Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2016-10-06 CVE-2016-6027 Cross-site Scripting vulnerability in IBM Sterling Secure Proxy 3.4.2.0/3.4.3.0
The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 before 3.4.2.0 iFix 8 and 3.4.3 before 3.4.3.0 iFix 1 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information or modify data by leveraging use of HTTP.
network
low complexity
ibm CWE-79
6.1
6.1
2016-10-05 CVE-2016-6418 Cross-site Scripting vulnerability in Cisco Videoscape Distribution Suite Service Manager
Cross-site scripting (XSS) vulnerability in Cisco Videoscape Distribution Suite Service Manager (VDS-SM) 3.0 through 3.4.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCva14552.
network
low complexity
cisco CWE-79
6.1
6.1
2016-10-05 CVE-2016-5901 Cross-site Scripting vulnerability in IBM Business Process Manager
Cross-site scripting (XSS) vulnerability in a test page in IBM Business Process Manager Advanced 8.5.6.0 through 8.5.7.0 before cumulative fix 2016.09 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
ibm CWE-79
5.4
5.4
2016-10-05 CVE-2016-5892 Cross-site Scripting vulnerability in IBM products
Cross-site scripting (XSS) vulnerability in IBM 10x, as used in Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications before 1.0.0.5_2, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
ibm CWE-79
5.4
5.4
2016-10-03 CVE-2016-7571 Cross-site Scripting vulnerability in Drupal
Cross-site scripting (XSS) vulnerability in Drupal 8.x before 8.1.10 allows remote attackers to inject arbitrary web script or HTML via vectors involving an HTTP exception.
network
low complexity
drupal CWE-79
6.1
6.1
2016-10-03 CVE-2016-5398 Cross-site Scripting vulnerability in Redhat Jboss BPM Suite
Cross-site scripting (XSS) vulnerability in Business Process Editor in Red Hat JBoss BPM Suite before 6.3.3 allows remote authenticated users to inject arbitrary web script or HTML by levering permission to create business processes.
network
low complexity
redhat CWE-79
5.4
5.4
2016-10-01 CVE-2016-3042 Cross-site Scripting vulnerability in IBM Websphere Application Server
Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving OpenID Connect clients.
network
low complexity
ibm CWE-79
5.4
5.4
2016-09-30 CVE-2016-6647 Cross-site Scripting vulnerability in EMC Vipr SRM
Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
emc CWE-79
5.4
5.4
2016-09-29 CVE-2016-5061 Cross-site Scripting vulnerability in Aternity 9.0
Multiple cross-site scripting (XSS) vulnerabilities in the web server in Aternity before 9.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTPAgent, (2) MacAgent, (3) getExternalURL, or (4) retrieveTrustedUrl page.
network
low complexity
aternity CWE-79
6.1
6.1
2016-09-27 CVE-2016-4058 Cross-site Scripting vulnerability in Huawei Policy Center V100R003C00/V100R003C10
Cross-site scripting (XSS) vulnerability in Huawei Policy Center before V100R003C10SPC020 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to "special characters on pages."
network
low complexity
huawei CWE-79
5.4
5.4