Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2017-08-21 CVE-2017-12984 Cross-site Scripting vulnerability in PHPmywind 5.3
PHPMyWind 5.3 has XSS in shoppingcart.php, related to message.php, admin/message.php, and admin/message_update.php.
network
low complexity
phpmywind CWE-79
6.1
6.1
2017-08-21 CVE-2017-12980 Cross-site Scripting vulnerability in Dokuwiki
DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php.
network
low complexity
dokuwiki CWE-79
6.1
6.1
2017-08-21 CVE-2017-12979 Cross-site Scripting vulnerability in Dokuwiki
DokuWiki through 2017-02-19c has stored XSS when rendering a malicious language name in a code element, in /inc/parser/xhtml.php.
network
low complexity
dokuwiki CWE-79
6.1
6.1
2017-08-21 CVE-2017-12978 Cross-site Scripting vulnerability in Cacti
lib/html.php in Cacti before 1.1.18 has XSS via the title field of an external link added by an authenticated user.
network
low complexity
cacti CWE-79
5.4
5.4
2017-08-18 CVE-2017-12948 Cross-site Scripting vulnerability in Pressforward
Core\Admin\PFTemplater.php in the PressForward plugin 4.3.0 and earlier for WordPress has XSS in the PATH_INFO to wp-admin/admin.php, related to PHP_SELF.
network
low complexity
pressforward CWE-79
6.1
6.1
2017-08-18 CVE-2017-12882 Cross-site Scripting vulnerability in Spring Batch Admin Project Spring Batch Admin 1.0.0/1.2.0
Stored Cross-site scripting (XSS) vulnerability in Spring Batch Admin before 1.3.0 allows remote authenticated users to inject arbitrary JavaScript or HTML via the file upload functionality.
network
low complexity
spring-batch-admin-project CWE-79
5.4
5.4
2017-08-18 CVE-2015-5057 Cross-site Scripting vulnerability in Broken Link Checker Project Broken Link Checker
Cross-site scripting (XSS) vulnerability exists in the Wordpress admin panel when the Broken Link Checker plugin before 1.10.9 is installed.
network
low complexity
broken-link-checker-project CWE-79
6.1
6.1
2017-08-18 CVE-2017-12591 Cross-site Scripting vulnerability in Asus Dsl-N10S Firmware V2.1.16Apac
ASUS DSL-N10S V2.1.16_APAC devices have reflected and stored cross site scripting, as demonstrated by the snmpSysName parameter.
network
low complexity
asus CWE-79
5.4
5.4
2017-08-18 CVE-2017-9816 Cross-site Scripting vulnerability in Paessler Prtg Network Monitor
Cross-site scripting (XSS) vulnerability in Paessler PRTG Network Monitor before 17.2.32.2279 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
paessler CWE-79
6.1
6.1
2017-08-18 CVE-2017-9767 Cross-site Scripting vulnerability in Quali Cloudshell 7.1.0.6508
Multiple cross-site scripting (XSS) vulnerabilities in Quali CloudShell before 8 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Name or (2) Description parameter to RM/Reservation/ReserveNew; the (3) Description parameter to RM/Topology/Update; the (4) Name, (5) Description, (6) ExecutionBatches[0].Name, (7) ExecutionBatches[0].Description, or (8) Labels parameter to SnQ/JobTemplate/Edit; or (9) Alias or (10) Description parameter to RM/AbstractTemplate/AddOrUpdateAbstractTemplate.
network
low complexity
quali CWE-79
5.4
5.4