Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2016-09-25 CVE-2016-4618 Cross-site Scripting vulnerability in Apple Iphone OS and Safari
Cross-site scripting (XSS) vulnerability in Safari Reader in Apple iOS before 10 and Safari before 10 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)."
network
low complexity
apple CWE-79
6.1
6.1
2016-09-21 CVE-2016-4969 Cross-site Scripting vulnerability in Fortinet Fortiwan
Cross-site scripting (XSS) vulnerability in Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote attackers to inject arbitrary web script or HTML via the IP parameter to script/statistics/getconn.php.
network
low complexity
fortinet CWE-79
6.1
6.1
2016-09-21 CVE-2016-0925 Cross-site Scripting vulnerability in EMC RSA Adaptive Authentication On-Premise 7.2
Cross-site scripting (XSS) vulnerability in the Case Management application in EMC RSA Adaptive Authentication (On-Premise) before 6.0.2.1.SP3.P4 HF210, 7.0.x and 7.1.x before 7.1.0.0.SP0.P6 HF50, and 7.2.x before 7.2.0.0.SP0.P0 HF20 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
emc CWE-79
5.4
5.4
2016-09-18 CVE-2016-6404 Cross-site Scripting vulnerability in Cisco IOS 15.5(2)T
Cross-site scripting (XSS) vulnerability in the web framework in Cisco IOx Local Manager in IOS 15.5(2)T and IOS XE allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy19854.
network
low complexity
cisco CWE-79
6.1
6.1
2016-09-18 CVE-2016-6643 Cross-site Scripting vulnerability in EMC Vipr SRM 3.6.0/3.6.4/3.7.1
Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
emc CWE-79
6.1
6.1
2016-09-18 CVE-2016-6641 Cross-site Scripting vulnerability in EMC Vipr SRM 3.6.0/3.6.4/3.7.1
Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
emc CWE-79
7.6
7.6
2016-09-18 CVE-2016-0927 Cross-site Scripting vulnerability in Pivotal Software Cloud Foundry Elastic Runtime
Cross-site scripting (XSS) vulnerability in Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
pivotal-software CWE-79
6.1
6.1
2016-09-18 CVE-2016-0926 Cross-site Scripting vulnerability in Pivotal Software Cloud Foundry Elastic Runtime
Cross-site scripting (XSS) vulnerability in Apps Manager in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.32 and 1.7.x before 1.7.8 allows remote attackers to inject arbitrary web script or HTML via unspecified input that improperly interacts with the AngularJS framework.
network
low complexity
pivotal-software CWE-79
6.1
6.1
2016-09-17 CVE-2016-7419 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in share.js in the gallery application in ownCloud Server before 9.0.4 and Nextcloud Server before 9.0.52 allows remote authenticated users to inject arbitrary web script or HTML via a crafted directory name.
network
low complexity
nextcloud owncloud CWE-79
5.4
5.4
2016-09-14 CVE-2016-3379 Cross-site Scripting vulnerability in Microsoft Exchange Server 2016
Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2016 Cumulative Update 1 and 2 allows remote attackers to inject arbitrary web script or HTML via a meeting-invitation request, aka "Microsoft Exchange Elevation of Privilege Vulnerability."
network
low complexity
microsoft CWE-79
6.1
6.1