Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-09 | CVE-2014-6393 | Cross-site Scripting vulnerability in Openjsf Express The Express web framework before 3.11 and 4.x before 4.5 for Node.js does not provide a charset field in HTTP Content-Type headers in 400 level responses, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via characters in a non-standard encoding. | 6.1 |
| 2017-08-09 | CVE-2014-5144 | Cross-site Scripting vulnerability in Telescopeapp Telescope 0.9.0 Cross-site scripting (XSS) vulnerability in Telescope before 0.9.3 allows remote authenticated users to inject arbitrary web script or HTML via crafted markdown. | 5.4 |
| 2017-08-08 | CVE-2017-8654 | Cross-site Scripting vulnerability in Microsoft Sharepoint Server 2010 Microsoft SharePoint Server 2010 Service Pack 2 allows a cross-site scripting (XSS) vulnerability when it does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability". | 5.4 |
| 2017-08-08 | CVE-2017-8642 | Cross-site Scripting vulnerability in Microsoft Edge Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to elevate privileges due to the way that Microsoft Edge validates JavaScript under specific conditions, aka "Microsoft Edge Elevation of Privilege Vulnerability". | 6.1 |
| 2017-08-08 | CVE-2017-12677 | Cross-site Scripting vulnerability in Identityserver Identityserver3 IdentityServer3 2.4.x, 2.5.x, and 2.6.x before 2.6.1 has XSS in an Angular expression on the authorize response page, which might allow remote attackers to obtain sensitive information about the IdentityServer authorization response. | 6.1 |
| 2017-08-07 | CVE-2017-12655 | Cross-site Scripting vulnerability in Nexusphp Project Nexusphp 1.5 Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the query parameter to log.php in a dailylog action. | 6.1 |
| 2017-08-07 | CVE-2016-3113 | Cross-site Scripting vulnerability in Redhat Ovirt-Engine Cross-site scripting (XSS) vulnerability in ovirt-engine allows remote attackers to inject arbitrary web script or HTML. | 6.1 |
| 2017-08-07 | CVE-2009-5145 | Cross-site Scripting vulnerability in Zope Cross-site scripting (XSS) vulnerability in ZMI pages that use the manage_tabs_message in Zope 2.11.4, 2.11.2, 2.10.9, 2.10.7, 2.10.6, 2.10.5, 2.10.4, 2.10.2, 2.10.1, 2.12. | 6.1 |
| 2017-08-07 | CVE-2017-12649 | Cross-site Scripting vulnerability in Liferay Portal 6.1.2/6.2.2/7.0 XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted title or summary that is mishandled in the Web Content Display. | 6.1 |
| 2017-08-07 | CVE-2017-12648 | Cross-site Scripting vulnerability in Liferay Portal 6.1.2/6.2.2/7.0 XSS exists in Liferay Portal before 7.0 CE GA4 via a bookmark URL. | 6.1 |