Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-07-27 | CVE-2017-11687 | Cross-site Scripting vulnerability in Zohocorp Manageengine Eventlog Analyzer 11.4/11.5 Multiple Persistent cross-site scripting (XSS) vulnerabilities in Event log parsing and Display functions in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML via syslog. | 6.1 |
2017-07-27 | CVE-2017-11686 | Cross-site Scripting vulnerability in Zohocorp Manageengine Eventlog Analyzer 11.4/11.5 Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allows remote attackers to obtain an authenticated user's password via XSS vulnerabilities or sniffing non-SSL traffic on the network, because the password is represented in a cookie with a reversible encoding method. | 6.1 |
2017-07-27 | CVE-2017-11685 | Cross-site Scripting vulnerability in Zohocorp Manageengine Eventlog Analyzer 11.4/11.5 Multiple Reflective cross-site scripting (XSS) vulnerabilities in search and display of event data in Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allow remote attackers to inject arbitrary web script or HTML, as demonstrated by the fName parameter. | 6.1 |
2017-07-27 | CVE-2017-11682 | Cross-site Scripting vulnerability in Hashtopolis 0.4.0 Stored Cross-site scripting vulnerability in Hashtopussy 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) version, (2) url, or (3) rootdir parameter in hashcat.php. | 6.1 |
2017-07-27 | CVE-2017-11677 | Cross-site Scripting vulnerability in Hashtopus Project Hashtopus 1.5G Cross-site scripting (XSS) vulnerability in Hashtopus 1.5g allows remote attackers to inject arbitrary web script or HTML via the query string to admin.php. | 6.1 |
2017-07-26 | CVE-2017-11666 | Cross-site Scripting vulnerability in Kopano Webapp 3.3.0 Cross-site scripting (XSS) vulnerability in js/ViewerPanel.js in the file previewer plugin in Kopano WebApp versions 3.3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via a specially crafted previewable file. | 6.1 |
2017-07-26 | CVE-2017-11612 | Cross-site Scripting vulnerability in Joomla Joomla! In Joomla! before 3.7.4, inadequate filtering of potentially malicious HTML tags leads to XSS vulnerabilities in various components. | 6.1 |
2017-07-26 | CVE-2017-11651 | Cross-site Scripting vulnerability in Nexusphp 1.5 NexusPHP V1.5 has XSS via a javascript: or data: URL in a UBBCode url tag. | 6.1 |
2017-07-26 | CVE-2017-11629 | Cross-site Scripting vulnerability in Finecms 1.9.5/5.0.10/5.0.9 dayrui FineCms through 5.0.10 has Cross Site Scripting (XSS) in controllers/api.php via the function parameter in a c=api&m=data2 request. | 6.1 |
2017-07-25 | CVE-2016-6133 | Cross-site Scripting vulnerability in Ektron Content Management System 8.7.0/9.1/9.10 Cross-site scripting (XSS) vulnerability in Ektron Content Management System before 9.1.0.184SP3(9.1.0.184.3.127) allows remote attackers to inject arbitrary web script or HTML via the rptStatus parameter in a Report action to WorkArea/SelectUserGroup.aspx. | 6.1 |