Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-27 | CVE-2017-15936 | Cross-site Scripting vulnerability in Artica Pandora FMS 7.0 In Artica Pandora FMS version 7.0, an Attacker with write Permission can create an agent with an XSS Payload; when a user enters the agent definitions page, the script will get executed. | 5.4 |
| 2017-10-27 | CVE-2017-15934 | Cross-site Scripting vulnerability in Artica Pandora FMS 7.0 Artica Pandora FMS version 7.0 is vulnerable to stored Cross-Site Scripting in the map name parameter. | 5.4 |
| 2017-10-27 | CVE-2017-7733 | Cross-site Scripting vulnerability in Fortinet Fortios A Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 and 5.6.0 allows a remote unauthenticated attacker to execute arbitrary javascript code via webUI "Login Disclaimer" redir parameter. | 6.1 |
| 2017-10-27 | CVE-2017-5085 | Cross-site Scripting vulnerability in Google Chrome 58.0.3029 Inappropriate implementation in Bookmarks in Google Chrome prior to 59 for iOS allowed a remote attacker who convinced the user to perform certain operations to run JavaScript on chrome:// pages via a crafted bookmark. | 6.1 |
| 2017-10-27 | CVE-2017-5069 | Cross-site Scripting vulnerability in multiple products Incorrect MIME type of XSS-Protection reports in Blink in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to circumvent Cross-Origin Resource Sharing checks via a crafted HTML page. | 6.1 |
| 2017-10-26 | CVE-2017-1521 | Cross-site Scripting vulnerability in IBM Bigfix Platform 9.2/9.5 IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and Applications (IBM BigFix Platform 9.2 and 9.5) is vulnerable to cross-site scripting. | 6.1 |
| 2017-10-26 | CVE-2012-4378 | Cross-site Scripting vulnerability in Mediawiki Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.18.5 and 1.19.x before 1.19.2, when unspecified JavaScript gadgets are used, allow remote attackers to inject arbitrary web script or HTML via the userlang parameter to w/index.php. | 6.1 |
| 2017-10-26 | CVE-2012-4377 | Cross-site Scripting vulnerability in Mediawiki Cross-site scripting (XSS) vulnerability in MediaWiki before 1.18.5 and 1.19.x before 1.19.2 allows remote attackers to inject arbitrary web script or HTML via a File: link to a nonexistent image. | 6.1 |
| 2017-10-26 | CVE-2017-15911 | Cross-site Scripting vulnerability in Igniterealtime Openfire The Admin Console in Ignite Realtime Openfire Server before 4.1.7 allows arbitrary client-side JavaScript code execution on victims who click a crafted setup/setup-host-settings.jsp?domain= link, aka XSS. | 4.8 |
| 2017-10-26 | CVE-2017-12158 | Cross-site Scripting vulnerability in multiple products It was found that Keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. | 5.4 |