Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-30 | CVE-2017-14923 | Cross-site Scripting vulnerability in Tine20 Tine 2.0 2017.08.3 Stored XSS vulnerability via IMG element at "Leadname" of CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users. | 5.4 |
| 2017-09-30 | CVE-2017-14922 | Cross-site Scripting vulnerability in Tine20 Tine 2.0 2017.08.3 Stored XSS vulnerability via IMG element at "History" of Profile, Calendar, Tasks, and CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users. | 5.4 |
| 2017-09-30 | CVE-2017-14921 | Cross-site Scripting vulnerability in Tine20 Tine 2.0 2017.08.3 Stored XSS vulnerability via IMG element at "Filename" of Filemanager in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users. | 5.4 |
| 2017-09-30 | CVE-2017-14920 | Cross-site Scripting vulnerability in Egroupware Stored XSS vulnerability in eGroupware Community Edition before 16.1.20170922 allows an unauthenticated remote attacker to inject JavaScript via the User-Agent HTTP header, which is mishandled during rendering by the application administrator. | 6.1 |
| 2017-09-30 | CVE-2017-14620 | Cross-site Scripting vulnerability in Smartertools Smarterstats 11.3.6347 SmarterStats Version 11.3.6347 will Render the Referer Field of HTTP Logfiles from URL /Data/Reports/ReferringURLsWithQueries resulting in Stored Cross Site Scripting. | 6.1 |
| 2017-09-30 | CVE-2017-14352 | Cross-site Scripting vulnerability in HP Ucmdb Configuration Manager A potential security vulnerability has been identified in HP UCMDB Configuration Manager versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.23. | 6.1 |
| 2017-09-30 | CVE-2017-13986 | Cross-site Scripting vulnerability in HP products A reflected Cross-Site Scripting(XSS) vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows for unintended information when a specific URL is sent to the system. | 6.1 |
| 2017-09-29 | CVE-2017-7554 | Cross-site Scripting vulnerability in Redhat Mobile Application Platform 4.4 It was found that the App Studio component of RHMAP 4.4 executes javascript provided by a user. | 6.1 |
| 2017-09-29 | CVE-2017-11479 | Cross-site Scripting vulnerability in multiple products Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) vulnerability in Timelion that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. | 6.1 |
| 2017-09-29 | CVE-2017-10701 | Cross-site Scripting vulnerability in SAP Enterprise Portal Cross site scripting (XSS) vulnerability in SAP Enterprise Portal 7.50 allows remote attackers to inject arbitrary web script or HTML, aka SAP Security Notes 2469860, 2471209, and 2488516. | 6.1 |