Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-09-11 | CVE-2015-8350 | Cross-site Scripting vulnerability in Inboundnow Call TO Action 2.5 Multiple cross-site scripting (XSS) vulnerabilities in the Calls to Action plugin before 2.5.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) open-tab parameter in a wp_cta_global_settings action to wp-admin/edit.php or (2) wp-cta-variation-id parameter to ab-testing-call-to-action-example/. | 4.3 |
2017-09-11 | CVE-2015-8349 | Cross-site Scripting vulnerability in Gameconnect Sourcebans Cross-site scripting (XSS) vulnerability in SourceBans before 2.0 pre-alpha allows remote attackers to inject arbitrary web script or HTML via the advSearch parameter to index.php. | 4.3 |
2017-09-11 | CVE-2015-4687 | Cross-site Scripting vulnerability in Ellucian Banner Student 8.5.1.2 Cross-site scripting (XSS) vulnerability in Ellucian (formerly SunGard) Banner Student 8.5.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2017-09-11 | CVE-2015-7879 | Cross-site Scripting vulnerability in Stickynote Project Stickynote Cross-site scripting (XSS) vulnerability in the Stickynote module 7.x before 7.x-1.3 for Drupal allows remote authenticated users with permission to create or edit a stickynote to inject arbitrary web script or HTML via note text on the admin listing page. | 3.5 |
2017-09-11 | CVE-2017-14268 | Cross-site Scripting vulnerability in EE 4Gee Wifi MBB Firmware EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices have XSS in the sms_content parameter in a getSMSlist request. | 4.3 |
2017-09-11 | CVE-2017-14241 | Cross-site Scripting vulnerability in Dolibarr 6.0.0 Cross-site scripting (XSS) vulnerability in Dolibarr ERP/CRM 6.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the Title parameter to htdocs/admin/menus/edit.php. | 3.5 |
2017-09-11 | CVE-2017-14239 | Cross-site Scripting vulnerability in Dolibarr 6.0.0 Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 6.0.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) CompanyName, (2) CompanyAddress, (3) CompanyZip, (4) CompanyTown, (5) Fax, (6) EMail, (7) Web, (8) ManagingDirectors, (9) Note, (10) Capital, (11) ProfId1, (12) ProfId2, (13) ProfId3, (14) ProfId4, (15) ProfId5, or (16) ProfId6 parameter to htdocs/admin/company.php. | 3.5 |
2017-09-09 | CVE-2017-8041 | Cross-site Scripting vulnerability in VMWare Single Sign-On for Pivotal Cloud Foundry In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3, a user can execute a XSS attack on certain Single Sign-On service UI pages by inputting code in the text field for an organization name. | 4.3 |
2017-09-08 | CVE-2017-11611 | Cross-site Scripting vulnerability in Wolfcms Wolf CMS 0.8.3.1 Wolf CMS 0.8.3.1 allows Cross-Site Scripting (XSS) attacks. | 3.5 |
2017-09-07 | CVE-2017-14219 | Cross-site Scripting vulnerability in Intelbras WRN 240 Firmware XSS (persistent) on the Intelbras Wireless N 150Mbps router with firmware WRN 240 allows attackers to steal wireless credentials without being connected to the network, related to userRpm/popupSiteSurveyRpm.htm and userRpm/WlanSecurityRpm.htm. | 6.1 |