Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-15 | CVE-2017-8808 | Cross-site Scripting vulnerability in multiple products MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 has XSS when the $wgShowExceptionDetails setting is false and the browser sends non-standard URL escaping. | 6.1 |
| 2017-11-15 | CVE-2017-12738 | Cross-site Scripting vulnerability in Siemens Sm-2556 Firmware An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with the firmware variants ENOS00, ERAC00, ETA2, ETLS00, MODi00, and DNPi00. | 6.1 |
| 2017-11-15 | CVE-2017-16821 | Cross-site Scripting vulnerability in B3Log Symphony 2.2.0 b3log Symphony (aka Sym) 2.2.0 has XSS in processor/AdminProcessor.java in the admin console, as demonstrated by a crafted X-Forwarded-For HTTP header that is mishandled during display of a client IP address in /admin/user/userid. | 5.4 |
| 2017-11-14 | CVE-2017-9394 | Cross-site Scripting vulnerability in CA Identity Governance 12.6.0 A stored cross-site scripting vulnerability in CA Identity Governance 12.6 allows remote authenticated attackers to display HTML or execute script in the context of another user. | 5.4 |
| 2017-11-14 | CVE-2017-16815 | Cross-site Scripting vulnerability in Snapcreek Duplicator 1.2.28 installer.php in the Snap Creek Duplicator (WordPress Site Migration & Backup) plugin before 1.2.30 for WordPress has XSS because the values "url_new" (/wp-content/plugins/duplicator/installer/build/view.step4.php) and "logging" (wp-content/plugins/duplicator/installer/build/view.step2.php) are not filtered correctly. | 6.1 |
| 2017-11-14 | CVE-2017-9085 | Cross-site Scripting vulnerability in Kodak Insite Multiple cross-site scripting (XSS) vulnerabilities in Kodak InSite 6.5 to 8.0 allow remote attackers to inject arbitrary web script via the (1) "paramFile" parameter to /Site/Troubleshooting/DiagnosticReport.asp, or (2) "paramFile" parameter to /Site/Troubleshooting/SpeedTest.asp. | 6.1 |
| 2017-11-14 | CVE-2017-16810 | Cross-site Scripting vulnerability in Octopus Deploy Cross-site scripting (XSS) vulnerability in the All Variables tab in Octopus Deploy 3.4.0-3.13.6 (fixed in 3.13.7) allows remote attackers to inject arbitrary web script or HTML via the Variable Set Name parameter. | 5.4 |
| 2017-11-13 | CVE-2017-16807 | Cross-site Scripting vulnerability in Getkirby Panel A cross-site Scripting (XSS) vulnerability in Kirby Panel before 2.3.3, 2.4.x before 2.4.2, and 2.5.x before 2.5.7 exists when displaying a specially prepared SVG document that has been uploaded as a content file. | 5.4 |
| 2017-11-13 | CVE-2017-16802 | Cross-site Scripting vulnerability in Misp-Project Misp 2.4.82 In the sharingGroupPopulateOrganisations function in app/webroot/js/misp.js in MISP 2.4.82, there is XSS via a crafted organisation name that is manually added. | 5.4 |
| 2017-11-13 | CVE-2017-7739 | Cross-site Scripting vulnerability in Fortinet Fortios A reflected Cross-site Scripting (XSS) vulnerability in web proxy disclaimer response web pages in Fortinet FortiOS 5.6.0, 5.4.0 to 5.4.5, 5.2.0 to 5.2.11 allows an unauthenticated attacker to inject arbitrary web script or HTML in the context of the victim's browser via sending a maliciously crafted URL to the victim. | 6.1 |