Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2017-08-02 CVE-2017-2284 Cross-site Scripting vulnerability in Code-Atlantic Popup Maker
Cross-site scripting vulnerability in Popup Maker prior to version 1.6.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
code-atlantic CWE-79
6.1
2017-08-02 CVE-2017-12200 Cross-site Scripting vulnerability in Etoilewebdesign Ultimate Product Catalog 4.2.11
The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has XSS in the Add Product Manually component.
network
low complexity
etoilewebdesign CWE-79
6.1
2017-08-02 CVE-2017-12139 Cross-site Scripting vulnerability in Xoops 2.5.8
XOOPS Core 2.5.8 has stored XSS in imagemanager.php because of missing MIME type validation in htdocs/class/uploader.php.
network
low complexity
xoops CWE-79
6.1
2017-08-01 CVE-2017-1500 Cross-site Scripting vulnerability in IBM Mobilefirst Platform Foundation and Worklight
A Reflected Cross Site Scripting (XSS) vulnerability exists in the authorization function exposed by RESTful Web Api of IBM Worklight Framework 6.1, 6.2, 6.3, 7.0, 7.1, and 8.0.
network
low complexity
ibm CWE-79
6.1
2017-08-01 CVE-2017-12062 Cross-site Scripting vulnerability in Mantisbt
An XSS issue was discovered in manage_user_page.php in MantisBT 2.x before 2.5.2.
network
low complexity
mantisbt CWE-79
6.1
2017-08-01 CVE-2017-12061 Cross-site Scripting vulnerability in Mantisbt
An XSS issue was discovered in admin/install.php in MantisBT before 1.3.12 and 2.x before 2.5.2.
network
low complexity
mantisbt CWE-79
6.1
2017-08-01 CVE-2017-12131 Cross-site Scripting vulnerability in Goldplugins Easy Testimonials 3.0.4
The Easy Testimonials plugin 3.0.4 for WordPress has XSS in include/settings/display.options.php, as demonstrated by the Default Testimonials Width, View More Testimonials Link, and Testimonial Excerpt Options screens.
network
low complexity
goldplugins CWE-79
6.1
2017-08-01 CVE-2017-12068 Cross-site Scripting vulnerability in Event List Project Event List 0.7.9
The Event List plugin 0.7.9 for WordPress has XSS in the slug array parameter to wp-admin/admin.php in an el_admin_categories delete_bulk action.
network
low complexity
event-list-project CWE-79
6.1
2017-08-01 CVE-2017-12066 Cross-site Scripting vulnerability in Cacti
Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti before 1.1.16 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable.
network
low complexity
cacti CWE-79
5.4
2017-07-31 CVE-2017-11727 Cross-site Scripting vulnerability in Connectwise Manage 2017.5
services/system_io/actionprocessor/Contact.rails in ConnectWise Manage 2017.5 allows arbitrary client-side JavaScript code execution (involving a ContactCommon field) on victims who click on a crafted link, aka XSS.
network
low complexity
connectwise CWE-79
6.1