Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2017-09-25 CVE-2015-5282 Cross-site Scripting vulnerability in Theforeman Foreman
Cross-site scripting (XSS) vulnerability in Foreman 1.7.0 and after.
network
low complexity
theforeman CWE-79
6.1
6.1
2017-09-25 CVE-2017-9551 Cross-site Scripting vulnerability in Mahara
Mahara 15.04 before 15.04.14 and 16.04 before 16.04.8 and 16.10 before 16.10.5 and 17.04 before 17.04.3 are vulnerable to a user submitting potential dangerous payload, e.g.
network
low complexity
mahara CWE-79
6.1
6.1
2017-09-25 CVE-2017-1424 Cross-site Scripting vulnerability in IBM Business Process Manager 8.5.7.0
IBM Business Process Manager 8.5.7 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2017-09-25 CVE-2017-14506 Cross-site Scripting vulnerability in Geminabox Project Geminabox
geminabox (aka Gem in a Box) before 0.13.6 has XSS, as demonstrated by uploading a gem file that has a crafted gem.homepage value in its .gemspec file.
network
low complexity
geminabox-project CWE-79
5.4
5.4
2017-09-23 CVE-2017-14726 Cross-site Scripting vulnerability in Wordpress
Before version 4.8.2, WordPress was vulnerable to a cross-site scripting attack via shortcodes in the TinyMCE visual editor.
network
low complexity
wordpress CWE-79
6.1
6.1
2017-09-23 CVE-2017-14724 Cross-site Scripting vulnerability in Wordpress
Before version 4.8.2, WordPress was vulnerable to cross-site scripting in oEmbed discovery.
network
low complexity
wordpress CWE-79
6.1
6.1
2017-09-23 CVE-2017-14721 Cross-site Scripting vulnerability in Wordpress
Before version 4.8.2, WordPress allowed Cross-Site scripting in the plugin editor via a crafted plugin name.
network
low complexity
wordpress CWE-79
6.1
6.1
2017-09-23 CVE-2017-14720 Cross-site Scripting vulnerability in Wordpress
Before version 4.8.2, WordPress allowed a Cross-Site scripting attack in the template list view via a crafted template name.
network
low complexity
wordpress CWE-79
6.1
6.1
2017-09-23 CVE-2017-14718 Cross-site Scripting vulnerability in Wordpress
Before version 4.8.2, WordPress was susceptible to a Cross-Site Scripting attack in the link modal via a javascript: or data: URL.
network
low complexity
wordpress CWE-79
6.1
6.1
2017-09-22 CVE-2017-14717 Cross-site Scripting vulnerability in Telaxius Epesi
In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Description parameter.
network
low complexity
telaxius CWE-79
5.4
5.4