Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-21 | CVE-2017-7422 | Cross-site Scripting vulnerability in Microfocus Enterprise Developer and Enterprise Server Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in esfadmingui in Micro Focus Enterprise Developer and Enterprise Server 2.3, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and other security features, if this component is configured. | 5.4 |
| 2017-08-21 | CVE-2017-7421 | Cross-site Scripting vulnerability in Microfocus products Reflected and stored Cross-Site Scripting (XSS, CWE-79) vulnerabilities in Directory Server (aka Enterprise Server Administration web UI) and ESMAC (aka Enterprise Server Monitor and Control) in Micro Focus Enterprise Developer and Enterprise Server 2.3 and earlier, 2.3 Update 1 before Hotfix 8, and 2.3 Update 2 before Hotfix 9 allow remote authenticated attackers to bypass protection mechanisms (CWE-693) and other security features. | 6.1 |
| 2017-08-21 | CVE-2017-12984 | Cross-site Scripting vulnerability in PHPmywind 5.3 PHPMyWind 5.3 has XSS in shoppingcart.php, related to message.php, admin/message.php, and admin/message_update.php. | 6.1 |
| 2017-08-21 | CVE-2017-12980 | Cross-site Scripting vulnerability in Dokuwiki DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php. | 6.1 |
| 2017-08-21 | CVE-2017-12979 | Cross-site Scripting vulnerability in Dokuwiki DokuWiki through 2017-02-19c has stored XSS when rendering a malicious language name in a code element, in /inc/parser/xhtml.php. | 6.1 |
| 2017-08-21 | CVE-2017-12978 | Cross-site Scripting vulnerability in Cacti lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user. | 5.4 |
| 2017-08-18 | CVE-2017-12948 | Cross-site Scripting vulnerability in Pressforward Core\Admin\PFTemplater.php in the PressForward plugin 4.3.0 and earlier for WordPress has XSS in the PATH_INFO to wp-admin/admin.php, related to PHP_SELF. | 6.1 |
| 2017-08-18 | CVE-2017-12882 | Cross-site Scripting vulnerability in Spring Batch Admin Project Spring Batch Admin 1.0.0/1.2.0 Stored Cross-site scripting (XSS) vulnerability in Spring Batch Admin before 1.3.0 allows remote authenticated users to inject arbitrary JavaScript or HTML via the file upload functionality. | 5.4 |
| 2017-08-18 | CVE-2015-5057 | Cross-site Scripting vulnerability in Broken Link Checker Project Broken Link Checker Cross-site scripting (XSS) vulnerability exists in the Wordpress admin panel when the Broken Link Checker plugin before 1.10.9 is installed. | 6.1 |
| 2017-08-18 | CVE-2017-12591 | Cross-site Scripting vulnerability in Asus Dsl-N10S Firmware V2.1.16Apac ASUS DSL-N10S V2.1.16_APAC devices have reflected and stored cross site scripting, as demonstrated by the snmpSysName parameter. | 5.4 |