Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2017-07-21 CVE-2017-9931 Cross-site Scripting vulnerability in Greenpacket Dx-350 Firmware 2.8.9.5G1.4.8Atheeb
Cross-Site Scripting (XSS) exists in Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, as demonstrated by the action parameter to ajax.cgi.
network
low complexity
greenpacket CWE-79
6.1
6.1
2017-07-20 CVE-2017-11503 Cross-site Scripting vulnerability in PHPmailer Project PHPmailer 5.2.23
PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email Address" fields of code_generator.php.
network
low complexity
phpmailer-project CWE-79
6.1
6.1
2017-07-20 CVE-2017-0378 Cross-site Scripting vulnerability in Phamm
XSS exists in the login_form function in views/helpers.php in Phamm before 0.6.7, exploitable via the PATH_INFO to main.php.
network
low complexity
phamm CWE-79
6.1
6.1
2017-07-20 CVE-2017-7059 Cross-site Scripting vulnerability in Apple Iphone OS
A DOMParser XSS issue was discovered in certain Apple products.
network
low complexity
apple CWE-79
6.1
6.1
2017-07-20 CVE-2017-7038 Cross-site Scripting vulnerability in Apple products
A DOMParser XSS issue was discovered in certain Apple products.
network
low complexity
apple CWE-79
6.1
6.1
2017-07-20 CVE-2017-10676 Cross-site Scripting vulnerability in D-Link Dir-600M Firmware Fw3.05B01
On D-Link DIR-600M devices before C1_v3.05ENB01_beta_20170306, XSS was found in the form2userconfig.cgi username parameter.
network
low complexity
d-link CWE-79
6.1
6.1
2017-07-19 CVE-2017-1203 Cross-site Scripting vulnerability in IBM Bigfix Platform
IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and Applications is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
6.1
2017-07-19 CVE-2016-5394 Cross-site Scripting vulnerability in Apache Sling
In the XSS Protection API module before 1.0.12 in Apache Sling, the encoding done by the XSSAPI.encodeForJSString() method is not restrictive enough and for some input patterns allows script tags to pass through unencoded, leading to potential XSS vulnerabilities.
network
low complexity
apache CWE-79
6.1
6.1
2017-07-19 CVE-2016-7509 Cross-site Scripting vulnerability in Glpi-Project Glpi 0.90.4
Cross-site scripting (XSS) vulnerability in GLPI 0.90.4 allows remote authenticated attackers to inject arbitrary web script or HTML by attaching a crafted HTML file to a ticket.
network
low complexity
glpi-project CWE-79
5.4
5.4
2017-07-19 CVE-2017-9764 Cross-site Scripting vulnerability in Metinfo 5.3.17
Cross-site scripting (XSS) vulnerability in MetInfo 5.3.17 allows remote attackers to inject arbitrary web script or HTML via the Client-IP or X-Forwarded-For HTTP header to /include/stat/stat.php in a para action.
network
low complexity
metinfo CWE-79
6.1
6.1