Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-10-29 | CVE-2016-5920 | Cross-site Scripting vulnerability in IBM Financial Transaction Manager Cross-site scripting (XSS) vulnerability in the Web UI in IBM Financial Transaction Manager (FTM) for ACH Services 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2016-10-28 | CVE-2016-4393 | Cross-site Scripting vulnerability in HP System Management Homepage HPE System Management Homepage before v7.6 allows "remote authenticated" attackers to obtain sensitive information via unspecified vectors, related to an "XSS" issue. | 5.4 |
| 2016-10-28 | CVE-2016-8583 | Cross-site Scripting vulnerability in Alienvault products Multiple GET parameters in the vulnerability scan scheduler of AlienVault OSSIM and USM before 5.3.2 are vulnerable to reflected XSS. | 6.1 |
| 2016-10-28 | CVE-2016-8581 | Cross-site Scripting vulnerability in Alienvault products A persistent XSS vulnerability exists in the User-Agent header of the login process of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to steal session IDs of logged in users when the current sessions are viewed by an administrator. | 6.1 |
| 2016-10-28 | CVE-2016-1423 | Cross-site Scripting vulnerability in Cisco Email Security Appliance A vulnerability in the display of email messages in the Messages in Quarantine (MIQ) view in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a user to click a malicious link in the MIQ view. | 6.1 |
| 2016-10-27 | CVE-2016-1000121 | Cross-site Scripting vulnerability in Huge-It Slider 1.0.9 XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension | 4.8 |
| 2016-10-27 | CVE-2016-1598 | Cross-site Scripting vulnerability in Novell products XSS in NetIQ IDM 4.5 Identity Applications before 4.5.4 allows attackers able to change their username to inject arbitrary HTML code into the Role Assignment administrator HTML pages. | 5.4 |
| 2016-10-27 | CVE-2016-1592 | Cross-site Scripting vulnerability in Netiq Identity Manager 4.5 XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the nrfEntitlementReport.do CGI. | 6.1 |
| 2016-10-27 | CVE-2015-0787 | Cross-site Scripting vulnerability in Netiq Identity Manager 4.5 XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the accessMgrDN value of the forgotUser.do CGI. | 6.1 |
| 2016-10-26 | CVE-2016-8506 | Cross-site Scripting vulnerability in Yandex Browser XSS in Yandex Browser Translator in Yandex browser for desktop for versions from 15.12 to 16.2 could be used by remote attacker for evaluation arbitrary javascript code. | 6.1 |