Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-01 | CVE-2017-12066 | Cross-site Scripting vulnerability in Cacti Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti before 1.1.16 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable. | 5.4 |
| 2017-07-31 | CVE-2017-11727 | Cross-site Scripting vulnerability in Connectwise Manage 2017.5 services/system_io/actionprocessor/Contact.rails in ConnectWise Manage 2017.5 allows arbitrary client-side JavaScript code execution (involving a ContactCommon field) on victims who click on a crafted link, aka XSS. | 6.1 |
| 2017-07-31 | CVE-2017-1496 | Cross-site Scripting vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 5.2.x is vulnerable to cross-site scripting. | 5.4 |
| 2017-07-31 | CVE-2017-1332 | Cross-site Scripting vulnerability in IBM Inotes IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. | 6.1 |
| 2017-07-31 | CVE-2017-1303 | Cross-site Scripting vulnerability in IBM Websphere Portal IBM WebSphere Portal and Web Content Manager 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. | 6.1 |
| 2017-07-31 | CVE-2016-9718 | Cross-site Scripting vulnerability in IBM Infosphere Master Data Management Server IBM InfoSphere Master Data Management Server 10.1. | 5.4 |
| 2017-07-31 | CVE-2016-9715 | Cross-site Scripting vulnerability in IBM Infosphere Master Data Management Server IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scripting. | 5.4 |
| 2017-07-30 | CVE-2017-11744 | Cross-site Scripting vulnerability in Modx Revolution 2.5.7 In MODX Revolution 2.5.7, the "key" and "name" parameters in the System Settings module are vulnerable to XSS. | 6.1 |
| 2017-07-29 | CVE-2017-11737 | Cross-site Scripting vulnerability in Rspamd Project Rspamd interface/js/app/history.js in WebUI in Rspamd before 1.6.3 allows XSS via the Subject and Message-Id headers, which are mishandled in the history page. | 6.1 |
| 2017-07-28 | CVE-2017-11716 | Cross-site Scripting vulnerability in Metinfo Project Metinfo MetInfo through 5.3.17 allows stored XSS via HTML Edit Mode. | 6.1 |