Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-07 | CVE-2017-14194 | Cross-site Scripting vulnerability in Finecms Project Finecms 5.0.11 The out function in controllers/member/Login.php in dayrui FineCms 5.0.11 has XSS related to the Referer HTTP header with Internet Explorer. | 6.1 |
| 2017-09-07 | CVE-2017-14193 | Cross-site Scripting vulnerability in Finecms Project Finecms 5.0.11 The oauth function in controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the Referer HTTP header with Internet Explorer. | 6.1 |
| 2017-09-07 | CVE-2017-14192 | Cross-site Scripting vulnerability in Finecms Project Finecms 5.0.11 The checktitle function in controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the module field. | 6.1 |
| 2017-09-07 | CVE-2017-1502 | Cross-site Scripting vulnerability in IBM Content Navigator 2.0.3/3.0.0/3.0.1 IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to cross-site scripting. | 5.4 |
| 2017-09-07 | CVE-2017-1189 | Cross-site Scripting vulnerability in IBM Websphere Portal IBM WebSphere Portal and Web Content Manager 6.1, 7.0, and 8.0 is vulnerable to cross-site scripting. | 6.1 |
| 2017-09-07 | CVE-2017-1098 | Cross-site Scripting vulnerability in IBM Emptoris Supplier Lifecycle Management IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. | 5.4 |
| 2017-09-07 | CVE-2017-13754 | Cross-site Scripting vulnerability in Wibu Codemeter 6.50A Cross-site scripting (XSS) vulnerability in the "advanced settings - time server" module in Wibu-Systems CodeMeter before 6.50b allows remote attackers to inject arbitrary web script or HTML via the "server name" field in actions/ChangeConfiguration.html. | 5.4 |
| 2017-09-07 | CVE-2017-12906 | Cross-site Scripting vulnerability in Nexusphp Project Nexusphp 1.5 Multiple cross-site scripting (XSS) vulnerabilities in NexusPHP allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) cheaters.php or (2) confirm_resend.php. | 6.1 |
| 2017-09-07 | CVE-2017-12794 | Cross-site Scripting vulnerability in Djangoproject Django In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. | 6.1 |
| 2017-09-07 | CVE-2017-12416 | Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os Cross-site scripting (XSS) vulnerability in the GlobalProtect internal and external gateway interface in Palo Alto Networks PAN-OS before 6.1.18, 7.0.x before 7.0.17, 7.1.x before 7.1.12, and 8.0.x before 8.0.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper request parameter validation. | 6.1 |