Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE	CVE	VULNERABILITY TITLE	RISK
2017-05-18	CVE-2017-9071	Cross-site Scripting vulnerability in Modx Revolution In MODX Revolution before 2.5.7, an attacker might be able to trigger XSS by injecting a payload into the HTTP Host header of a request. network high complexity modx CWE-79	4.7
2017-05-18	CVE-2017-9070	Cross-site Scripting vulnerability in Modx Revolution In MODX Revolution before 2.5.7, a user with resource edit permissions can inject an XSS payload into the title of any post via the pagetitle parameter to connectors/index.php. network low complexity modx CWE-79	5.4
2017-05-18	CVE-2017-9068	Cross-site Scripting vulnerability in Modx Revolution In MODX Revolution before 2.5.7, an attacker is able to trigger Reflected XSS by injecting payloads into several fields on the setup page, as demonstrated by the database_type parameter. network low complexity modx CWE-79	6.1
2017-05-18	CVE-2017-9063	Cross-site Scripting vulnerability in multiple products In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability related to the Customizer exists, involving an invalid customization session. network low complexity wordpress debian CWE-79	6.1
2017-05-18	CVE-2017-9061	Cross-site Scripting vulnerability in multiple products In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the filename. network low complexity wordpress debian CWE-79	6.1
2017-05-17	CVE-2017-4011	Cross-site Scripting vulnerability in Mcafee Network Data Loss Prevention 9.3.0 Embedding Script (XSS) in HTTP Headers vulnerability in the server in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote attackers to get session/cookie information via modification of the HTTP request. network low complexity mcafee CWE-79	6.1
2017-05-17	CVE-2015-3998	Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in phpwhois 4.2.5, as used in the adsense-click-fraud-monitoring plugin 1.7.5 for WordPress, allows remote attackers to inject arbitrary web script or HTML via the query parameter to whois.php. network low complexity clickfraud-monitoring phpwhois-project CWE-79	6.1
2017-05-16	CVE-2017-7953	Cross-site Scripting vulnerability in Infor Enterprise Asset Management 11.0 INFOR EAM V11.0 Build 201410 has XSS via comment fields. network low complexity infor CWE-79	5.4
2017-05-12	CVE-2017-2164	Cross-site Scripting vulnerability in N-I-Agroinformatics SOY CMS Cross-site scripting vulnerability in SOY CMS with installer 1.8.12 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network low complexity n-i-agroinformatics CWE-79	6.1
2017-05-12	CVE-2017-2122	Cross-site Scripting vulnerability in Tenable Nessus Cross-site scripting vulnerability in Nessus versions 6.8.0, 6.8.1, 6.9.0, 6.9.1 and 6.9.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. network low complexity tenable CWE-79	5.4