Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-26 | CVE-2017-11629 | Cross-site Scripting vulnerability in Finecms 1.9.5/5.0.10/5.0.9 dayrui FineCms through 5.0.10 has Cross Site Scripting (XSS) in controllers/api.php via the function parameter in a c=api&m=data2 request. | 6.1 |
| 2017-07-25 | CVE-2016-6133 | Cross-site Scripting vulnerability in Ektron Content Management System 8.7.0/9.1/9.10 Cross-site scripting (XSS) vulnerability in Ektron Content Management System before 9.1.0.184SP3(9.1.0.184.3.127) allows remote attackers to inject arbitrary web script or HTML via the rptStatus parameter in a Report action to WorkArea/SelectUserGroup.aspx. | 6.1 |
| 2017-07-25 | CVE-2017-6755 | Cross-site Scripting vulnerability in Cisco Prime Collaboration Provisioning 12.1 A vulnerability in the web portal of the Cisco Prime Collaboration Provisioning (PCP) Tool could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. | 6.1 |
| 2017-07-25 | CVE-2017-6749 | Cross-site Scripting vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 5.4 |
| 2017-07-25 | CVE-2017-11460 | Cross-site Scripting vulnerability in SAP Netweaver Portal 7.4 Cross-site scripting (XSS) vulnerability in the DataArchivingService servlet in SAP NetWeaver Portal 7.4 allows remote attackers to inject arbitrary web script or HTML via the responsecode parameter to shp/shp_result.jsp, aka SAP Security Note 2308535. | 6.1 |
| 2017-07-25 | CVE-2017-11458 | Cross-site Scripting vulnerability in SAP Netweaver Application Server Java 7.30 Cross-site scripting (XSS) vulnerability in the ctcprotocol/Protocol servlet in SAP NetWeaver AS JAVA 7.3 allows remote attackers to inject arbitrary web script or HTML via the sessionID parameter, aka SAP Security Note 2406783. | 6.1 |
| 2017-07-25 | CVE-2015-5594 | Cross-site Scripting vulnerability in Zenphoto The sanitize_string function in ZenPhoto before 1.4.9 utilized the html_entity_decode function after input sanitation, which might allow remote attackers to perform a cross-site scripting (XSS) via a crafted string. | 6.1 |
| 2017-07-25 | CVE-2015-0674 | Cross-site Scripting vulnerability in Cisco Cloud web Security Cross-site scripting (XSS) vulnerability in the Alert Service of Cisco Cloud Web Security base revision allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | 6.1 |
| 2017-07-25 | CVE-2017-11617 | Cross-site Scripting vulnerability in Atmail Cross-site scripting (XSS) vulnerability in atmail prior to version 7.8.0.2 allows remote attackers to inject arbitrary web script or HTML within the body of an email via an IMG element with both single quotes and double quotes. | 6.1 |
| 2017-07-24 | CVE-2017-1380 | Cross-site Scripting vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. | 5.4 |