Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-08-02 | CVE-2017-2284 | Cross-site Scripting vulnerability in Code-Atlantic Popup Maker Cross-site scripting vulnerability in Popup Maker prior to version 1.6.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
2017-08-02 | CVE-2017-12200 | Cross-site Scripting vulnerability in Etoilewebdesign Ultimate Product Catalog 4.2.11 The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has XSS in the Add Product Manually component. | 6.1 |
2017-08-02 | CVE-2017-12139 | Cross-site Scripting vulnerability in Xoops 2.5.8 XOOPS Core 2.5.8 has stored XSS in imagemanager.php because of missing MIME type validation in htdocs/class/uploader.php. | 6.1 |
2017-08-01 | CVE-2017-1500 | Cross-site Scripting vulnerability in IBM Mobilefirst Platform Foundation and Worklight A Reflected Cross Site Scripting (XSS) vulnerability exists in the authorization function exposed by RESTful Web Api of IBM Worklight Framework 6.1, 6.2, 6.3, 7.0, 7.1, and 8.0. | 6.1 |
2017-08-01 | CVE-2017-12062 | Cross-site Scripting vulnerability in Mantisbt An XSS issue was discovered in manage_user_page.php in MantisBT 2.x before 2.5.2. | 6.1 |
2017-08-01 | CVE-2017-12061 | Cross-site Scripting vulnerability in Mantisbt An XSS issue was discovered in admin/install.php in MantisBT before 1.3.12 and 2.x before 2.5.2. | 6.1 |
2017-08-01 | CVE-2017-12131 | Cross-site Scripting vulnerability in Goldplugins Easy Testimonials 3.0.4 The Easy Testimonials plugin 3.0.4 for WordPress has XSS in include/settings/display.options.php, as demonstrated by the Default Testimonials Width, View More Testimonials Link, and Testimonial Excerpt Options screens. | 6.1 |
2017-08-01 | CVE-2017-12068 | Cross-site Scripting vulnerability in Event List Project Event List 0.7.9 The Event List plugin 0.7.9 for WordPress has XSS in the slug array parameter to wp-admin/admin.php in an el_admin_categories delete_bulk action. | 6.1 |
2017-08-01 | CVE-2017-12066 | Cross-site Scripting vulnerability in Cacti Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti before 1.1.16 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable. | 5.4 |
2017-07-31 | CVE-2017-11727 | Cross-site Scripting vulnerability in Connectwise Manage 2017.5 services/system_io/actionprocessor/Contact.rails in ConnectWise Manage 2017.5 allows arbitrary client-side JavaScript code execution (involving a ContactCommon field) on victims who click on a crafted link, aka XSS. | 6.1 |