client side scripting which will be executed in the browser of users if they visit the manipulated site. | 6.1 |
| 2017-11-17 | CVE-2017-1000240 | Cross-site Scripting vulnerability in Open-Emr Openemr The application OpenEMR is affected by multiple reflected & stored Cross-Site Scripting (XSS) vulnerabilities affecting version 5.0.0 and prior versions. | 5.4 |