Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2016-04-12 CVE-2016-4003 Cross-site Scripting vulnerability in Apache Struts
Cross-site scripting (XSS) vulnerability in the URLDecoder function in JRE before 1.8, as used in Apache Struts 2.x before 2.3.28, when using a single byte page encoding, allows remote attackers to inject arbitrary web script or HTML via multi-byte characters in a url-encoded parameter.
network
low complexity
apache CWE-79
6.1
2016-04-12 CVE-2016-2162 Cross-site Scripting vulnerability in Apache Struts
Apache Struts 2.x before 2.3.25 does not sanitize text in the Locale object constructed by I18NInterceptor, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors involving language display.
network
low complexity
apache CWE-79
6.1
2016-04-12 CVE-2015-3268 Cross-site Scripting vulnerability in Apache Ofbiz
Cross-site scripting (XSS) vulnerability in the DisplayEntityField.getDescription method in ModelFormField.java in Apache OFBiz before 12.04.06 and 13.07.x before 13.07.03 allows remote attackers to inject arbitrary web script or HTML via the description attribute of a display-entity element.
network
low complexity
apache CWE-79
6.1
2016-04-11 CVE-2015-8398 Cross-site Scripting vulnerability in Atlassian Confluence
Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.8.17 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to rest/prototype/1/session/check.
network
low complexity
atlassian CWE-79
6.1
2016-04-11 CVE-2015-0265 Cross-site Scripting vulnerability in Apache Ranger 0.4.0
Cross-site scripting (XSS) vulnerability in the Policy Admin Tool in Apache Ranger before 0.5.0 allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header.
network
low complexity
apache CWE-79
6.1
2016-04-11 CVE-2016-2163 Cross-site Scripting vulnerability in Apache Openmeetings
Cross-site scripting (XSS) vulnerability in Apache OpenMeetings before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the event description when creating an event.
network
low complexity
apache CWE-79
6.1
2016-04-11 CVE-2016-0712 Cross-site Scripting vulnerability in Apache Jetspeed
Cross-site scripting (XSS) vulnerability in Apache Jetspeed before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to portal.
network
low complexity
apache CWE-79
6.1
2016-04-11 CVE-2016-0711 Cross-site Scripting vulnerability in Apache Jetspeed
Multiple cross-site scripting (XSS) vulnerabilities in Apache Jetspeed before 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the title parameter when adding a (1) link, (2) page, or (3) folder resource.
network
low complexity
apache CWE-79
6.1
2016-04-08 CVE-2016-2512 Cross-site Scripting vulnerability in Djangoproject Django
The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting (XSS) attacks via a URL containing basic authentication, as demonstrated by http://mysite.example.com\@attacker.com.
network
low complexity
djangoproject CWE-79
7.4
2016-04-08 CVE-2016-1375 Cross-site Scripting vulnerability in Cisco IP Interoperability and Collaboration System 4.10
Cross-site scripting (XSS) vulnerability in Cisco IP Interoperability and Collaboration System 4.10(1) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy12339.
network
low complexity
cisco CWE-79
6.1