Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2017-08-08 CVE-2017-8654 Cross-site Scripting vulnerability in Microsoft Sharepoint Server 2010
Microsoft SharePoint Server 2010 Service Pack 2 allows a cross-site scripting (XSS) vulnerability when it does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability".
network
low complexity
microsoft CWE-79
5.4
5.4
2017-08-08 CVE-2017-8642 Cross-site Scripting vulnerability in Microsoft Edge
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to elevate privileges due to the way that Microsoft Edge validates JavaScript under specific conditions, aka "Microsoft Edge Elevation of Privilege Vulnerability".
network
low complexity
microsoft CWE-79
6.1
6.1
2017-08-08 CVE-2017-12677 Cross-site Scripting vulnerability in Identityserver Identityserver3
IdentityServer3 2.4.x, 2.5.x, and 2.6.x before 2.6.1 has XSS in an Angular expression on the authorize response page, which might allow remote attackers to obtain sensitive information about the IdentityServer authorization response.
network
low complexity
identityserver CWE-79
6.1
6.1
2017-08-07 CVE-2017-12655 Cross-site Scripting vulnerability in Nexusphp Project Nexusphp 1.5
Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the query parameter to log.php in a dailylog action.
network
low complexity
nexusphp-project CWE-79
6.1
6.1
2017-08-07 CVE-2016-3113 Cross-site Scripting vulnerability in Redhat Ovirt-Engine
Cross-site scripting (XSS) vulnerability in ovirt-engine allows remote attackers to inject arbitrary web script or HTML.
network
low complexity
redhat CWE-79
6.1
6.1
2017-08-07 CVE-2009-5145 Cross-site Scripting vulnerability in Zope
Cross-site scripting (XSS) vulnerability in ZMI pages that use the manage_tabs_message in Zope 2.11.4, 2.11.2, 2.10.9, 2.10.7, 2.10.6, 2.10.5, 2.10.4, 2.10.2, 2.10.1, 2.12.
network
low complexity
zope CWE-79
6.1
6.1
2017-08-07 CVE-2017-12649 Cross-site Scripting vulnerability in Liferay Portal 6.1.2/6.2.2/7.0
XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted title or summary that is mishandled in the Web Content Display.
network
low complexity
liferay CWE-79
6.1
6.1
2017-08-07 CVE-2017-12648 Cross-site Scripting vulnerability in Liferay Portal 6.1.2/6.2.2/7.0
XSS exists in Liferay Portal before 7.0 CE GA4 via a bookmark URL.
network
low complexity
liferay CWE-79
6.1
6.1
2017-08-07 CVE-2017-12647 Cross-site Scripting vulnerability in Liferay Portal 6.1.2/6.2.2/7.0
XSS exists in Liferay Portal before 7.0 CE GA4 via a Knowledge Base article title.
network
low complexity
liferay CWE-79
6.1
6.1
2017-08-07 CVE-2017-12646 Cross-site Scripting vulnerability in Liferay Portal 6.1.2/6.2.2/7.0
XSS exists in Liferay Portal before 7.0 CE GA4 via a login name, password, or e-mail address.
network
low complexity
liferay CWE-79
6.1
6.1