Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-13 | CVE-2017-16801 | Cross-site Scripting vulnerability in Octopus Deploy Cross-site scripting (XSS) vulnerability in Octopus Deploy 3.7.0-3.17.13 (fixed in 3.17.14) allows remote authenticated users to inject arbitrary web script or HTML via the Step Template Name parameter. | 5.4 |
| 2017-11-13 | CVE-2017-16792 | Cross-site Scripting vulnerability in Geminabox Project Geminabox Stored cross-site scripting (XSS) vulnerability in "geminabox" (Gem in a Box) before 0.13.10 allows attackers to inject arbitrary web script via the "homepage" value of a ".gemspec" file, related to views/gem.erb and views/index.erb. | 6.1 |
| 2017-11-13 | CVE-2017-13819 | Cross-site Scripting vulnerability in Apple mac OS X An issue was discovered in certain Apple products. | 6.1 |
| 2017-11-12 | CVE-2017-16799 | Cross-site Scripting vulnerability in Cmsmadesimple 2.2.3.1 In CMS Made Simple 2.2.3.1, in modules/New/action.addcategory.php, stored XSS is possible via the m1_name parameter to admin/moduleinterface.php during addition of a category, a related issue to CVE-2010-3882. | 5.4 |
| 2017-11-12 | CVE-2017-16798 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.3.1 In CMS Made Simple 2.2.3.1, the is_file_acceptable function in modules/FileManager/action.upload.php only blocks file extensions that begin or end with a "php" substring, which allows remote attackers to bypass intended access restrictions or trigger XSS via other extensions, as demonstrated by .phtml, .pht, .html, or .svg. | 5.4 |
| 2017-11-10 | CVE-2017-16785 | Cross-site Scripting vulnerability in Cacti 1.1.27 Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php. | 6.1 |
| 2017-11-10 | CVE-2017-16784 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.2 In CMS Made Simple 2.2.2, there is Reflected XSS via the cntnt01detailtemplate parameter. | 6.1 |
| 2017-11-10 | CVE-2017-16782 | Cross-site Scripting vulnerability in Home-Assistant In Home Assistant before 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text, aka XSS. | 6.1 |
| 2017-11-10 | CVE-2017-16781 | Cross-site Scripting vulnerability in Mybb The installer in MyBB before 1.8.13 has XSS. | 5.4 |
| 2017-11-10 | CVE-2017-16765 | Cross-site Scripting vulnerability in Dlink Dwr-933 Firmware 1.00(Ww)B17 XSS exists on D-Link DWR-933 1.00(WW)B17 devices via cgi-bin/gui.cgi. | 6.1 |