Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2017-04-25 CVE-2017-7987 Cross-site Scripting vulnerability in Joomla Joomla!
In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate escaping of file and folder names leads to XSS vulnerabilities in the template manager component.
network
low complexity
joomla CWE-79
6.1
6.1
2017-04-25 CVE-2017-7986 Cross-site Scripting vulnerability in Joomla Joomla!
In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of specific HTML attributes leads to XSS vulnerabilities in various components.
network
low complexity
joomla CWE-79
6.1
6.1
2017-04-25 CVE-2017-7985 Cross-site Scripting vulnerability in Joomla Joomla!
In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering of multibyte characters leads to XSS vulnerabilities in various components.
network
low complexity
joomla CWE-79
6.1
6.1
2017-04-25 CVE-2017-7984 Cross-site Scripting vulnerability in Joomla Joomla!
In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering leads to XSS in the template manager component.
network
low complexity
joomla CWE-79
6.1
6.1
2017-04-24 CVE-2017-5045 Cross-site Scripting vulnerability in multiple products
XSS Auditor in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed detection of a blocked iframe load, which allowed a remote attacker to brute force JavaScript variables via a crafted HTML page.
network
low complexity
google redhat debian CWE-79
6.1
6.1
2017-04-24 CVE-2017-3557 Cross-site Scripting vulnerability in Oracle One-To-One Fulfillment
Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Print Server).
network
low complexity
oracle CWE-79
7.1
7.1
2017-04-24 CVE-2017-8103 Cross-site Scripting vulnerability in Mybb
In MyBB before 1.8.11, the Email MyCode component allows XSS, as demonstrated by an onmouseover event.
network
low complexity
mybb CWE-79
6.1
6.1
2017-04-24 CVE-2017-8102 Cross-site Scripting vulnerability in S9Y Serendipity 2.1
Stored XSS in Serendipity v2.1-rc1 allows an attacker to steal an admin's cookie and other information by composing a new entry as an editor user.
network
low complexity
s9y CWE-79
5.4
5.4
2017-04-24 CVE-2017-7723 Cross-site Scripting vulnerability in Wp-Ecommerce Easy WP Smtp
XSS exists in Easy WP SMTP (before 1.2.5), a WordPress Plugin, via the e-mail subject or body.
network
low complexity
wp-ecommerce CWE-79
6.1
6.1
2017-04-24 CVE-2017-5191 Cross-site Scripting vulnerability in Netiq Access Manager 4.2/4.3
An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate the HTTP Referer header.
network
low complexity
netiq CWE-79
6.1
6.1