Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-04-12 | CVE-2016-4003 | Cross-site Scripting vulnerability in Apache Struts Cross-site scripting (XSS) vulnerability in the URLDecoder function in JRE before 1.8, as used in Apache Struts 2.x before 2.3.28, when using a single byte page encoding, allows remote attackers to inject arbitrary web script or HTML via multi-byte characters in a url-encoded parameter. | 6.1 |
2016-04-12 | CVE-2016-2162 | Cross-site Scripting vulnerability in Apache Struts Apache Struts 2.x before 2.3.25 does not sanitize text in the Locale object constructed by I18NInterceptor, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors involving language display. | 6.1 |
2016-04-12 | CVE-2015-3268 | Cross-site Scripting vulnerability in Apache Ofbiz Cross-site scripting (XSS) vulnerability in the DisplayEntityField.getDescription method in ModelFormField.java in Apache OFBiz before 12.04.06 and 13.07.x before 13.07.03 allows remote attackers to inject arbitrary web script or HTML via the description attribute of a display-entity element. | 6.1 |
2016-04-11 | CVE-2015-8398 | Cross-site Scripting vulnerability in Atlassian Confluence Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.8.17 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to rest/prototype/1/session/check. | 6.1 |
2016-04-11 | CVE-2015-0265 | Cross-site Scripting vulnerability in Apache Ranger 0.4.0 Cross-site scripting (XSS) vulnerability in the Policy Admin Tool in Apache Ranger before 0.5.0 allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header. | 6.1 |
2016-04-11 | CVE-2016-2163 | Cross-site Scripting vulnerability in Apache Openmeetings Cross-site scripting (XSS) vulnerability in Apache OpenMeetings before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the event description when creating an event. | 6.1 |
2016-04-11 | CVE-2016-0712 | Cross-site Scripting vulnerability in Apache Jetspeed Cross-site scripting (XSS) vulnerability in Apache Jetspeed before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to portal. | 6.1 |
2016-04-11 | CVE-2016-0711 | Cross-site Scripting vulnerability in Apache Jetspeed Multiple cross-site scripting (XSS) vulnerabilities in Apache Jetspeed before 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the title parameter when adding a (1) link, (2) page, or (3) folder resource. | 6.1 |
2016-04-08 | CVE-2016-2512 | Cross-site Scripting vulnerability in Djangoproject Django The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting (XSS) attacks via a URL containing basic authentication, as demonstrated by http://mysite.example.com\@attacker.com. | 7.4 |
2016-04-08 | CVE-2016-1375 | Cross-site Scripting vulnerability in Cisco IP Interoperability and Collaboration System 4.10 Cross-site scripting (XSS) vulnerability in Cisco IP Interoperability and Collaboration System 4.10(1) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy12339. | 6.1 |