Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2016-10-10 CVE-2016-1000129 Cross-site Scripting vulnerability in Defa-Online-Image-Protector Project Defa-Online-Image-Protector 3.3
Reflected XSS in wordpress plugin defa-online-image-protector v3.3
6.1
2016-10-10 CVE-2016-1000128 Cross-site Scripting vulnerability in Anti-Plagiarism Project Anti-Plagiarism 3.60
Reflected XSS in wordpress plugin anti-plagiarism v3.60
network
low complexity
anti-plagiarism-project CWE-79
6.1
2016-10-10 CVE-2016-1000127 Cross-site Scripting vulnerability in Ajax-Random-Post Project Ajax-Random-Post
Reflected XSS in wordpress plugin ajax-random-post v2.00
network
low complexity
ajax-random-post-project CWE-79
6.1
2016-10-10 CVE-2016-1000126 Cross-site Scripting vulnerability in Admin-Font-Editor Project Admin-Font-Editor 1.8
Reflected XSS in wordpress plugin admin-font-editor v1.8
network
low complexity
admin-font-editor-project CWE-79
6.1
2016-10-07 CVE-2016-1000007 Cross-site Scripting vulnerability in Redhat Pagure 2.2.1
Pagure 2.2.1 XSS in raw file endpoint
network
low complexity
redhat CWE-79
6.1
2016-10-07 CVE-2015-7363 Cross-site Scripting vulnerability in Fortinet Fortianalyzer Firmware and Fortimanager Firmware
Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x before 5.0.13 and 5.2.x before 5.2.3 allows remote administrators to inject arbitrary web script or HTML via vectors related to report filters.
network
low complexity
fortinet CWE-79
5.4
2016-10-06 CVE-2016-1000114 Cross-site Scripting vulnerability in Huge-It Gallery 1.1.5
XSS in huge IT gallery v1.1.5 for Joomla
network
low complexity
huge-it CWE-79
6.1
2016-10-06 CVE-2015-1000004 Cross-site Scripting vulnerability in Filedownload Project Filedownload 1.4
XSS in filedownload v1.4 wordpress plugin
network
low complexity
filedownload-project CWE-79
6.1
2016-10-06 CVE-2016-6436 Cross-site Scripting vulnerability in Cisco Hostscan Engine
Cross-site scripting (XSS) vulnerability in HostScan Engine 3.0.08062 through 3.1.14018 in the Cisco Host Scan package, as used in ASA Web VPN, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz14682.
network
low complexity
cisco CWE-79
6.1
2016-10-06 CVE-2016-6425 Cross-site Scripting vulnerability in Cisco products
Cross-site scripting (XSS) vulnerability in Cisco Unified Intelligence Center (CUIC) 8.5.4 through 9.1(1), as used in Unified Contact Center Express 10.0(1) through 11.0(1), allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCuy75020 and CSCuy81652.
network
low complexity
cisco CWE-79
6.1