Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-17 | CVE-2017-7891 | Cross-site Scripting vulnerability in Sourcebans-Pp Project Sourcebans-Pp 1.5.4.7 sourcebans-pp (SourceBans++) 1.5.4.7 has XSS in admin.comms.php via the rebanid parameter. | 6.1 |
| 2017-04-14 | CVE-2017-7871 | Cross-site Scripting vulnerability in TDM Project TDM 20170412 trollepierre/tdm before 2017-04-13 is vulnerable to a reflected XSS in tdm-master/webhook.php (challenge parameter). | 6.1 |
| 2017-04-14 | CVE-2017-7188 | Cross-site Scripting vulnerability in Zurmo CRM Zurmo 3.1.1 Stable allows a Cross-Site Scripting (XSS) attack with a base64-encoded SCRIPT element within a data: URL in the returnUrl parameter to default/toggleCollapse. | 5.4 |
| 2017-04-14 | CVE-2016-4888 | Cross-site Scripting vulnerability in Zohocorp Servicedesk Plus 9.0 Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ServiceDesk Plus before 9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2017-04-14 | CVE-2016-4875 | Cross-site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in the IVYWE (1) Assist plugin before 1.1.2.test20160906, (2) dataBox plugin before 0.0.0.20160906, and (3) userBox plugin before 0.0.0.20160906 for Geeklog allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2017-04-14 | CVE-2016-8927 | Cross-site Scripting vulnerability in IBM Tivoli Application Dependency Discovery Manager IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is vulnerable to cross-site scripting. | 5.4 |
| 2017-04-13 | CVE-2017-7725 | Cross-site Scripting vulnerability in Concretecms Concrete CMS 8.1.0 concrete5 8.1.0 places incorrect trust in the HTTP Host header during caching, if the administrator did not define a "canonical" URL on installation of concrete5 using the "Advanced Options" settings. | 6.1 |
| 2017-04-13 | CVE-2014-3887 | Cross-site Scripting vulnerability in Iodata Rockdisk Firmware Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk with firmware before 1.05e1-2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2017-04-13 | CVE-2016-4068 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2015-8864. | 6.1 |
| 2017-04-13 | CVE-2016-2104 | Cross-site Scripting vulnerability in Redhat Satellite 5.7 Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via (1) the label parameter to admin/BunchDetail.do; (2) the package_name, (3) search_subscribed_channels, or (4) channel_filter parameter to software/packages/NameOverview.do; or unspecified vectors related to (5) <input:hidden> or (6) <bean:message> tags. | 6.1 |