Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-12 | CVE-2017-6817 | Cross-site Scripting vulnerability in multiple products In WordPress before 4.7.3 (wp-includes/embed.php), there is authenticated Cross-Site Scripting (XSS) in YouTube URL Embeds. | 5.4 |
| 2017-03-12 | CVE-2017-6814 | Cross-site Scripting vulnerability in multiple products In WordPress before 4.7.3, there is authenticated Cross-Site Scripting (XSS) via Media File Metadata. | 5.4 |
| 2017-03-11 | CVE-2017-6812 | Cross-site Scripting vulnerability in Mangoswebv4 Project Mangoswebv4 4.0.8 paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.vote.php (id parameter). | 6.1 |
| 2017-03-11 | CVE-2017-6811 | Cross-site Scripting vulnerability in Mangoswebv4 Project Mangoswebv4 4.0.8 paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.shop.php (id parameter). | 6.1 |
| 2017-03-11 | CVE-2017-6810 | Cross-site Scripting vulnerability in Mangoswebv4 Project Mangoswebv4 4.0.8 paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.fplinks.php (linkid parameter). | 6.1 |
| 2017-03-11 | CVE-2017-6809 | Cross-site Scripting vulnerability in Mangoswebv4 Project Mangoswebv4 4.0.8 paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.donate.php (id parameter). | 6.1 |
| 2017-03-11 | CVE-2017-6808 | Cross-site Scripting vulnerability in Mangoswebv4 Project Mangoswebv4 4.0.8 paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.faq.php (id parameter). | 6.1 |
| 2017-03-10 | CVE-2017-6799 | Cross-site Scripting vulnerability in Mantisbt A cross-site scripting (XSS) vulnerability in view_filters_page.php in MantisBT before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'view_type' parameter. | 6.1 |
| 2017-03-10 | CVE-2017-6797 | Cross-site Scripting vulnerability in Mantisbt A cross-site scripting (XSS) vulnerability in bug_change_status_page.php in MantisBT before 1.3.7 and 2.x before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'action_type' parameter. | 6.1 |
| 2017-03-09 | CVE-2017-6591 | Cross-site Scripting vulnerability in Django-Epiceditor Project Django-Epiceditor 0.2.3 There is a cross-site scripting vulnerability in django-epiceditor 0.2.3 via crafted content in a form field. | 6.1 |