Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2017-08-02 CVE-2017-9244 Cross-site Scripting vulnerability in Trello 4.0.7
Cross-site scripting (XSS) vulnerability in the Trello app before 4.0.8 for iOS might allow remote attackers to inject arbitrary web script or HTML by uploading and attaching a crafted photo to a Card.
network
low complexity
trello CWE-79
6.1
2017-08-02 CVE-2017-11355 Cross-site Scripting vulnerability in Pega Platform
Multiple cross-site scripting (XSS) vulnerabilities in PEGA Platform 7.2 ML0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to the main page; the (2) beanReference parameter to the JavaBean viewer page; or the (3) pyTableName to the System database schema modification page.
network
low complexity
pega CWE-79
6.1
2017-08-02 CVE-2015-2690 Cross-site Scripting vulnerability in Digium Addons Module 2.11.0.6
Multiple cross-site scripting (XSS) vulnerabilities in views/add-license-form.php in the Digium Addons module (digiumaddoninstaller) before 2.11.0.7 for FreePBX allow remote attackers to inject arbitrary web script or HTML via the (1) add_license_key, (2) add_license_first_name, (3) add_license_last_name, (4) add_license_company, (5) add_license_address1, (6) add_license_address2, (7) add_license_city, (8) add_license_state, (9) add_license_post_code, (10) add_license_country, (11) add_license_phone, or (12) add_license_email parameter in an add-license-form page to admin/config.php.
network
low complexity
digium CWE-79
6.1
2017-08-02 CVE-2017-2285 Cross-site Scripting vulnerability in Silkypress Simple Custom CSS and JS
Cross-site scripting vulnerability in Simple Custom CSS and JS prior to version 3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
silkypress CWE-79
6.1
2017-08-02 CVE-2017-2284 Cross-site Scripting vulnerability in Code-Atlantic Popup Maker
Cross-site scripting vulnerability in Popup Maker prior to version 1.6.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
code-atlantic CWE-79
6.1
2017-08-02 CVE-2017-12200 Cross-site Scripting vulnerability in Etoilewebdesign Ultimate Product Catalog 4.2.11
The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has XSS in the Add Product Manually component.
network
low complexity
etoilewebdesign CWE-79
6.1
2017-08-02 CVE-2017-12139 Cross-site Scripting vulnerability in Xoops 2.5.8
XOOPS Core 2.5.8 has stored XSS in imagemanager.php because of missing MIME type validation in htdocs/class/uploader.php.
network
low complexity
xoops CWE-79
6.1
2017-08-01 CVE-2017-1500 Cross-site Scripting vulnerability in IBM Mobilefirst Platform Foundation and Worklight
A Reflected Cross Site Scripting (XSS) vulnerability exists in the authorization function exposed by RESTful Web Api of IBM Worklight Framework 6.1, 6.2, 6.3, 7.0, 7.1, and 8.0.
network
low complexity
ibm CWE-79
6.1
2017-08-01 CVE-2017-12062 Cross-site Scripting vulnerability in Mantisbt
An XSS issue was discovered in manage_user_page.php in MantisBT 2.x before 2.5.2.
network
low complexity
mantisbt CWE-79
6.1
2017-08-01 CVE-2017-12061 Cross-site Scripting vulnerability in Mantisbt
An XSS issue was discovered in admin/install.php in MantisBT before 1.3.12 and 2.x before 2.5.2.
network
low complexity
mantisbt CWE-79
6.1