Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-03 | CVE-2017-10798 | Cross-site Scripting vulnerability in Objectplanet Opinio In ObjectPlanet Opinio before 7.6.4, there is XSS. | 6.1 |
| 2017-07-02 | CVE-2017-10795 | Cross-site Scripting vulnerability in Intelliants Subrion 4.1.4 Cross-site scripting (XSS) vulnerability in Subrion CMS 4.1.4 allows remote attackers to inject arbitrary web script or HTML via the body to blog/add/, a different vulnerability than CVE-2017-6069. | 6.1 |
| 2017-06-30 | CVE-2015-9105 | Cross-site Scripting vulnerability in Synology Video Station Multiple cross-site scripting (XSS) vulnerabilities in Synology Video Station 1.2 before 1.2-0455, 1.5 before 1.5-0772, and 1.6 before 1.6-0847 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) file name or (2) collection name of videos. | 5.4 |
| 2017-06-30 | CVE-2015-9104 | Cross-site Scripting vulnerability in Synology Audio Station Cross-site scripting (XSS) vulnerabilities in Synology Audio Station 5.1 before 5.1-2550 and 5.4 before 5.4-2857 allows remote authenticated attackers to inject arbitrary web script or HTML via the album title. | 5.4 |
| 2017-06-30 | CVE-2015-9103 | Cross-site Scripting vulnerability in Synology Note Station Multiple cross-site scripting (XSS) vulnerabilities in Synology Note Station 1.1-0212 and earlier allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) note title or (2) file name of attachments. | 5.4 |
| 2017-06-30 | CVE-2015-9102 | Cross-site Scripting vulnerability in Synology Photo Station Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station 6.0 before 6.0-2638 and 6.3 before 6.3-2962 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) album name, (2) file name of uploaded photos, (3) description of photos, or (4) tag of the photos. | 5.4 |
| 2017-06-29 | CVE-2017-10673 | Cross-site Scripting vulnerability in Get-Simple Getsimple CMS admin/profile.php in GetSimple CMS 3.x has XSS in a name field. | 6.1 |
| 2017-06-29 | CVE-2017-10667 | Cross-site Scripting vulnerability in Zen-Cart ZEN Cart 1.6.0 In index.php in Zen Cart 1.6.0, the products_id parameter can cause XSS. | 6.1 |
| 2017-06-28 | CVE-2017-1106 | Cross-site Scripting vulnerability in IBM Curam Social Program Management IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. | 5.4 |
| 2017-06-28 | CVE-2017-5241 | Cross-site Scripting vulnerability in Biscom Secure File Transfer Biscom Secure File Transfer versions 5.0.0.0 trough 5.1.1024 are vulnerable to post-authentication persistent cross-site scripting (XSS) in the "Name" and "Description" fields of a Workspace, as well as the "Description" field of a File Details pane of a file stored in a Workspace. | 5.4 |