Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-03 | CVE-2017-1364 | Cross-site Scripting vulnerability in IBM Rational Engineering Lifecycle Manager IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. | 5.4 |
| 2017-10-03 | CVE-2017-1359 | Cross-site Scripting vulnerability in IBM Rational Engineering Lifecycle Manager IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. | 5.4 |
| 2017-10-03 | CVE-2017-1345 | Cross-site Scripting vulnerability in IBM Insights Foundation for Energy 2.0 IBM Insights Foundation for Energy 2.0 is vulnerable to cross-site scripting. | 5.4 |
| 2017-10-03 | CVE-2017-1335 | Cross-site Scripting vulnerability in IBM Rational Engineering Lifecycle Manager IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. | 5.4 |
| 2017-10-03 | CVE-2017-1334 | Cross-site Scripting vulnerability in IBM Rational Engineering Lifecycle Manager IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. | 5.4 |
| 2017-10-03 | CVE-2017-1324 | Cross-site Scripting vulnerability in IBM Rational Engineering Lifecycle Manager IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. | 5.4 |
| 2017-10-03 | CVE-2017-12792 | Cross-site Scripting vulnerability in Nexusphp Project Nexusphp 1.5 Multiple cross-site request forgery (CSRF) vulnerabilities in NexusPHP 1.5 allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) linkname, (2) url, or (3) title parameter in an add action to linksmanage.php. | 6.1 |
| 2017-10-03 | CVE-2015-7980 | Cross-site Scripting vulnerability in Compass Rose Project Compass Rose 6.X1.0 Cross-site scripting (XSS) vulnerability in the Compass Rose module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "embedding a JavaScript library from an external source that was not reliable." | 6.1 |
| 2017-10-03 | CVE-2015-7357 | Cross-site Scripting vulnerability in Udesign Project Udesign Cross-site scripting (XSS) vulnerability in the uDesign (aka U-Design) theme 2.3.0 before 2.7.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via a fragment identifier, as demonstrated by #<svg onload=alert(1)>. | 6.1 |
| 2017-10-02 | CVE-2017-14957 | Cross-site Scripting vulnerability in Blogotext Project Blogotext Stored XSS vulnerability via a comment in inc/conv.php in BlogoText before 3.7.6 allows an unauthenticated attacker to inject JavaScript. | 6.1 |