Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE	CVE	VULNERABILITY TITLE	RISK
2017-06-21	CVE-2017-9781	Cross-site Scripting vulnerability in Check MK Project Check MK 1.4.0 A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.4.0x prior to 1.4.0p6, allowing an unauthenticated remote attacker to inject arbitrary HTML or JavaScript via the _username parameter when attempting authentication to webapi.py, which is returned unencoded with content type text/html. network low complexity check-mk-project CWE-79	6.1
2017-06-18	CVE-2017-9668	Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.1.6 In admin\addgroup.php in CMS Made Simple 2.1.6, when adding a user group, there is no XSS filtering, resulting in storage-type XSS generation, via the description parameter in an addgroup action. network low complexity cmsmadesimple CWE-79	6.1
2017-06-16	CVE-2016-10366	Cross-site Scripting vulnerability in Elastic Kibana Kibana versions after and including 4.3 and before 4.6.2 are vulnerable to a cross-site scripting (XSS) attack. network low complexity elastic CWE-79	6.1
2017-06-16	CVE-2016-1000220	Cross-site Scripting vulnerability in Elastic Kibana Kibana before 4.5.4 and 4.1.11 are vulnerable to an XSS attack that would allow an attacker to execute arbitrary JavaScript in users' browsers. network low complexity elastic CWE-79	6.1
2017-06-16	CVE-2015-9056	Cross-site Scripting vulnerability in Elastic Kibana Kibana versions prior to 4.1.3 and 4.2.1 are vulnerable to a XSS attack. network low complexity elastic CWE-79	6.1
2017-06-15	CVE-2017-9419	Cross-site Scripting vulnerability in Webhammer WP Custom Fields Search 0.3.28 Cross-site scripting (XSS) vulnerability in the Webhammer WP Custom Fields Search plugin 0.3.28 for WordPress allows remote attackers to inject arbitrary JavaScript via the cs-all-0 parameter. network low complexity webhammer CWE-79	6.1
2017-06-15	CVE-2017-9674	Cross-site Scripting vulnerability in Simplece 2.3.0 In SimpleCE 2.3.0, an authenticated XSS vulnerability was found on index.php/content/text/1?return_url=[XSS] exploitable as a regular or admin user. network low complexity simplece CWE-79	5.4
2017-06-15	CVE-2017-9613	Cross-site Scripting vulnerability in SAP Successfactors B1702P5E.1190658 Stored Cross-site scripting (XSS) vulnerability in SAP SuccessFactors before b1705.1234962 allows remote authenticated users to inject arbitrary web script or HTML via the file upload functionality. network low complexity sap CWE-79	5.4
2017-06-15	CVE-2017-8551	Cross-site Scripting vulnerability in Microsoft Project Server 2013 An elevation of privilege vulnerability exists when Microsoft SharePoint software fails to properly sanitize a specially crafted requests, aka "Microsoft SharePoint XSS vulnerability". network low complexity microsoft CWE-79	6.1
2017-06-15	CVE-2017-8550	Cross-site Scripting vulnerability in Microsoft Office 2016 A remote code execution vulnerability exists in Skype for Business when the software fails to sanitize specially crafted content, aka "Skype for Business Remote Code Execution Vulnerability". network high complexity microsoft CWE-79	5.4