Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2017-10-11 CVE-2017-15214 Cross-site Scripting vulnerability in Flyspray 1.0
Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users (including unauthenticated users), via the name, title, or id parameter to plugins/dokuwiki/lib/plugins/changelinks/syntax.php.
network
low complexity
flyspray CWE-79
5.4
5.4
2017-10-11 CVE-2017-15213 Cross-site Scripting vulnerability in Flyspray 1.0
Stored XSS vulnerability in Flyspray before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges, via the real_name or email_address field to themes/CleanFS/templates/common.editallusers.tpl.
network
low complexity
flyspray CWE-79
5.4
5.4
2017-10-11 CVE-2017-15194 Cross-site Scripting vulnerability in Cacti 1.1.25
include/global_session.php in Cacti 1.1.25 has XSS related to (1) the URI or (2) the refresh page.
network
low complexity
cacti CWE-79
6.1
6.1
2017-10-11 CVE-2017-15188 Cross-site Scripting vulnerability in Eyesofnetwork 5.10
A persistent (stored) XSS vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the hosts array parameter to module/admin_device/index.php.
network
low complexity
eyesofnetwork CWE-79
4.8
4.8
2017-10-10 CVE-2017-15219 Cross-site Scripting vulnerability in Dotcms 4.1.1
The dotCMS 4.1.1 application is vulnerable to Stored Cross-Site Scripting (XSS) affecting a vanity-urls Title field, a containers Description field, and a templates Description field.
network
low complexity
dotcms CWE-79
5.4
5.4
2017-10-10 CVE-2017-1503 Cross-site Scripting vulnerability in IBM Websphere Application Server
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to HTTP response splitting attacks.
network
low complexity
ibm CWE-79
6.1
6.1
2017-10-10 CVE-2016-10513 Cross-site Scripting vulnerability in Piwigo
Cross Site Scripting (XSS) exists in Piwigo before 2.8.3 via a crafted search expression to include/functions_search.inc.php.
network
low complexity
piwigo CWE-79
6.1
6.1
2017-10-10 CVE-2017-15216 Cross-site Scripting vulnerability in Misp-Project Misp
MISP before 2.4.81 has a potential reflected XSS in a quickDelete action that is used to delete a sighting, related to app/View/Sightings/ajax/quickDeleteConfirmationForm.ctp and app/webroot/js/misp.js.
network
low complexity
misp-project CWE-79
6.1
6.1
2017-10-10 CVE-2015-6521 Cross-site Scripting vulnerability in Atutor 2.2
Multiple cross-site scripting (XSS) vulnerabilities in ATutor LMS version 2.2.
network
low complexity
atutor CWE-79
5.4
5.4
2017-10-09 CVE-2017-14973 Cross-site Scripting vulnerability in Identicard Two-Reader Controller Configuration Manager 1.18.8(396)
IDenticard Two-Reader Controller Configuration Manager 1.18.8 (396) is vulnerable to Stored Cross-Site Scripting (XSS) via the notes field in /~user_handler?file=logged_in.shtm (aka the edit user page).
network
low complexity
identicard CWE-79
5.4
5.4