Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-31 | CVE-2017-3933 | Cross-site Scripting vulnerability in Mcafee Network Data Loss Prevention Embedding Script (XSS) in HTTP Headers vulnerability in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view confidential information via a cross site request forgery attack. | 5.4 |
| 2017-10-31 | CVE-2017-14373 | Cross-site Scripting vulnerability in EMC RSA Authentication Manager EMC RSA Authentication Manager 8.2 SP1 P4 and earlier contains a reflected cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. | 6.1 |
| 2017-10-31 | CVE-2016-10699 | Cross-site Scripting vulnerability in Dlink Dsl-2740E Firmware 1.00Bg20150720 D-Link DSL-2740E 1.00_BG_20150720 devices are prone to persistent XSS attacks in the username and password fields: a remote unauthenticated user may craft logins and passwords with script tags in them. | 6.1 |
| 2017-10-30 | CVE-2017-16230 | Cross-site Scripting vulnerability in Typecho In admin/write-post.php in Typecho through 1.1, one can log in to the background page, write a new article, and add payload in the article content, resulting in XSS via index.php/action/contents-post-edit. | 5.4 |
| 2017-10-30 | CVE-2012-5636 | Cross-site Scripting vulnerability in Apache Wicket Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.22, 1.5.x before 1.5.10, and 6.x before 6.4.0 might allow remote attackers to inject arbitrary web script or HTML via vectors related to <script> tags in a rendered response. | 6.1 |
| 2017-10-30 | CVE-2017-15888 | Cross-site Scripting vulnerability in Synology Audio Station Cross-site scripting (XSS) vulnerability in Custom Internet Radio List in Synology Audio Station before 6.3.0-3260 allows remote authenticated attackers to inject arbitrary web script or HTML via the NAME parameter. | 5.4 |
| 2017-10-30 | CVE-2009-1198 | Cross-site Scripting vulnerability in Apache Juddi Cross-site scripting (XSS) vulnerability in Apache jUDDI before 2.0 allows remote attackers to inject arbitrary web script or HTML via the dsname parameter to happyjuddi.jsp. | 6.1 |
| 2017-10-30 | CVE-2017-12460 | Cross-site Scripting vulnerability in Barco products An issue was discovered in Barco ClickShare CSM-1 firmware before v1.7.0.3 and CSC-1 firmware before v1.10.0.10. | 5.4 |
| 2017-10-28 | CVE-2017-15948 | Cross-site Scripting vulnerability in Edgeofmyseat Perch 3.0.3 Perch Content Management System 3.0.3 allows unrestricted file upload (with resultant XSS) via the Asset Title field in conjunction with the Select File field. | 4.8 |
| 2017-10-28 | CVE-2017-15947 | Cross-site Scripting vulnerability in Aspsource Simple ASC Content Management System 1.2 Simple ASC Content Management System v1.2 has XSS in the location field in the sign function, related to guestbook.asp, formgb.asp, and msggb.asp. | 5.4 |