Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2017-08-07 CVE-2017-12649 Cross-site Scripting vulnerability in Liferay Portal 6.1.2/6.2.2/7.0
XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted title or summary that is mishandled in the Web Content Display.
network
low complexity
liferay CWE-79
6.1
2017-08-07 CVE-2017-12648 Cross-site Scripting vulnerability in Liferay Portal 6.1.2/6.2.2/7.0
XSS exists in Liferay Portal before 7.0 CE GA4 via a bookmark URL.
network
low complexity
liferay CWE-79
6.1
2017-08-07 CVE-2017-12647 Cross-site Scripting vulnerability in Liferay Portal 6.1.2/6.2.2/7.0
XSS exists in Liferay Portal before 7.0 CE GA4 via a Knowledge Base article title.
network
low complexity
liferay CWE-79
6.1
2017-08-07 CVE-2017-12646 Cross-site Scripting vulnerability in Liferay Portal 6.1.2/6.2.2/7.0
XSS exists in Liferay Portal before 7.0 CE GA4 via a login name, password, or e-mail address.
network
low complexity
liferay CWE-79
6.1
2017-08-07 CVE-2017-12645 Cross-site Scripting vulnerability in Liferay Portal 6.1.2/6.2.2/7.0
XSS exists in Liferay Portal before 7.0 CE GA4 via an invalid portletId.
network
low complexity
liferay CWE-79
6.1
2017-08-07 CVE-2016-10404 Cross-site Scripting vulnerability in Liferay Portal 6.1.2/6.2.2/7.0
XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted redirect field to modules/apps/foundation/frontend-js/frontend-js-spa-web/src/main/resources/META-INF/resources/init.jsp.
network
low complexity
liferay CWE-79
6.1
2017-08-07 CVE-2017-6769 Cross-site Scripting vulnerability in Cisco Secure Access Control System 5.8(0.8)/5.8(1.5)
A vulnerability in the web-based management interface of the Cisco Secure Access Control System (ACS) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected system.
network
low complexity
cisco CWE-79
5.4
2017-08-07 CVE-2017-6765 Cross-site Scripting vulnerability in Cisco Adaptive Security Appliance Software 9.1(6.11)/9.4(1.2)
A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) 9.1(6.11) and 9.4(1.2) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device, aka WebVPN XSS.
network
low complexity
cisco CWE-79
6.1
2017-08-07 CVE-2017-6764 Cross-site Scripting vulnerability in Cisco Adaptive Security Appliance Software 9.5(1)
A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) 9.5(1) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.
network
low complexity
cisco CWE-79
5.4
2017-08-07 CVE-2017-6762 Cross-site Scripting vulnerability in Cisco Jabber Guest
A vulnerability in the web-based management interface of Cisco Jabber Guest Server 10.6(9), 11.0(0), and 11.0(1) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected software.
network
low complexity
cisco CWE-79
6.1