Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2017-08-04 CVE-2017-12413 Cross-site Scripting vulnerability in Axis 2100 Network Camera Firmware 2.43
AXIS 2100 devices 2.43 have XSS via the URI, possibly related to admin/admin.shtml.
network
low complexity
axis CWE-79
6.1
6.1
2017-08-03 CVE-2017-1327 Cross-site Scripting vulnerability in IBM Inotes
IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
6.1
2017-08-03 CVE-2017-1199 Cross-site Scripting vulnerability in IBM Infosphere Master Data Management Server
IBM InfoSphere Master Data Management Server 10.0, 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2017-08-03 CVE-2017-11320 Cross-site Scripting vulnerability in Technicolor Tc7337 Firmware 08.89.17.20.00
Persistent XSS through the SSID of nearby Wi-Fi devices on Technicolor TC7337 routers 08.89.17.20.00 allows an attacker to cause DNS Poisoning and steal credentials from the router.
network
low complexity
technicolor CWE-79
6.1
6.1
2017-08-02 CVE-2017-9467 Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os
Cross-site scripting (XSS) vulnerability in the GlobalProtect external interface in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
paloaltonetworks CWE-79
6.1
6.1
2017-08-02 CVE-2017-9459 Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os
Cross-site scripting (XSS) vulnerability in the management web interface in Palo Alto Networks PAN-OS before 6.1.18, 7.x before 7.0.16, 7.1.x before 7.1.11, and 8.x before 8.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
paloaltonetworks CWE-79
6.1
6.1
2017-08-02 CVE-2017-9244 Cross-site Scripting vulnerability in Trello 4.0.7
Cross-site scripting (XSS) vulnerability in the Trello app before 4.0.8 for iOS might allow remote attackers to inject arbitrary web script or HTML by uploading and attaching a crafted photo to a Card.
network
low complexity
trello CWE-79
6.1
6.1
2017-08-02 CVE-2017-11355 Cross-site Scripting vulnerability in Pega Platform
Multiple cross-site scripting (XSS) vulnerabilities in PEGA Platform 7.2 ML0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to the main page; the (2) beanReference parameter to the JavaBean viewer page; or the (3) pyTableName to the System database schema modification page.
network
low complexity
pega CWE-79
6.1
6.1
2017-08-02 CVE-2015-2690 Cross-site Scripting vulnerability in Digium Addons Module 2.11.0.6
Multiple cross-site scripting (XSS) vulnerabilities in views/add-license-form.php in the Digium Addons module (digiumaddoninstaller) before 2.11.0.7 for FreePBX allow remote attackers to inject arbitrary web script or HTML via the (1) add_license_key, (2) add_license_first_name, (3) add_license_last_name, (4) add_license_company, (5) add_license_address1, (6) add_license_address2, (7) add_license_city, (8) add_license_state, (9) add_license_post_code, (10) add_license_country, (11) add_license_phone, or (12) add_license_email parameter in an add-license-form page to admin/config.php.
network
low complexity
digium CWE-79
6.1
6.1
2017-08-02 CVE-2017-2285 Cross-site Scripting vulnerability in Silkypress Simple Custom CSS and JS
Cross-site scripting vulnerability in Simple Custom CSS and JS prior to version 3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
silkypress CWE-79
6.1
6.1