Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2017-11-01 CVE-2017-1554 Cross-site Scripting vulnerability in IBM Infosphere Biginsights 4.2.0/4.2.5
IBM Infosphere BigInsights 4.2.0 and 4.2.5 could allow a remote attacker to hijack the clicking action of the victim.
network
low complexity
ibm CWE-79
5.4
5.4
2017-11-01 CVE-2017-1553 Cross-site Scripting vulnerability in IBM Infosphere Biginsights 4.2.0/4.2.5
IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2017-11-01 CVE-2017-1552 Cross-site Scripting vulnerability in IBM Infosphere Biginsights 4.2.0/4.2.5
IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to link injection.
network
low complexity
ibm CWE-79
5.4
5.4
2017-11-01 CVE-2017-1290 Cross-site Scripting vulnerability in IBM Openpages GRC Platform
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2017-11-01 CVE-2017-1147 Cross-site Scripting vulnerability in IBM Openpages GRC Platform
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2017-11-01 CVE-2016-3048 Cross-site Scripting vulnerability in IBM Openpages GRC Platform
IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2017-11-01 CVE-2017-1001001 Cross-site Scripting vulnerability in Pluxml 5.6
PluXml version 5.6 is vulnerable to stored cross-site scripting vulnerability, within the article creation page, which can result in escalation of privileges.
network
low complexity
pluxml CWE-79
5.4
5.4
2017-10-31 CVE-2017-15273 Cross-site Scripting vulnerability in Mahara
Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as titles in internal artefacts.
network
low complexity
mahara CWE-79
5.4
5.4
2017-10-31 CVE-2017-14752 Cross-site Scripting vulnerability in Mahara
Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as their first name, last name, or display name in the profile fields that can cause issues such as escalation of privileges or unknown execution of malicious code when replying to messages in Mahara.
network
low complexity
mahara CWE-79
5.4
5.4
2017-10-31 CVE-2017-14357 Cross-site Scripting vulnerability in HP products
A Reflected and Stored Cross-Site Scripting (XSS) vulnerability in HP ArcSight ESM and HP ArcSight ESM Express, in any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1.
network
low complexity
hp CWE-79
6.1
6.1