Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-26 | CVE-2017-7732 | Cross-site Scripting vulnerability in Fortinet Fortimail A reflected Cross-Site Scripting (XSS) vulnerability in Fortinet FortiMail 5.1 and earlier, 5.2.0 through 5.2.9, and 5.3.0 through 5.3.9 customized pre-authentication webmail login page allows attacker to inject arbitrary web script or HTML via crafted HTTP requests. | 6.1 |
| 2017-10-26 | CVE-2017-7335 | Cross-site Scripting vulnerability in Fortinet Fortiwlc A Cross-Site Scripting (XSS) vulnerability in Fortinet FortiWLC 6.1-x (6.1-2, 6.1-4 and 6.1-5); 7.0-x (7.0-7, 7.0-8, 7.0-9, 7.0-10); and 8.x (8.0, 8.1, 8.2 and 8.3.0-8.3.2) allows an authenticated user to inject arbitrary web script or HTML via non-sanitized parameters "refresh" and "branchtotable" present in HTTP POST requests. | 5.4 |
| 2017-10-25 | CVE-2017-1363 | Cross-site Scripting vulnerability in IBM Rational Collaborative Lifecycle Management IBM Team Concert (RTC) is vulnerable to cross-site scripting. | 5.4 |
| 2017-10-25 | CVE-2017-1169 | Cross-site Scripting vulnerability in IBM Rational Collaborative Lifecycle Management IBM DOORS next Generation (DNG/RRC) is vulnerable to cross-site scripting. | 5.4 |
| 2017-10-25 | CVE-2017-1164 | Cross-site Scripting vulnerability in IBM Rational Collaborative Lifecycle Management IBM Jazz Foundation is vulnerable to cross-site scripting. | 5.4 |
| 2017-10-25 | CVE-2017-15885 | Cross-site Scripting vulnerability in Axis 2100 Network Camera Firmware 2.03 Reflected XSS in the web administration portal on the Axis 2100 Network Camera 2.03 allows an attacker to execute arbitrary JavaScript via the conf_Layout_OwnTitle parameter to view/view.shtml. | 6.1 |
| 2017-10-24 | CVE-2017-15881 | Cross-site Scripting vulnerability in Keystonejs Keystone Cross-Site Scripting vulnerability in KeystoneJS before 4.0.0-beta.7 allows remote authenticated administrators to inject arbitrary web script or HTML via the "content brief" or "content extended" field, a different vulnerability than CVE-2017-15878. | 4.8 |
| 2017-10-24 | CVE-2017-15878 | Cross-site Scripting vulnerability in Keystonejs Keystone A cross-site scripting (XSS) vulnerability exists in fields/types/markdown/MarkdownType.js in KeystoneJS before 4.0.0-beta.7 via the Contact Us feature. | 6.1 |
| 2017-10-24 | CVE-2017-1209 | Cross-site Scripting vulnerability in IBM Daeja Viewone IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 is vulnerable to cross-site scripting. | 5.4 |
| 2017-10-24 | CVE-2016-3049 | Cross-site Scripting vulnerability in IBM Openpages GRC Platform 7.1/7.2/7.3 IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to HTML injection. | 5.4 |