Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-12-18 | CVE-2016-5191 | Cross-site Scripting vulnerability in Google Chrome Bookmark handling in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation of supplied data, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML pages, as demonstrated by an interpretation conflict between userinfo and scheme in an http://javascript:[email protected] URL. | 6.1 |
| 2016-12-18 | CVE-2016-5181 | Cross-site Scripting vulnerability in Google Chrome Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted execution of v8 microtasks while the DOM was in an inconsistent state, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML pages. | 6.1 |
| 2016-12-17 | CVE-2016-9998 | Cross-site Scripting vulnerability in Spip SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/info_plugin.php involving the `$plugin` parameter, as demonstrated by a /ecrire/?exec=info_plugin URL. | 6.1 |
| 2016-12-17 | CVE-2016-9997 | Cross-site Scripting vulnerability in Spip SPIP 3.1.x suffers from a Reflected Cross Site Scripting Vulnerability in /ecrire/exec/puce_statut.php involving the `$id` parameter, as demonstrated by a /ecrire/?exec=puce_statut URL. | 6.1 |
| 2016-12-15 | CVE-2016-7891 | Cross-site Scripting vulnerability in Adobe Robohelp Adobe RoboHelp version 2015.0.3 and earlier, RoboHelp 11 and earlier have an input validation issue that could be used in cross-site scripting attacks. | 6.1 |
| 2016-12-15 | CVE-2016-7884 | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.1 and earlier have an input validation issue in the DAM create assets that could be used in cross-site scripting attacks. | 6.1 |
| 2016-12-15 | CVE-2016-7883 | Cross-site Scripting vulnerability in Adobe Experience Manager 6.2.0 Adobe Experience Manager version 6.2 has an input validation issue in create Launch wizard that could be used in cross-site scripting attacks. | 6.1 |
| 2016-12-15 | CVE-2016-7882 | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.2 and earlier have an input validation issue in the WCMDebug filter that could be used in cross-site scripting attacks. | 6.1 |
| 2016-12-15 | CVE-2016-6934 | Cross-site Scripting vulnerability in Adobe Experience Manager Forms and Livecycle Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the PMAdmin module that could be used in cross-site scripting attacks. | 6.1 |
| 2016-12-15 | CVE-2016-6933 | Cross-site Scripting vulnerability in Adobe Experience Manager and Livecycle Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the AACComponent that could be used in cross-site scripting attacks. | 6.1 |