Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-15 | CVE-2017-15360 | Cross-site Scripting vulnerability in Paessler Prtg Network Monitor 17.3.33.2830 PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored Cross-Site Scripting on all group names created, related to incorrect error handling for an HTML encoded script. | 5.4 |
| 2017-10-15 | CVE-2017-15305 | Cross-site Scripting vulnerability in Nexusphp Project Nexusphp 1.5 XSS exists in NexusPHP 1.5 via the keyword parameter to messages.php. | 6.1 |
| 2017-10-13 | CVE-2017-10612 | Cross-site Scripting vulnerability in Juniper Junos Space A persistent site scripting vulnerability in Juniper Networks Junos Space allows users who can change certain configuration to implant malicious Javascript or HTML which may be used to steal information or perform actions as other Junos Space users or administrators. | 8.0 |
| 2017-10-13 | CVE-2016-4923 | Cross-site Scripting vulnerability in Juniper Junos Insufficient cross site scripting protection in J-Web component in Juniper Networks Junos OS may potentially allow a remote unauthenticated user to inject web script or HTML and steal sensitive data and credentials from a J-Web session and to perform administrative actions on the Junos device. | 6.1 |
| 2017-10-13 | CVE-2017-11820 | Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server 2013/2016 Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (XSS) vulnerability by sending a specially crafted request to an affected SharePoint server, due to how SharePoint Server sanitizes web requests, aka "Microsoft Office SharePoint XSS Vulnerability". | 5.4 |
| 2017-10-13 | CVE-2017-11777 | Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server 2013/2016 Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (XSS) vulnerability by sending a specially crafted request to an affected SharePoint server, due to how SharePoint Server sanitizes web requests, aka "Microsoft Office SharePoint XSS Vulnerability". | 5.4 |
| 2017-10-13 | CVE-2017-11775 | Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server 2013/2016 Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (XSS) vulnerability by sending a specially crafted request to an affected SharePoint server, due to how SharePoint Server sanitizes web requests, aka "Microsoft Office SharePoint XSS Vulnerability". | 5.4 |
| 2017-10-12 | CVE-2017-15287 | Cross-site Scripting vulnerability in Bouqueteditor Project Bouqueteditor 2.0.0 There is XSS in the BouquetEditor WebPlugin for Dream Multimedia Dreambox devices, as demonstrated by the "Name des Bouquets" field, or the file parameter to the /file URI. | 6.1 |
| 2017-10-12 | CVE-2017-15284 | Cross-site Scripting vulnerability in Octobercms October 1.0.425 Cross-Site Scripting exists in OctoberCMS 1.0.425 (aka Build 425), allowing a least privileged user to upload an SVG file containing malicious code as the Avatar for the profile. | 5.4 |
| 2017-10-12 | CVE-2017-15279 | Cross-site Scripting vulnerability in Umbraco CMS Cross-site scripting (XSS) vulnerability in Umbraco CMS before 7.7.3 allows remote attackers to inject arbitrary web script or HTML via the "page name" (aka nodename) parameter during the creation of a new page, related to Umbraco.Web.UI/umbraco/dialogs/Publish.aspx.cs and Umbraco.Web/umbraco.presentation/umbraco/dialogs/notifications.aspx.cs. | 5.4 |