Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2017-01-28 CVE-2017-5608 Cross-site Scripting vulnerability in Piwigo
Cross-site scripting (XSS) vulnerability in the image upload function in Piwigo before 2.8.6 allows remote attackers to inject arbitrary web script or HTML via a crafted image filename.
network
low complexity
piwigo CWE-79
6.1
6.1
2017-01-27 CVE-2017-3300 Cross-site Scripting vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.54/8.55
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Multichannel Framework).
network
low complexity
oracle CWE-79
6.1
6.1
2017-01-27 CVE-2017-5599 Cross-site Scripting vulnerability in Eclinicalworks Patient Portal 7.0
An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13.
network
low complexity
eclinicalworks CWE-79
6.1
6.1
2017-01-26 CVE-2017-3802 Cross-site Scripting vulnerability in Cisco Unified Communications Manager 12.0(0.99000.9)
A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system.
network
low complexity
cisco CWE-79
6.1
6.1
2017-01-26 CVE-2017-3798 Cross-site Scripting vulnerability in Cisco Unified Communications Manager 11.5(1.12000.1)
A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to mount XSS attacks against a user of an affected device.
network
low complexity
cisco CWE-79
6.1
6.1
2017-01-26 CVE-2016-9222 Cross-site Scripting vulnerability in Cisco Netflow Generation Appliance 1.0(2)
A vulnerability in the web-based management interface of Cisco NetFlow Generation Appliance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.
network
low complexity
cisco CWE-79
6.1
6.1
2017-01-25 CVE-2016-8215 Cross-site Scripting vulnerability in EMC RSA Security Analytics
EMC RSA Security Analytics 10.5.3 and 10.6.2 contains fixes for a Reflected Cross-Site Scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system.
network
low complexity
emc CWE-79
6.1
6.1
2017-01-24 CVE-2017-2929 Cross-site Scripting vulnerability in Adobe Acrobat 15.1.0.3
Adobe Acrobat Chrome extension version 15.1.0.3 and earlier have a DOM-based cross-site scripting vulnerability.
network
low complexity
adobe CWE-79
6.1
6.1
2017-01-23 CVE-2016-4056 Cross-site Scripting vulnerability in Typo3
Cross-site scripting (XSS) vulnerability in the Backend component in TYPO3 6.2.x before 6.2.19 allows remote attackers to inject arbitrary web script or HTML via the module parameter when creating a bookmark.
network
low complexity
typo3 CWE-79
6.1
6.1
2017-01-23 CVE-2016-0765 Cross-site Scripting vulnerability in Elfden Eshop Plugin 6.3.14
Multiple cross-site scripting (XSS) vulnerabilities in eshop-orders.php in the eShop plugin 6.3.14 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page or (2) action parameter.
network
low complexity
elfden CWE-79
6.1
6.1