Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2016-06-18 CVE-2016-1431 Cross-site Scripting vulnerability in Cisco Secure Firewall Management Center
Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCur25516.
network
low complexity
cisco CWE-79
6.1
2016-06-16 CVE-2016-4164 Cross-site Scripting vulnerability in Adobe Brackets 1.6
Cross-site scripting (XSS) vulnerability in Adobe Brackets before 1.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
adobe CWE-79
6.1
2016-06-16 CVE-2016-4159 Cross-site Scripting vulnerability in Adobe Coldfusion 10.0/11.0/2016
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 20, 11 before Update 9, and 2016 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
adobe CWE-79
6.1
2016-06-16 CVE-2016-3212 Cross-site Scripting vulnerability in Microsoft Internet Explorer 10/11/9
The XSS Filter in Microsoft Internet Explorer 9 through 11 does not properly identify JavaScript, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, aka "Internet Explorer XSS Filter Vulnerability."
network
low complexity
microsoft CWE-79
6.1
2016-06-13 CVE-2016-3670 Cross-site Scripting vulnerability in Liferay Portal
Cross-site scripting (XSS) vulnerability in users.jsp in the Profile Search functionality in Liferay before 7.0.0 CE RC1 allows remote attackers to inject arbitrary web script or HTML via the FirstName field.
network
low complexity
liferay CWE-79
6.1
2016-06-08 CVE-2016-4363 Cross-site Scripting vulnerability in HP Insight Control Server Deployment
HPE Insight Control server deployment allows remote attackers to modify data via unspecified vectors.
network
low complexity
hp CWE-79
6.1
2016-06-08 CVE-2016-2078 Cross-site Scripting vulnerability in VMWare Vcenter Server
Cross-site scripting (XSS) vulnerability in the Web Client in VMware vCenter Server 5.1 before update 3d, 5.5 before update 3d, and 6.0 before update 2 on Windows allows remote attackers to inject arbitrary web script or HTML via the flashvars parameter.
network
low complexity
vmware CWE-79
6.1
2016-06-05 CVE-2016-1230 Cross-site Scripting vulnerability in NTT Webarena Service Formmail 2.2.0
Cross-site scripting (XSS) vulnerability in NTT PC Communications WebARENA Service formmail before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
ntt CWE-79
6.1
2016-06-05 CVE-2016-1229 Cross-site Scripting vulnerability in Humhub 0.20.0/0.20.1/1.0.0
Cross-site scripting (XSS) vulnerability in HumHub 0.20.0-beta.1 through 0.20.1 and 1.0.0-beta before 1.0.0-beta.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
humhub CWE-79
5.4
2016-06-05 CVE-2016-1222 Cross-site Scripting vulnerability in Kobe-Beauty PHP-Contact-Form
Cross-site scripting (XSS) vulnerability in Kobe Beauty php-contact-form before 2016-05-18 allows remote attackers to inject arbitrary web script or HTML via a crafted URI.
network
low complexity
kobe-beauty CWE-79
6.1