Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2017-07-19 CVE-2016-7509 Cross-site Scripting vulnerability in Glpi-Project Glpi 0.90.4
Cross-site scripting (XSS) vulnerability in GLPI 0.90.4 allows remote authenticated attackers to inject arbitrary web script or HTML by attaching a crafted HTML file to a ticket.
network
low complexity
glpi-project CWE-79
5.4
5.4
2017-07-19 CVE-2017-9764 Cross-site Scripting vulnerability in Metinfo 5.3.17
Cross-site scripting (XSS) vulnerability in MetInfo 5.3.17 allows remote attackers to inject arbitrary web script or HTML via the Client-IP or X-Forwarded-For HTTP header to /include/stat/stat.php in a para action.
network
low complexity
metinfo CWE-79
6.1
6.1
2017-07-19 CVE-2017-11441 Cross-site Scripting vulnerability in Cpanel WHM
The WHM Upload Locale interface in cPanel before 56.0.51, 58.x before 58.0.52, 60.x before 60.0.45, 62.x before 62.0.27, 64.x before 64.0.33, and 66.x before 66.0.2 has XSS via a locale filename, aka SEC-297.
network
low complexity
cpanel CWE-79
5.4
5.4
2017-07-19 CVE-2017-11439 Cross-site Scripting vulnerability in Sitecore CMS 8.2
In Sitecore 8.2, there is reflected XSS in the shell/Applications/Tools/Run Program parameter.
network
low complexity
sitecore CWE-79
5.4
5.4
2017-07-19 CVE-2017-10801 Cross-site Scripting vulnerability in PHPsocial
phpSocial (formerly phpDolphin) before 3.0.1 has XSS in the PATH_INFO to the search/tag/ URI.
network
low complexity
phpsocial CWE-79
6.1
6.1
2017-07-18 CVE-2017-5247 Cross-site Scripting vulnerability in Biscom Secure File Transfer
Biscom Secure File Transfer is vulnerable to cross-site scripting in the File Name field.
network
low complexity
biscom CWE-79
5.4
5.4
2017-07-18 CVE-2017-10962 Cross-site Scripting vulnerability in Vanderbilt Redcap
REDCap before 7.5.1 has XSS via the query string.
network
low complexity
vanderbilt CWE-79
6.1
6.1
2017-07-17 CVE-2017-9934 Cross-site Scripting vulnerability in Joomla Joomla!
Missing CSRF token checks and improper input validation in Joomla! CMS 1.7.3 through 3.7.2 lead to an XSS vulnerability.
network
low complexity
joomla CWE-79
6.1
6.1
2017-07-17 CVE-2017-9813 Cross-site Scripting vulnerability in Kaspersky Anti-Virus for Linux Server 8.0.3.297
In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312), the scriptName parameter of the licenseKeyInfo action method is vulnerable to cross-site scripting (XSS).
network
low complexity
kaspersky CWE-79
6.1
6.1
2017-07-17 CVE-2017-9609 Cross-site Scripting vulnerability in Blackcat-Cms Blackcat CMS 1.2
Cross-site scripting (XSS) vulnerability in Blackcat CMS 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the map_language parameter to backend/pages/lang_settings.php.
network
low complexity
blackcat-cms CWE-79
5.4
5.4