Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE	CVE	VULNERABILITY TITLE	RISK
2017-04-24	CVE-2017-8085	Cross-site Scripting vulnerability in Exponentcms Exponent CMS 2.3.0/2.3.1 In Exponent CMS before 2.4.1 Patch #5, XSS in elFinder is possible in framework/modules/file/connector/elfinder.php. network low complexity exponentcms CWE-79	6.1
2017-04-24	CVE-2017-7944	Cross-site Scripting vulnerability in Xoops 2.5.8.1 XOOPS Core 2.5.8.1 has XSS due to unescaped HTML output of an Install DB failure error message in page_dbsettings.php. network low complexity xoops CWE-79	6.1
2017-04-22	CVE-2017-8052	Cross-site Scripting vulnerability in Craftcms Craft CMS Craft CMS before 2.6.2974 allows XSS attacks. network low complexity craftcms CWE-79	6.1
2017-04-21	CVE-2016-6519	Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form. network low complexity redhat openstack CWE-79	5.4
2017-04-21	CVE-2017-7992	Cross-site Scripting vulnerability in Heartland Payment Systems Heartland-PHP Heartland Payment Systems Payment Gateway PHP SDK hps/heartland-php v2.8.17 is vulnerable to a reflected XSS in examples/consumer-authentication/cruise.php via the URI, as demonstrated by the cavv parameter. network low complexity heartland-payment-systems CWE-79	6.1
2017-04-21	CVE-2017-7409	Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os Palo Alto Networks PAN-OS before 7.0.15 has XSS in the GlobalProtect external interface via crafted request parameters, aka PAN-SA-2017-0011 and PAN-70674. network low complexity paloaltonetworks CWE-79	6.1
2017-04-20	CVE-2017-6618	Cross-site Scripting vulnerability in Cisco Integrated Management Controller Supervisor 3.0(1C) A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack. network low complexity cisco CWE-79	5.4
2017-04-20	CVE-2017-6611	Cross-site Scripting vulnerability in Cisco Prime Infrastructure 2.2(2) A vulnerability in the web framework code of Cisco Prime Infrastructure 2.2(2) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. network low complexity cisco CWE-79	6.1
2017-04-20	CVE-2016-9980	Cross-site Scripting vulnerability in IBM Curam Social Program Management IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. network low complexity ibm CWE-79	5.4
2017-04-20	CVE-2016-9979	Cross-site Scripting vulnerability in IBM Curam Social Program Management IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. network low complexity ibm CWE-79	5.4