Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-17 | CVE-2017-15538 | Cross-site Scripting vulnerability in Ilias Stored XSS vulnerability in the Media Objects component of ILIAS before 5.1.21 and 5.2.x before 5.2.9 allows an authenticated user to inject JavaScript to gain administrator privileges, related to the setParameter function in Services/MediaObjects/classes/class.ilMediaItem.php. | 5.4 |
| 2017-10-17 | CVE-2014-9677 | Cross-site Scripting vulnerability in Flowpaper Flexpaper Cross-site scripting (XSS) vulnerability in FlexPaperViewer.swf in Flexpaper before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the Swfile parameter. | 6.1 |
| 2017-10-16 | CVE-2014-0208 | Cross-site Scripting vulnerability in Theforeman Foreman Cross-site scripting (XSS) vulnerability in the search auto-completion functionality in Foreman before 1.4.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted key name. | 5.4 |
| 2017-10-16 | CVE-2017-15384 | Cross-site Scripting vulnerability in PHPjabbers Rate ME 1.0 rate-me.php in Rate Me 1.0 has XSS via the id field in a rate action. | 6.1 |
| 2017-10-16 | CVE-2017-15294 | Cross-site Scripting vulnerability in SAP Customer Relationship Management The Java administration console in SAP CRM has XSS. | 6.1 |
| 2017-10-16 | CVE-2014-8087 | Cross-site Scripting vulnerability in Post Highlights Projects Post Highlights Cross-site scripting (XSS) vulnerability in the post highlights plugin before 2.6.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the txt parameter in a headline action to ajax/ph_save.php. | 6.1 |
| 2017-10-16 | CVE-2014-0029 | Cross-site Scripting vulnerability in Redhat Subscription Asset Manager 1.0.0 Multiple cross-site scripting (XSS) vulnerabilities in the SAM web application in Red Hat katello-headpin allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. | 6.1 |
| 2017-10-16 | CVE-2017-15375 | Cross-site Scripting vulnerability in Wpjobboard 4.5.1 Multiple client-side cross site scripting vulnerabilities have been discovered in the WpJobBoard v4.5.1 web-application for WordPress. | 6.1 |
| 2017-10-16 | CVE-2017-15374 | Cross-site Scripting vulnerability in Shopware Shopware v5.2.5 - v5.3 is vulnerable to cross site scripting in the customer and order section of the content management system backend modules. | 6.1 |
| 2017-10-16 | CVE-2017-15362 | Cross-site Scripting vulnerability in Osticket 1.10.1 osTicket 1.10.1 allows arbitrary client-side JavaScript code execution on victims who click a crafted support/scp/tickets.php?status= link, aka XSS. | 6.1 |