Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2016-09-01 CVE-2016-0370 Cross-site Scripting vulnerability in IBM Forms Experience Builder
Cross-site scripting (XSS) vulnerability in IBM Forms Experience Builder 8.5.x and 8.6.x before 8.6.3 allows remote authenticated users to inject arbitrary web script or HTML via crafted input to an application that was built with this product.
network
low complexity
ibm CWE-79
2.7
2016-09-01 CVE-2016-0293 Cross-site Scripting vulnerability in IBM Bigfix Platform
Cross-site scripting (XSS) vulnerability in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.1.8 and 9.2.x before 9.2.8 allows remote attackers to inject arbitrary web script or HTML via a modified .beswrpt file.
network
low complexity
ibm CWE-79
6.1
2016-08-31 CVE-2016-7119 Cross-site Scripting vulnerability in Dotnetnuke
Cross-site scripting (XSS) vulnerability in the user-profile biography section in DotNetNuke (DNN) before 8.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted onclick attribute in an IMG element.
network
low complexity
dotnetnuke CWE-79
5.4
2016-08-29 CVE-2016-5721 Cross-site Scripting vulnerability in Zimbra Collaboration Server
Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
zimbra CWE-79
6.1
2016-08-26 CVE-2015-5399 Cross-site Scripting vulnerability in PHPvibe 4.20
Cross-site scripting (XSS) vulnerability in PHPVibe before 4.21 allows remote authenticated users to inject arbitrary web script or HTML via a comment.
network
low complexity
phpvibe CWE-79
5.4
2016-08-26 CVE-2016-5663 Cross-site Scripting vulnerability in Accellion Kiteworks Appliance Kw2016.03.00
Multiple cross-site scripting (XSS) vulnerabilities in oauth_callback.php on Accellion Kiteworks appliances before kw2016.03.00 allow remote attackers to inject arbitrary web script or HTML via the (1) code, (2) error, or (3) error_description parameter.
network
low complexity
accellion CWE-79
6.1
2016-08-23 CVE-2016-6365 Cross-site Scripting vulnerability in Cisco Secure Firewall Management Center
Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.0.2, 5.3.1, and 5.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCur25508 and CSCur25518.
network
low complexity
cisco CWE-79
6.1
2016-08-22 CVE-2016-6359 Cross-site Scripting vulnerability in Cisco Transport Gateway Installation Software 4.1(4.0)
Cross-site scripting (XSS) vulnerability in Cisco Transport Gateway Installation Software 4.1(4.0) on Smart Call Home Transport Gateway devices allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug IDs CSCva40650 and CSCva40817.
network
low complexity
cisco CWE-79
6.1
2016-08-22 CVE-2016-1485 Cross-site Scripting vulnerability in Cisco Identity Services Engine Software 1.3(0.876)
Cross-site scripting (XSS) vulnerability in Cisco Identity Services Engine 1.3(0.876) allows remote attackers to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCva46497.
network
low complexity
cisco CWE-79
6.1
2016-08-22 CVE-2016-1476 Cross-site Scripting vulnerability in Cisco IP Phone 8800 Series Firmware 11.0Base
Cross-site scripting (XSS) vulnerability on Cisco IP Phone 8800 devices with software 11.0 allows remote authenticated users to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCuz03024.
network
low complexity
cisco CWE-79
5.4