Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2017-06-07 CVE-2017-1178 Cross-site Scripting vulnerability in IBM Bigfix Security Compliance Analytics 1.9.70
IBM Endpoint Manager for Security and Compliance 1.9.70 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
6.1
2017-06-07 CVE-2016-9834 Cross-site Scripting vulnerability in Sophos Cyberoam Firmware 10.6.4
An XSS vulnerability allows remote attackers to execute arbitrary client side script on vulnerable installations of Sophos Cyberoam firewall devices with firmware through 10.6.4.
network
low complexity
sophos CWE-79
6.1
6.1
2017-06-06 CVE-2017-9452 Cross-site Scripting vulnerability in Piwigo
Cross-site scripting (XSS) vulnerability in admin.php in Piwigo 2.9.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter.
network
low complexity
piwigo CWE-79
4.8
4.8
2017-06-06 CVE-2017-9451 Cross-site Scripting vulnerability in Flatcore 1.4.6
Cross site scripting (XSS) vulnerability in pages.edit_form.php in flatCore 1.4.6 allows remote attackers to inject arbitrary JavaScript via the PATH_INFO in an acp.php URL, due to use of unsanitized $_SERVER['PHP_SELF'] to generate URLs.
network
low complexity
flatcore CWE-79
6.1
6.1
2017-06-06 CVE-2017-8920 Cross-site Scripting vulnerability in Cgiirc Cgi:Irc
irc.cgi in CGI:IRC before 0.5.12 reflects user-supplied input from the R parameter without proper output encoding, aka XSS.
network
low complexity
cgiirc CWE-79
6.1
6.1
2017-06-06 CVE-2017-9448 Cross-site Scripting vulnerability in Bigtreecms Bigtree CMS
Cross-site scripting (XSS) vulnerabilities in BigTree CMS through 4.2.18 allow remote authenticated users to inject arbitrary web script or HTML via the description parameter.
network
low complexity
bigtreecms CWE-79
5.4
5.4
2017-06-06 CVE-2017-9332 Cross-site Scripting vulnerability in Pivotx 2.3.11
The smarty_self function in modules/module_smarty.php in PivotX 2.3.11 mishandles the URI, allowing XSS via vectors involving quotes in the self Smarty tag.
network
low complexity
pivotx CWE-79
6.1
6.1
2017-06-05 CVE-2017-9441 Cross-site Scripting vulnerability in Bigtreecms Bigtree CMS
Multiple cross-site scripting (XSS) vulnerabilities in BigTree CMS through 4.2.18 allow remote authenticated users to inject arbitrary web script or HTML by uploading a crafted package, triggering mishandling of the (1) title or (2) version or (3) author_name parameter in manifest.json.
network
low complexity
bigtreecms CWE-79
5.4
5.4
2017-06-05 CVE-2017-9420 Cross-site Scripting vulnerability in Sunnythemes Spiffy Calendar
Cross site scripting (XSS) vulnerability in the Spiffy Calendar plugin before 3.3.0 for WordPress allows remote attackers to inject arbitrary JavaScript via the yr parameter.
network
low complexity
sunnythemes CWE-79
6.1
6.1
2017-06-05 CVE-2017-8839 Cross-site Scripting vulnerability in Peplink products
XSS via orig_url exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093.
network
low complexity
peplink CWE-79
6.1
6.1