Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-22 | CVE-2017-14716 | Cross-site Scripting vulnerability in Telaxius Epesi In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Title parameter. | 5.4 |
| 2017-09-22 | CVE-2017-14715 | Cross-site Scripting vulnerability in Telaxius Epesi In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Alerts Title parameter. | 5.4 |
| 2017-09-22 | CVE-2017-14714 | Cross-site Scripting vulnerability in Telaxius Epesi In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Subject parameter. | 5.4 |
| 2017-09-22 | CVE-2017-14713 | Cross-site Scripting vulnerability in Telaxius Epesi In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Description parameter. | 5.4 |
| 2017-09-22 | CVE-2017-14712 | Cross-site Scripting vulnerability in Telaxius Epesi In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Phonecall Notes Title parameter. | 5.4 |
| 2017-09-21 | CVE-2017-14651 | Cross-site Scripting vulnerability in Wso2 products WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter. | 4.8 |
| 2017-09-21 | CVE-2017-14321 | Cross-site Scripting vulnerability in Mirasvit Helpdesk MX 1.5.2 Multiple cross-site scripting (XSS) vulnerabilities in the administrative interface in Mirasvit Helpdesk MX before 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) customer name or (2) subject in a ticket. | 5.4 |
| 2017-09-21 | CVE-2015-4706 | Cross-site Scripting vulnerability in Ipython 3.0.0/3.1.0 Cross-site scripting (XSS) vulnerability in IPython 3.x before 3.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving JSON error messages and the /api/contents path. | 6.1 |
| 2017-09-21 | CVE-2015-3296 | Cross-site Scripting vulnerability in Nodebb Multiple cross-site scripting (XSS) vulnerabilities in NodeBB before 0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript: or (2) data: URLs. | 6.1 |
| 2017-09-21 | CVE-2017-12254 | Cross-site Scripting vulnerability in Cisco Unified Intelligence Center 11.5(1) A vulnerability in the web interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to perform a Document Object Model (DOM)-based cross-site scripting attack. | 6.1 |