Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE	CVE	VULNERABILITY TITLE	RISK
2017-08-02	CVE-2017-9244	Cross-site Scripting vulnerability in Trello 4.0.7 Cross-site scripting (XSS) vulnerability in the Trello app before 4.0.8 for iOS might allow remote attackers to inject arbitrary web script or HTML by uploading and attaching a crafted photo to a Card. network low complexity trello CWE-79	6.1
2017-08-02	CVE-2017-11355	Cross-site Scripting vulnerability in Pega Platform Multiple cross-site scripting (XSS) vulnerabilities in PEGA Platform 7.2 ML0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to the main page; the (2) beanReference parameter to the JavaBean viewer page; or the (3) pyTableName to the System database schema modification page. network low complexity pega CWE-79	6.1
2017-08-02	CVE-2015-2690	Cross-site Scripting vulnerability in Digium Addons Module 2.11.0.6 Multiple cross-site scripting (XSS) vulnerabilities in views/add-license-form.php in the Digium Addons module (digiumaddoninstaller) before 2.11.0.7 for FreePBX allow remote attackers to inject arbitrary web script or HTML via the (1) add_license_key, (2) add_license_first_name, (3) add_license_last_name, (4) add_license_company, (5) add_license_address1, (6) add_license_address2, (7) add_license_city, (8) add_license_state, (9) add_license_post_code, (10) add_license_country, (11) add_license_phone, or (12) add_license_email parameter in an add-license-form page to admin/config.php. network low complexity digium CWE-79	6.1
2017-08-02	CVE-2017-2285	Cross-site Scripting vulnerability in Silkypress Simple Custom CSS and JS Cross-site scripting vulnerability in Simple Custom CSS and JS prior to version 3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network low complexity silkypress CWE-79	6.1
2017-08-02	CVE-2017-2284	Cross-site Scripting vulnerability in Code-Atlantic Popup Maker Cross-site scripting vulnerability in Popup Maker prior to version 1.6.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network low complexity code-atlantic CWE-79	6.1
2017-08-02	CVE-2017-12200	Cross-site Scripting vulnerability in Etoilewebdesign Ultimate Product Catalog 4.2.11 The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has XSS in the Add Product Manually component. network low complexity etoilewebdesign CWE-79	6.1
2017-08-02	CVE-2017-12139	Cross-site Scripting vulnerability in Xoops 2.5.8 XOOPS Core 2.5.8 has stored XSS in imagemanager.php because of missing MIME type validation in htdocs/class/uploader.php. network low complexity xoops CWE-79	6.1
2017-08-01	CVE-2017-1500	Cross-site Scripting vulnerability in IBM Mobilefirst Platform Foundation and Worklight A Reflected Cross Site Scripting (XSS) vulnerability exists in the authorization function exposed by RESTful Web Api of IBM Worklight Framework 6.1, 6.2, 6.3, 7.0, 7.1, and 8.0. network low complexity ibm CWE-79	6.1
2017-08-01	CVE-2017-12062	Cross-site Scripting vulnerability in Mantisbt An XSS issue was discovered in manage_user_page.php in MantisBT 2.x before 2.5.2. network low complexity mantisbt CWE-79	6.1
2017-08-01	CVE-2017-12061	Cross-site Scripting vulnerability in Mantisbt An XSS issue was discovered in admin/install.php in MantisBT before 1.3.12 and 2.x before 2.5.2. network low complexity mantisbt CWE-79	6.1