Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2017-05-12 CVE-2016-4883 Cross-site Scripting vulnerability in Basercms 3.0.10
Cross-site scripting vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
basercms CWE-79
5.4
5.4
2017-05-12 CVE-2016-4880 Cross-site Scripting vulnerability in Basercms 3.0.10
Cross-site scripting vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
basercms CWE-79
5.4
5.4
2017-05-12 CVE-2016-4877 Cross-site Scripting vulnerability in Basercms and Mail
Cross-site scripting vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
basercms CWE-79
5.4
5.4
2017-05-12 CVE-2016-4858 Cross-site Scripting vulnerability in Splunk
Cross-site scripting vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light prior to 6.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
splunk CWE-79
4.8
4.8
2017-05-12 CVE-2016-4856 Cross-site Scripting vulnerability in Splunk
Cross-site scripting vulnerability in Splunk Enterprise 6.3.x prior to 6.3.5 and Splunk Light 6.3.x prior to 6.3.5 allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
splunk CWE-79
4.8
4.8
2017-05-12 CVE-2016-4855 Cross-site Scripting vulnerability in Adodb Project Adodb
Cross-site scripting vulnerability in ADOdb versions prior to 5.20.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
adodb-project CWE-79
6.1
6.1
2017-05-12 CVE-2017-0255 Cross-site Scripting vulnerability in Microsoft Sharepoint Foundation 2013
Microsoft SharePoint Foundation 2013 SP1 allows an elevation of privilege vulnerability when it does not properly sanitize a specially crafted web request, aka "Microsoft SharePoint XSS Vulnerability".
network
low complexity
microsoft CWE-79
5.4
5.4
2017-05-11 CVE-2017-8898 Cross-site Scripting vulnerability in Invisioncommunity Invision Power Board
Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has stored XSS in the Announcements, allowing privilege escalation from an Invision Power Board moderator to an admin.
network
low complexity
invisioncommunity CWE-79
critical
 9.8
9.8
2017-05-11 CVE-2017-8897 Cross-site Scripting vulnerability in Invisioncommunity Invision Power Board
Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has pre-auth reflected XSS in the IPS UTF8 Converter v1.1.18: admin/convertutf8/index.php?controller= is the attack vector.
network
low complexity
invisioncommunity CWE-79
6.1
6.1
2017-05-10 CVE-2017-8892 Cross-site Scripting vulnerability in Opentext Tempo BOX 10.0.3
Cross-site scripting (XSS) vulnerability in OpenText Tempo Box 10.0.3 allows remote attackers to inject arbitrary web script or HTML persistently via the name of an uploaded image.
network
low complexity
opentext CWE-79
6.1
6.1