Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-01 | CVE-2017-9331 | Cross-site Scripting vulnerability in Epesi The Agenda component in Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in modules/Utils/RecordBrowser/RecordBrowserCommon_0.php, which allows remote attackers to inject arbitrary web script or HTML via a crafted meeting description parameter. | 5.4 |
| 2017-05-31 | CVE-2017-9306 | Cross-site Scripting vulnerability in Syspass 2.1.9 inc/SP/Html/Html.class.php in sysPass 2.1.9 allows remote attackers to bypass the XSS filter, as demonstrated by use of an "<svg/onload=" substring instead of an "<svg onload=" substring. | 6.1 |
| 2017-05-31 | CVE-2017-9305 | Cross-site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware 16.2 lib/core/TikiFilter/PreventXss.php in Tiki Wiki CMS Groupware 16.2 allows remote attackers to bypass the XSS filter via padded zero characters, as demonstrated by an attack on tiki-batch_send_newsletter.php. | 6.1 |
| 2017-05-30 | CVE-2017-2307 | Cross-site Scripting vulnerability in Juniper Junos Space A reflected cross site scripting vulnerability in the administrative interface of Juniper Networks Junos Space versions prior to 16.1R1 may allow remote attackers to steal sensitive information or perform certain administrative actions on Junos Space. | 6.1 |
| 2017-05-29 | CVE-2017-9299 | Cross-site Scripting vulnerability in Otrs 3.3.9 Open Ticket Request System (OTRS) 3.3.9 has XSS in index.pl?Action=AgentStats requests, as demonstrated by OrderBy=[XSS] and Direction=[XSS] attacks. | 6.1 |
| 2017-05-29 | CVE-2017-9298 | Cross-site Scripting vulnerability in Hitachi Device Manager Cross-site scripting vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to execute arbitrary JavaScript code. | 5.4 |
| 2017-05-29 | CVE-2017-9292 | Cross-site Scripting vulnerability in Lansweeper Lansweeper before 6.0.0.65 has XSS in an image retrieval URI, aka Bug 542782. | 6.1 |
| 2017-05-29 | CVE-2017-9289 | Cross-site Scripting vulnerability in Note Project Note Bram Korsten Note through 1.2.0 is vulnerable to a reflected XSS in note-source\ui\editor.php (edit parameter). | 6.1 |
| 2017-05-29 | CVE-2017-9288 | Cross-site Scripting vulnerability in Raygun Raygun4Wp 1.8.0 The Raygun4WP plugin 1.8.0 for WordPress is vulnerable to a reflected XSS in sendtesterror.php (backurl parameter). | 6.1 |
| 2017-05-28 | CVE-2017-9252 | Cross-site Scripting vulnerability in Finecms Project Finecms andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in the search page via the text-search parameter to index.php in a route=search action. | 6.1 |