Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-18 | CVE-2017-12680 | Cross-site Scripting vulnerability in Nexusphp Project Nexusphp 1.5 Cross-Site Scripting (XSS) exists in NexusPHP 1.5 via the type parameter to shoutbox.php. | 6.1 |
| 2017-08-18 | CVE-2017-1338 | Cross-site Scripting vulnerability in IBM products IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. | 5.4 |
| 2017-08-18 | CVE-2017-12927 | Cross-site Scripting vulnerability in Cacti 1.1.17 A cross-site scripting vulnerability exists in Cacti 1.1.17 in the method parameter in spikekill.php. | 6.1 |
| 2017-08-17 | CVE-2017-6788 | Cross-site Scripting vulnerability in Cisco Anyconnect Secure Mobility Client 4.4(4027)/4.5(58) The WebLaunch functionality of Cisco AnyConnect Secure Mobility Client Software contains a vulnerability that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected software. | 6.1 |
| 2017-08-17 | CVE-2017-6776 | Cross-site Scripting vulnerability in Cisco Elastic Services Controller 2.2(9.76)/2.3(1) A vulnerability in the web framework of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface. | 6.1 |
| 2017-08-17 | CVE-2017-12907 | Cross-site Scripting vulnerability in Nexusphp Project Nexusphp 1.5 Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the url path to usersearch.php. | 6.1 |
| 2017-08-14 | CVE-2016-6021 | Cross-site Scripting vulnerability in IBM Emptoris Strategic Supply Management IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 is vulnerable to cross-site scripting. | 5.4 |
| 2017-08-14 | CVE-2017-9655 | Cross-site Scripting vulnerability in Osisoft products A Cross-Site Scripting issue was discovered in OSIsoft PI Integrator for Business Analytics before 2016 R2, PI Integrator for Microsoft Azure before 2016 R2 SP1, and PI Integrator for SAP HANA before 2017. | 5.4 |
| 2017-08-14 | CVE-2017-9802 | Cross-site Scripting vulnerability in Apache Sling Servlets Post 2.3.20 The Javascript method Sling.evalString() in Apache Sling Servlets Post before 2.3.22 uses the javascript 'eval' function to parse input strings, which allows for XSS attacks by passing specially crafted input strings. | 6.1 |
| 2017-08-11 | CVE-2015-3615 | Cross-site Scripting vulnerability in Fortinet Fortimanager Firmware Cross-site scripting (XSS) vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving unspecified parameters and a privilege escalation attack. | 5.4 |