Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-21 | CVE-2017-11516 | Cross-site Scripting vulnerability in Yiiframework YII 2.0.12 An XSS vulnerability exists in framework/views/errorHandler/exception.php in Yii Framework 2.0.12 affecting the exception screen when debug mode is enabled, because $exception->errorInfo is mishandled. | 6.1 |
| 2017-07-21 | CVE-2015-3421 | Cross-site Scripting vulnerability in Eshop Project Eshop The eshop_checkout function in checkout.php in the Wordpress Eshop plugin 6.3.11 and earlier does not validate variables in the "eshopcart" HTTP cookie, which allows remote attackers to perform cross-site scripting (XSS) attacks, or a path disclosure attack via crafted variables named after target PHP variables. | 6.1 |
| 2017-07-21 | CVE-2017-9931 | Cross-site Scripting vulnerability in Greenpacket Dx-350 Firmware 2.8.9.5G1.4.8Atheeb Cross-Site Scripting (XSS) exists in Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, as demonstrated by the action parameter to ajax.cgi. | 6.1 |
| 2017-07-20 | CVE-2017-11503 | Cross-site Scripting vulnerability in PHPmailer Project PHPmailer 5.2.23 PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email Address" fields of code_generator.php. | 6.1 |
| 2017-07-20 | CVE-2017-0378 | Cross-site Scripting vulnerability in Phamm XSS exists in the login_form function in views/helpers.php in Phamm before 0.6.7, exploitable via the PATH_INFO to main.php. | 6.1 |
| 2017-07-20 | CVE-2017-7059 | Cross-site Scripting vulnerability in Apple Iphone OS A DOMParser XSS issue was discovered in certain Apple products. | 6.1 |
| 2017-07-20 | CVE-2017-7038 | Cross-site Scripting vulnerability in Apple products A DOMParser XSS issue was discovered in certain Apple products. | 6.1 |
| 2017-07-20 | CVE-2017-10676 | Cross-site Scripting vulnerability in D-Link Dir-600M Firmware Fw3.05B01 On D-Link DIR-600M devices before C1_v3.05ENB01_beta_20170306, XSS was found in the form2userconfig.cgi username parameter. | 6.1 |
| 2017-07-19 | CVE-2017-1203 | Cross-site Scripting vulnerability in IBM Bigfix Platform IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and Applications is vulnerable to cross-site scripting. | 6.1 |
| 2017-07-19 | CVE-2016-5394 | Cross-site Scripting vulnerability in Apache Sling In the XSS Protection API module before 1.0.12 in Apache Sling, the encoding done by the XSSAPI.encodeForJSString() method is not restrictive enough and for some input patterns allows script tags to pass through unencoded, leading to potential XSS vulnerabilities. | 6.1 |