Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2016-09-26 CVE-2016-6913 Cross-site Scripting vulnerability in Alienvault products
Cross-site scripting (XSS) vulnerability in AlienVault OSSIM before 5.3 and USM before 5.3 allows remote attackers to inject arbitrary web script or HTML via the back parameter to ossim/conf/reload.php.
network
low complexity
alienvault CWE-79
5.4
5.4
2016-09-26 CVE-2016-6840 Cross-site Scripting vulnerability in Huawei Oceanstor ISM V200R001C01/V200R001C02/V200R001C03
Cross-site scripting (XSS) vulnerability in the management interface in Huawei OceanStor ISM before V200R001C04SPC200 allows remote attackers to inject arbitrary web script or HTML via the loginName parameter to cgi-bin/doLogin_CgiEntry and possibly other unspecified vectors.
network
low complexity
huawei CWE-79
6.1
6.1
2016-09-26 CVE-2016-5395 Cross-site Scripting vulnerability in Apache Ranger
Cross-site scripting (XSS) vulnerability in the create user functionality in the policy admin tool in Apache Ranger before 0.6.1 allows remote authenticated administrators to inject arbitrary web script or HTML via vectors related to policies.
network
low complexity
apache CWE-79
4.8
4.8
2016-09-26 CVE-2016-5978 Cross-site Scripting vulnerability in IBM Tealeaf Customer Experience
Cross-site scripting (XSS) vulnerability in the Web UI in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerability than CVE-2016-5975.
network
low complexity
ibm CWE-79
5.4
5.4
2016-09-26 CVE-2016-5975 Cross-site Scripting vulnerability in IBM Tealeaf Customer Experience
Cross-site scripting (XSS) vulnerability in the Web UI in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerability than CVE-2016-5978.
network
low complexity
ibm CWE-79
5.4
5.4
2016-09-26 CVE-2016-5974 Cross-site Scripting vulnerability in IBM Security Privileged Identity Manager Virtual Appliance 2.0/2.0.2
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string.
network
low complexity
ibm CWE-79
5.4
5.4
2016-09-26 CVE-2016-5944 Cross-site Scripting vulnerability in IBM products
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string.
network
low complexity
ibm CWE-79
5.4
5.4
2016-09-26 CVE-2016-3006 Cross-site Scripting vulnerability in IBM Connections
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerability than CVE-2016-3001 and CVE-2016-3003.
network
low complexity
ibm CWE-79
5.4
5.4
2016-09-26 CVE-2016-3003 Cross-site Scripting vulnerability in IBM Connections
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerability than CVE-2016-3001 and CVE-2016-3006.
network
low complexity
ibm CWE-79
5.4
5.4
2016-09-26 CVE-2016-3001 Cross-site Scripting vulnerability in IBM Connections
Cross-site scripting (XSS) vulnerability in the Web UI in IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerability than CVE-2016-3003 and CVE-2016-3006.
network
low complexity
ibm CWE-79
5.4
5.4