Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-12-29 | CVE-2016-7463 | Cross-site Scripting vulnerability in VMWare Esxi 5.5/6.0 Cross-site scripting (XSS) vulnerability in the Host Client in VMware vSphere Hypervisor (aka ESXi) 5.5 and 6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted VM. | 5.4 |
| 2016-12-25 | CVE-2016-9681 | Cross-site Scripting vulnerability in S9Y Serendipity Multiple cross-site scripting (XSS) vulnerabilities in Serendipity before 2.0.5 allow remote authenticated users to inject arbitrary web script or HTML via a category or directory name. | 5.4 |
| 2016-12-24 | CVE-2016-10006 | Cross-site Scripting vulnerability in Antisamy Project Antisamy In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input (a tag that supports style with active content), you could bypass the library protections and supply executable code. | 6.1 |
| 2016-12-23 | CVE-2016-9889 | Cross-site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware Some forms with the parameter geo_zoomlevel_to_found_location in Tiki Wiki CMS 12.x before 12.10 LTS, 15.x before 15.3 LTS, and 16.x before 16.1 don't have the input sanitized, related to tiki-setup.php and article_image.php. | 6.1 |
| 2016-12-20 | CVE-2016-9757 | Cross-site Scripting vulnerability in Rapid7 Nexpose 6.4.12 In the Create Tags page of the Rapid7 Nexpose version 6.4.12 user interface, any authenticated user who has the capability to create tags can inject cross-site scripting (XSS) elements in the tag name field. | 5.4 |
| 2016-12-20 | CVE-2016-5303 | Cross-site Scripting vulnerability in Horde Groupware 5.2.15 Cross-site scripting (XSS) vulnerability in the Horde Text Filter API in Horde Groupware and Horde Groupware Webmail Edition before 5.2.16 allows remote attackers to inject arbitrary web script or HTML via crafted data:text/html content in a form (1) action or (2) xlink attribute. | 6.1 |
| 2016-12-20 | CVE-2016-4552 | Cross-site Scripting vulnerability in Roundcube Webmail 1.2 Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the href attribute in an area tag in an e-mail message. | 6.1 |
| 2016-12-20 | CVE-2016-7282 | Cross-site Scripting vulnerability in Microsoft Edge and Internet Explorer Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Browser Information Disclosure Vulnerability." | 6.1 |
| 2016-12-20 | CVE-2016-7280 | Cross-site Scripting vulnerability in Microsoft Edge Cross-site scripting (XSS) vulnerability in Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Edge Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7206. | 6.1 |
| 2016-12-20 | CVE-2016-7206 | Cross-site Scripting vulnerability in Microsoft Edge Cross-site scripting (XSS) vulnerability in Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Edge Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7280. | 6.1 |