Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-10 | CVE-2017-3894 | Cross-site Scripting vulnerability in Blackberry Enterprise Service and Unified Endpoint Manager A stored cross site scripting vulnerability in the Management Console of BlackBerry Unified Endpoint Manager version 12.6.1 and earlier, and all versions of BES12, allows attackers to execute actions in the context of a Management Console administrator by uploading a malicious script and then persuading a target administrator to view the specific location of the malicious script within the Management Console. | 6.1 |
| 2017-05-10 | CVE-2017-7887 | Cross-site Scripting vulnerability in Dolibarr Erp/Crm 4.0.4 Dolibarr ERP/CRM 4.0.4 has XSS in doli/societe/list.php via the sall parameter. | 6.1 |
| 2017-05-10 | CVE-2016-6037 | Cross-site Scripting vulnerability in IBM Rational Quality Manager and Rational Team Concert IBM Rational Team Concert (RTC) is vulnerable to HTML injection. | 4.8 |
| 2017-05-10 | CVE-2016-6035 | Cross-site Scripting vulnerability in IBM Rational Quality Manager and Rational Team Concert IBM Rational Quality Manager is vulnerable to cross-site scripting. | 5.4 |
| 2017-05-10 | CVE-2016-5888 | Cross-site Scripting vulnerability in IBM Interact IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site scripting. | 5.4 |
| 2017-05-10 | CVE-2016-3032 | Cross-site Scripting vulnerability in IBM Cognos Analytics IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. | 5.4 |
| 2017-05-10 | CVE-2017-8876 | Cross-site Scripting vulnerability in Getsymphony Symphony 2.6.11 Symphony 2 2.6.11 has XSS in the meta[navigation_group] parameter to content/content.blueprintssections.php. | 6.1 |
| 2017-05-09 | CVE-2016-9257 | Cross-site Scripting vulnerability in F5 Big-Ip Access Policy Manager In F5 BIG-IP APM 12.0.0 through 12.1.2, non-authenticated users may be able to inject JavaScript into a request that will then be rendered and executed in the context of the Administrative user when the Administrative user is viewing the Access System Logs, allowing the non-authenticated user to carry out a Cross Site Scripting (XSS) attack against the Administrative user. | 6.1 |
| 2017-05-08 | CVE-2017-0893 | Cross-site Scripting vulnerability in Nextcloud Server Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are shipping a vulnerable JavaScript library for sanitizing untrusted user-input which suffered from a XSS vulnerability caused by a behaviour change in Safari 10.1 and 10.2. | 5.4 |
| 2017-05-08 | CVE-2017-0891 | Cross-site Scripting vulnerability in Nextcloud Server Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are vulnerable to an inadequate escaping of error messages leading to XSS vulnerabilities in multiple components. | 5.4 |