Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2017-07-28 CVE-2017-11647 Cross-site Scripting vulnerability in Netcomm 4Gt101W Bootloader and 4Gt101W Software
NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 are vulnerable to stored cross-site scripting attacks.
network
low complexity
netcomm CWE-79
5.4
5.4
2017-07-27 CVE-2017-11691 Cross-site Scripting vulnerability in Cacti 1.1.13
Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti 1.1.13 allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers.
network
low complexity
cacti CWE-79
5.4
5.4
2017-07-27 CVE-2017-11687 Cross-site Scripting vulnerability in Zohocorp Manageengine Eventlog Analyzer 11.4/11.5
Multiple Persistent cross-site scripting (XSS) vulnerabilities in Event log parsing and Display functions in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML via syslog.
network
low complexity
zohocorp CWE-79
6.1
6.1
2017-07-27 CVE-2017-11686 Cross-site Scripting vulnerability in Zohocorp Manageengine Eventlog Analyzer 11.4/11.5
Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allows remote attackers to obtain an authenticated user's password via XSS vulnerabilities or sniffing non-SSL traffic on the network, because the password is represented in a cookie with a reversible encoding method.
network
low complexity
zohocorp CWE-79
6.1
6.1
2017-07-27 CVE-2017-11685 Cross-site Scripting vulnerability in Zohocorp Manageengine Eventlog Analyzer 11.4/11.5
Multiple Reflective cross-site scripting (XSS) vulnerabilities in search and display of event data in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML, as demonstrated by the fName parameter.
network
low complexity
zohocorp CWE-79
6.1
6.1
2017-07-27 CVE-2017-11682 Cross-site Scripting vulnerability in Hashtopolis 0.4.0
Stored Cross-site scripting vulnerability in Hashtopussy 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) version, (2) url, or (3) rootdir parameter in hashcat.php.
network
low complexity
hashtopolis CWE-79
6.1
6.1
2017-07-27 CVE-2017-11677 Cross-site Scripting vulnerability in Hashtopus Project Hashtopus 1.5G
Cross-site scripting (XSS) vulnerability in Hashtopus 1.5g allows remote attackers to inject arbitrary web script or HTML via the query string to admin.php.
network
low complexity
hashtopus-project CWE-79
6.1
6.1
2017-07-26 CVE-2017-11666 Cross-site Scripting vulnerability in Kopano Webapp 3.3.0
Cross-site scripting (XSS) vulnerability in js/ViewerPanel.js in the file previewer plugin in Kopano WebApp versions 3.3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via a specially crafted previewable file.
network
low complexity
kopano CWE-79
6.1
6.1
2017-07-26 CVE-2017-11612 Cross-site Scripting vulnerability in Joomla Joomla!
In Joomla! before 3.7.4, inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components.
network
low complexity
joomla CWE-79
6.1
6.1
2017-07-26 CVE-2017-11651 Cross-site Scripting vulnerability in Nexusphp 1.5
NexusPHP V1.5 has XSS via a javascript: or data: URL in a UBBCode url tag.
network
low complexity
nexusphp CWE-79
6.1
6.1