Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2017-09-19 CVE-2017-14142 Cross-site Scripting vulnerability in Kaltura Server
Multiple cross-site scripting (XSS) vulnerabilities in Kaltura before 13.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) partnerId or (2) playerVersion parameter to server/admin_console/web/tools/bigRedButton.php; the (3) partnerId, (4) playerVersion, (5) secret, (6) entryId, (7) adminUiConfId, or (8) uiConfId parameter to server/admin_console/web/tools/bigRedButtonPtsPoc.php; the (9) streamUsername, (10) streamPassword, (11) streamRemoteId, (12) streamRemoteBackupId, or (13) entryId parameter to server/admin_console/web/tools/AkamaiBroadcaster.php; the (14) entryId parameter to server/admin_console/web/tools/XmlJWPlayer.php; or the (15) partnerId or (16) playerVersion parameter to server/alpha/web/lib/bigRedButtonPtsPocHlsjs.php.
network
low complexity
kaltura CWE-79
6.1
6.1
2017-09-19 CVE-2015-3432 Cross-site Scripting vulnerability in Pydio
Multiple cross-site scripting (XSS) vulnerabilities in Pydio (formerly AjaXplorer) before 6.0.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Pydio XSS Vulnerabilities."
network
low complexity
pydio CWE-79
6.1
6.1
2017-09-19 CVE-2015-3299 Cross-site Scripting vulnerability in Floating Social BAR Project Floating Social BAR
Cross-site scripting (XSS) vulnerability in the Floating Social Bar plugin before 1.1.7 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to original service order.
network
low complexity
floating-social-bar-project CWE-79
6.1
6.1
2017-09-19 CVE-2015-1864 Cross-site Scripting vulnerability in Kallithea-Scm Kallithea 0.1/0.2
Multiple cross-site scripting (XSS) vulnerabilities in the administration pages in Kallithea before 0.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) first name or (2) last name user details, or the (3) repository, (4) repository group, or (5) user group description.
network
low complexity
kallithea-scm CWE-79
5.4
5.4
2017-09-19 CVE-2014-6191 Cross-site Scripting vulnerability in IBM Curam Social Program Management
Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0 SP2, 6.0.4, and 6.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
ibm CWE-79
5.4
5.4
2017-09-19 CVE-2017-14597 Cross-site Scripting vulnerability in Afterlogic Aurora and Webmail
AdminPanel in AfterLogic WebMail 7.7 and Aurora 7.7.5 has XSS via the txtDomainName field to adminpanel/modules/pro/inc/ajax.php during addition of a domain.
network
low complexity
afterlogic CWE-79
4.8
4.8
2017-09-18 CVE-2017-14534 Cross-site Scripting vulnerability in Nexusphp Project Nexusphp 1.5
Cross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via the PATH_INFO to location.php, related to PHP_SELF.
network
low complexity
nexusphp-project CWE-79
6.1
6.1
2017-09-18 CVE-2017-12156 Cross-site Scripting vulnerability in Moodle
Moodle 3.x has XSS in the contact form on the "non-respondents" page in non-anonymous feedback.
network
low complexity
moodle CWE-79
6.1
6.1
2017-09-17 CVE-2017-14510 Cross-site Scripting vulnerability in Sugarcrm
An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26).
network
low complexity
sugarcrm CWE-79
6.1
6.1
2017-09-15 CVE-2017-14498 Cross-site Scripting vulnerability in Silverstripe
SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/upload URI, aka issue SS-2017-017.
network
low complexity
silverstripe CWE-79
6.1
6.1