Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-23 | CVE-2015-8687 | Cross-site Scripting vulnerability in Alcatel-Lucent Motive Home Device Manager 4.1.10.5 Multiple cross-site scripting (XSS) vulnerabilities in the Management Console in Alcatel-Lucent Motive Home Device Manager (HDM) before 4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceTypeID parameter to DeviceType/getDeviceType.do; the (2) policyActionClass or (3) policyActionName parameter to PolicyAction/findPolicyActions.do; the deviceID parameter to (4) SingleDeviceMgmt/getDevice.do or (5) device/editDevice.do; the operation parameter to (6) ajax.do or (7) xmlHttp.do; or the (8) policyAction, (9) policyClass, or (10) policyName parameter to policy/findPolicies.do. | 5.4 |
| 2017-03-23 | CVE-2015-8622 | Cross-site Scripting vulnerability in Mediawiki Cross-site scripting (XSS) vulnerability in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1, when is configured with a relative URL, allows remote authenticated users to inject arbitrary web script or HTML via wikitext, as demonstrated by a wikilink to a page named "javascript:alert('XSS!')." | 6.1 |
| 2017-03-23 | CVE-2017-7242 | Cross-site Scripting vulnerability in Slims Slims7 Cendana 20170323/62B8Ee8B51Be89Fc65E0D59B01C3724737F9Da20 Multiple Cross-Site Scripting (XSS) were discovered in admin/modules components in SLiMS 7 Cendana through 2017-03-23: the keywords parameter to bibliography/checkout_item.php, bibliography/dl_print.php, bibliography/item.php, bibliography/item_barcode_generator.php, bibliography/printed_card.php, circulation/loan_rules.php, master_file/author.php, master_file/coll_type.php, and master_file/doc_language.php and the quickReturnID field to circulation/ajax_action.php. | 6.1 |
| 2017-03-23 | CVE-2016-9169 | Cross-site Scripting vulnerability in Novell Groupwise 2014 A reflected XSS vulnerability exists in the web console of the Document Viewer Agent in Novell GroupWise before 2014 R2 Support Pack 1 Hot Patch 2 that may enable a remote attacker to execute JavaScript in the context of a valid user's browser session by getting the user to click on a specially crafted link. | 6.1 |
| 2017-03-23 | CVE-2016-5756 | Cross-site Scripting vulnerability in Netiq Access Manager 4.1/4.2 Multiple components of the web tools in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 were vulnerable to Reflected Cross Site Scripting attacks which could be used to hijack user sessions: nps/servlet/frameservice, nps/servlet/webacc, roma/admin/cntl, roma/jsp/admin/appliance/devicedetail_edit.jsp, roma/jsp/admin/managementip/mgmt_ip_details_frameset.jsp, roma/jsp/admin/managementip/mgmt_ip_details_middleframe.jsp, roma/jsp/volsc/monitoring/appliance.jsp, and roma/jsp/volsc/monitoring/graph.jsp. | 6.1 |
| 2017-03-23 | CVE-2016-5751 | Cross-site Scripting vulnerability in Netiq Access Manager 4.1/4.2 An unfiltered finalizer target URL in the SAML processing feature in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 could be used to trigger XSS and leak authentication credentials. | 6.1 |
| 2017-03-22 | CVE-2017-5673 | Cross-site Scripting vulnerability in Kunena 5.0.2/5.0.3/5.0.4 In the Kunena extension 5.0.2 through 5.0.4 for Joomla!, the forum message subject (aka topic subject) accepts JavaScript, leading to XSS. | 6.1 |
| 2017-03-22 | CVE-2017-7222 | Cross-site Scripting vulnerability in Mantisbt A cross-site scripting (XSS) vulnerability in MantisBT before 2.1.1 allows remote attackers to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by modifying 'window_title' in the application configuration. | 6.1 |
| 2017-03-21 | CVE-2017-7215 | Cross-site Scripting vulnerability in Misp Project Misp Cross site scripting in some view elements in the index filter tool in app/webroot/js/misp2.4.68.js and the organisation landing page in app/View/Organisations/ajax/landingpage.ctp of MISP before 2.4.69 allows remote attackers to inject arbitrary web script or HTML. | 6.1 |
| 2017-03-21 | CVE-2017-7205 | Cross-site Scripting vulnerability in Gamepanelx Gamepanelx-V3 3.0.12 A Cross-Site Scripting (XSS) was discovered in GamePanelX-V3 3.0.12. | 6.1 |